1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Slow Laptop - No Internet Connection - Suspect Malware

Discussion in 'Malware and Virus Removal Archive' started by virginia, 2014/09/23.

  1. 2014/09/23
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    [Inactive] Slow Laptop - No Internet Connection - Suspect Malware

    Hello again Broni. I'm helping my son's fiance with her laptop and it is extremely slow and we can't get it to connect to internet (WiFi only in the building where I live). I did a clean boot which didn't seem to improve the startup at all. We get a number of dialog boxes that pop up during startup - some as follow:

    fm3023 - Unable to locate
    Application failed to start because Ltwvc215u.dll was not found. Reinstalling may resolve the problem

    Catalyst Control Center Host Application Stopped Working.

    QuickSet has stopped.

    .NET Runtime Optimization Service has stopped.

    FAXMAN Server has stopped working.

    On Screen Keyboard displays on Startup.

    I found several suspect programs in the Control Panel however, I couldn't uninstall any of them. What's my next step?

    I was able to put Malwarebytes and DDS on a flash drive and run them. Here are the logs:

    MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/23/2014
    Scan Time: 7:54:28 PM
    Logfile: MBAM Log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.03.04.09
    Rootkit Database: v2014.02.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Melanie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 361580
    Time Elapsed: 13 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 21
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods\us, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods\us\20101003, Quarantined, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, Delete-on-Reboot, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, Delete-on-Reboot, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\100oupdate, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Jacob.Melanie-PC\AppData\Roaming\Systweak\Advanced System Protector, Delete-on-Reboot, [da6f53acf189ea4c7fe7bfc747bbec14],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Jacob.Melanie-PC\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [da6f53acf189ea4c7fe7bfc747bbec14],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector, Delete-on-Reboot, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector\Logs, Quarantined, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.OpenCandy, C:\Users\Melanie\AppData\Roaming\OpenCandy, Delete-on-Reboot, [ad9c758a0278bd790a81632350b28080],
    PUP.Optional.OpenCandy, C:\Users\Melanie\AppData\Roaming\OpenCandy\49B3FE671879457197120447B4E2EF85, Quarantined, [ad9c758a0278bd790a81632350b28080],
    PUP.Optional.RegCleanerPro.A, C:\Users\Melanie\AppData\Roaming\Systweak\RegClean Pro, Delete-on-Reboot, [0a3f3ec14f2b70c6f119ceb962a0f907],
    PUP.Optional.RegCleanerPro.A, C:\Users\Melanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Quarantined, [0a3f3ec14f2b70c6f119ceb962a0f907],
    PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [2c1d1ce3364481b572c2d9afc042bf41],
    PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [1a2ff30cd2a85dd9092c6523c83a2ed2],
    PUP.Optional.ArcadeFrontier.A, C:\Users\Melanie\AppData\Local\ArcadeFrontier, Quarantined, [f55431cec4b689adc70b96f3837fb34d],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/31/2009 1:42:47 AM
    System Uptime: 9/23/2014 7:31:13 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U785D
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 800/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 328.668 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 6.959 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0001
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #2
    PNP Device ID: ROOT\*6TO4MP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0002
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #3
    PNP Device ID: ROOT\*6TO4MP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0003
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0004
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0004
    Service: tunnel
    .
    Class GUID:
    Description:
    Device ID: ROOT\*ISATAP\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\*ISATAP\0001
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #4
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #5
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0005
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #6
    PNP Device ID: ROOT\*ISATAP\0005
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0006
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #7
    PNP Device ID: ROOT\*ISATAP\0006
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0007
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #8
    PNP Device ID: ROOT\*ISATAP\0007
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0009
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #9
    PNP Device ID: ROOT\*ISATAP\0009
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0012
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #11
    PNP Device ID: ROOT\*ISATAP\0012
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0013
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #12
    PNP Device ID: ROOT\*ISATAP\0013
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0015
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #13
    PNP Device ID: ROOT\*ISATAP\0015
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0016
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #14
    PNP Device ID: ROOT\*ISATAP\0016
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0017
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #14
    PNP Device ID: ROOT\*ISATAP\0017
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0018
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #15
    PNP Device ID: ROOT\*ISATAP\0018
    Service: tunnel
    .
    Class GUID:
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0020
    Manufacturer: Microsoft
    Name: isatap.{6D97E1C7-6F0E-4E93-B0F0-CE8FD8080B9E}
    PNP Device ID: ROOT\*ISATAP\0020
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0021
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0021
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0022
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0022
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0023
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0023
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0024
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0024
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0025
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0025
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0026
    Manufacturer: Microsoft
    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    PNP Device ID: ROOT\*ISATAP\0026
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0027
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0027
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0028
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0028
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0029
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0029
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0030
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0030
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0031
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0031
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0032
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0032
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0033
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0033
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0034
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0034
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0035
    Manufacturer: Microsoft
    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    PNP Device ID: ROOT\*ISATAP\0035
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0036
    Manufacturer: Microsoft
    Name: isatap.{6CFEEC2C-C47A-4BFC-AAAD-2D672F948E13}
    PNP Device ID: ROOT\*ISATAP\0036
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0037
    Manufacturer: Microsoft
    Name: isatap.{839842B4-661D-4A9B-8940-AC80E1BCE0C2}
    PNP Device ID: ROOT\*ISATAP\0037
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0000
    Service: tunmp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Microsoft eHome Infrared Transceiver
    Device ID: CIRCLASS\IRDEVICE\1&79F5D87&0&PORT2
    Manufacturer: Microsoft
    Name: Microsoft eHome Infrared Transceiver
    PNP Device ID: CIRCLASS\IRDEVICE\1&79F5D87&0&PORT2
    Service: HidIr
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Ad-Aware Security Toolbar
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader 9.5.5
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Bing Rewards Client Installer
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Choice Guard
    Citrix Authentication Manager
    Citrix Online Launcher
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver Updater
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Complete Care Consumer Service Agreement
    Cortona3D Viewer
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Online
    Dell Dock
    Dell Driver Download Manager
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Touchpad
    Dell V505
    Dropbox
    EA Download Manager
    EuxttraiSSHopeper
    FastAccess
    Google Chrome
    Google Drive
    Google Earth
    Google Update Helper
    Google Updater
    GoToMeeting 5.4.0.1082
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)
    Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)
    hp officejet v series
    HP Photo Printing Software
    IDT Audio
    Integrated Webcam Driver (1.05.02.1227)
    Java 7 Update 21
    Java Auto Updater
    Junk Mail filter update
    LG USB Modem driver
    Line Rider 2
    LiveAction Client 2.63
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    Microsoft Default Manager
    Microsoft Help Viewer 1.1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Communicator 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Small Business 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft UI Engine
    Microsoft Visio Premium 2010
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Web Developer 2010 Express - ENU
    Microsoft Web Platform Installer 3.0
    Mobile Broadband Generic Drivers
    Mozilla Firefox 22.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Server 5.5
    NETGEAR A6200 Genie
    Nmap 5.61-Spiceworks
    Online Plug-in
    Optimizer Pro v3.2
    PDFlite 0.8
    PL-2303 USB-to-Serial
    PowerDVD
    PowerInbox
    PureLeads
    Quickset
    QuickTime
    RedMon - Redirection Port Monitor
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
    Segoe UI
    Self-service Plug-in
    Service Pack 1 for SQL Server 2008 R2 (KB2528583)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    Shared C Run-time for x64
    Skins
    Spiceworks
    SPOREâ„¢
    SQL Server 2008 R2 SP1 Common Files
    SQL Server 2008 R2 SP1 Database Engine Services
    SQL Server 2008 R2 SP1 Database Engine Shared
    SQL Server 2008 R2 SP1 Management Studio
    Sql Server Customer Experience Improvement Program
    TeamViewer 9
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    WinPcap 4.1.2-Spiceworks
    Wizard101
    .
    ==== End Of File ===========================

    DDS Notepad

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16545
    Run by Melanie at 19:42:52 on 2014-09-23
    .
    ============== Running Processes ================
    .
    C:\Windows\SysWOW64\rundll32.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Windows\SysWOW64\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://speedial.com/?f=1&a=spd_softdl4u_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0BtAtBtDyCtA0C0EtC0C0EtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0AyEtA0D0AtByCtGyE0AtDyDtGzztA0DyDtGzytA0EzytGtDzy0F0Bzz0CyE0CyDzyyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0F0A0FyCzyyB0AtGtAtCyDzytGzytD0ByEtG0D0AzyzytGyBtAyD0Ezz0A0DtD0CyD0FtD2Q&cr=956281966&ir=
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: PowerInbox: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
    mRun: [FAStartup] <no file>
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Windows\System32\wpclsp.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn3.phh.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    AppInit_DLLs= c:\progra~2\optimi~1\optpro~2.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli FAPassSync
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_softdl4u_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0BtAtBtDyCtA0C0EtC0C0EtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0AyEtA0D0AtByCtGyE0AtDyDtGzztA0DyDtGzytA0EzytGtDzy0F0Bzz0CyE0CyDzyyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0F0A0FyCzyyB0AtGtAtCyDzytGzytD0ByEtG0D0AzyzytGyBtAyD0Ezz0A0DtD0CyD0FtD2Q&cr=956281966&ir=
    x64-mWinlogon: Userinit = userinit.exe,
    x64-BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: PowerInbox: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO64.dll
    x64-TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\
    FF - prefs.js: browser.search.selectedEngine - Trovi search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?gd=&ctid=CT3322520&octid=EB_ORIGINAL_CTID&ISID=MF0A2E9A9-D0D3-42EA-B3A9-6E672AE91B16&SearchSource=55&CUI=&UM=5&UP=SP62B4C81C-A397-4DBA-9B0E-F0095886A027&SSPV=
    FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=394&systemid=406&v=a9396-115&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2363152454084512&o=APN10645&q=
    .
    ---- FIREFOX POLICIES ----
    .
    user_pref(extensions.autoDisableScopes,14);
    FF - user.js: extensions.nspdlsd.aflt - spd_softdl4u_14_23_ch
    FF - user.js: extensions.nspdlsd.instlRef - 142905_b
    FF - user.js: extensions.nspdlsd.cr - 956281966
    FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtBtB0F0BtAtBtDyCtA0C0EtC0C0EtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0AyEtA0D0AtByCtGyE0AtDyDtGzztA0DyDtGzytA0EzytGtDzy0F0Bzz0CyE0CyDzyyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0F0A0FyCzyyB0AtGtAtCyDzytGzytD0ByEtG0D0AzyzytGyBtAyD0Ezz0A0DtD0CyD0FtD2Q
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? A6200;NETGEAR A6200 WiFi Adapter Driver
    R? AESTFilters;Andrea ST Filters Service
    R? avast! Antivirus;avast! Antivirus
    R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service
    R? dldw_device;dldw_device
    R? dldwCATSCustConnectService;dldwCATSCustConnectService
    R? DockLoginService;Dock Login Service
    R? FACAP;facap, FastAccess Video Capture
    R? FAService;FAService
    R? FontCache;Windows Font Cache Service
    R? gupdate1c9b8aba8273bbc;Google Update Service (gupdate1c9b8aba8273bbc)
    R? MBAMSwissArmy;MBAMSwissArmy
    R? motccgp;Motorola USB Composite Device Driver
    R? motccgpfl;MotCcgpFlService
    R? motport;Motorola USB Diagnostic Port
    R? MSSQLServerADHelper100;SQL Active Directory Helper Service
    R? NWUSBPort2;Novatel Wireless USB Status2 Port Driver
    R? PerfHost;Performance Counter DLL Host
    R? PlsvcV2;PlsvcV2
    R? spiceworks;spiceworks
    R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)
    R? SWDUMon;SWDUMon
    R? TeamViewer9;TeamViewer 9
    R? Update webget;Update webget
    R? USBAAPL64;Apple Mobile USB Driver
    R? Util webget;Util webget
    R? WNDA6200;NETGEAR A6200 Service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? {55685567-4840-4a91-962b-49a412e9485a}Gt64;{55685567-4840-4a91-962b-49a412e9485a}Gt64
    S? 70e6ca8c;Optimizer Pro Crash Monitor
    S? aswHwid;avast! HardwareID
    S? aswMonFlt;aswMonFlt
    S? aswRvrt;avast! Revert
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? aswVmm;avast! VM Monitor
    S? ctxusbm;Citrix USB Monitor Driver
    S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
    S? NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit
    S? npf;NetGroup Packet Filter Driver
    S? OA001Ufd;Creative Camera OA001 Upper Filter Driver
    S? OA001Vid;Creative Camera OA001 Function Driver
    S? RLDesignVirtualAudioCableWdm;Live! Cam Virtual
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-09-23 17:00:32 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-07-04 00:20:32 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2014-02-08 01:10:07 49940480 ----a-w- C:\Program Files (x86)\GUT4A27.tmp
    .
    ============= FINISH: 19:44:43.38 ===============
     
  2. 2014/09/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan ".
    • When the scan is finished and no malware has been found select "Exit ".
    • If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt "
      • "system-log.txt "

    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     

  3. to hide this advert.

  4. 2014/09/24
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,

    When I booted the computer this morning, I got a black screen recommending a "Startup Repair" which I did - but haven't noticed any change.

    Below are the logs. Should note that I ran the Malwarebytes Anti-Root Kit without update as we still can't get on the internet. When I mouse over the internet icon on the Task Bar, I get this message "The dependency or service group failed to start ". When I right click on the icon and then left click on "Connect to a Network ", I get a message that Windows cannot find any networks.

    RKReport

    RogueKiller V9.2.12.0 [Sep 23 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Melanie [Admin rights]
    Mode : Remove -- Date : 09/23/2014 20:56:03

    ¤¤¤ Bad processes : 1 ¤¤¤
    [Suspicious.Path] rundll32.exe -- C:\Users\Melanie\AppData\Roaming\ipCommonInit\ipCommonInit.dll[-] -> UNLOADED

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [Suspicious.Path] \\4880 -- wscript.exe (C:\Users\Melanie\AppData\Local\Temp\launchie.vbs //B) -> DELETED
    [Suspicious.Path] \\Advanced System Protector_startup -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (autolaunch) -> DELETED
    [Suspicious.Path] \\ArcadeFrontier -- C:\Users\Melanie\AppData\Local\ArcadeFrontier\veragent.exe -> DELETED

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 2 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 4aoyaso8.default : user_pref( "browser.startup.homepage ", "http://search.conduit.com/?gd=&ctid=CT3322520&octid=EB_ORIGINAL_CTID&ISID=MF0A2E9A9-D0D3-42EA-B3A9-6E672AE91B16&SearchSource=55&CUI=&UM=5&UP=SP62B4C81C-A397-4DBA-9B0E-F0095886A027&SSPV= "); -> NOT SELECTED

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 1394707c680c3b2b1e8e7a541c285b96
    [BSP] 7d4755e7c820a24a8f2162a6ed0543bc : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 156 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 321536 | Size: 15360 MB
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31778816 | Size: 461422 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 0baddabba6caa0f1cd85a50b067eb07a
    [BSP] 43df9bb776bcf7f829b75b21df21a6ba : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 30156 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_09232014_205538.log


    MBAntiRootKit

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/23/2014
    Scan Time: 7:54:28 PM
    Logfile: MBAM Log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.03.04.09
    Rootkit Database: v2014.02.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Melanie

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 361580
    Time Elapsed: 13 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 21
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods\us, Delete-on-Reboot, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.FunMoods.A, C:\Users\Melanie\AppData\LocalLow\Funmoods\Funmoods\us\20101003, Quarantined, [02472bd426542e087235a1e4ec1659a7],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, Delete-on-Reboot, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, Delete-on-Reboot, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\100oupdate, Quarantined, [fc4de51a1b5f74c24a1cc7bfbf4302fe],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Jacob.Melanie-PC\AppData\Roaming\Systweak\Advanced System Protector, Delete-on-Reboot, [da6f53acf189ea4c7fe7bfc747bbec14],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Jacob.Melanie-PC\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [da6f53acf189ea4c7fe7bfc747bbec14],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector, Delete-on-Reboot, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13591, Quarantined, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Melanie\AppData\Roaming\Systweak\Advanced System Protector\Logs, Quarantined, [3c0db14e37434de97ee8f096f60ca957],
    PUP.Optional.OpenCandy, C:\Users\Melanie\AppData\Roaming\OpenCandy, Delete-on-Reboot, [ad9c758a0278bd790a81632350b28080],
    PUP.Optional.OpenCandy, C:\Users\Melanie\AppData\Roaming\OpenCandy\49B3FE671879457197120447B4E2EF85, Quarantined, [ad9c758a0278bd790a81632350b28080],
    PUP.Optional.RegCleanerPro.A, C:\Users\Melanie\AppData\Roaming\Systweak\RegClean Pro, Delete-on-Reboot, [0a3f3ec14f2b70c6f119ceb962a0f907],
    PUP.Optional.RegCleanerPro.A, C:\Users\Melanie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Quarantined, [0a3f3ec14f2b70c6f119ceb962a0f907],
    PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [2c1d1ce3364481b572c2d9afc042bf41],
    PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [1a2ff30cd2a85dd9092c6523c83a2ed2],
    PUP.Optional.ArcadeFrontier.A, C:\Users\Melanie\AppData\Local\ArcadeFrontier, Quarantined, [f55431cec4b689adc70b96f3837fb34d],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    FARBAR

    Farbar Service Scanner Version: 21-07-2014
    Ran by Melanie (administrator) on 24-09-2014 at 07:52:35
    Running from "C:\Users\Melanie\Desktop "
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.

    bfe Service is not running. Checking service configuration:
    The start type of bfe service is OK.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  5. 2014/09/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. 2014/09/25
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,

    ComboFix wouldn't run the first time but it did after I renamed it. It took several hours to run and produce the log. Also, when I rebooted the computer, CheckDisk ran. I didn't notice it in time to stop it. I tried to access the network adapters using Device Manager but it wouldn't open. Got a dialog box "Can't open Device - MMC could not create the snap-in. The snap-in might not have been installed correctly. CLSID{74246BFC-4C96-11D0-ABEF-0020AF6B0B7A


    Here is the log:

    ComboFix 14-09-22.01 - Melanie 09/24/2014 20:15:49.1.2 - x64
    Running from: c:\users\Melanie\Desktop\rob_bonner.exe.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\END
    c:\programdata\SPL1D4.tmp
    c:\programdata\SPL478B.tmp
    c:\programdata\SPL4CE6.tmp
    c:\programdata\SPL6216.tmp
    c:\programdata\SPL7CD9.tmp
    c:\programdata\SPL803D.tmp
    c:\programdata\SPL87DC.tmp
    c:\programdata\SPL981A.tmp
    c:\programdata\SPL9A99.tmp
    c:\programdata\SPLB3BD.tmp
    c:\programdata\SPLBEC.tmp
    c:\programdata\SPLC4D5.tmp
    c:\programdata\SPLC7FF.tmp
    c:\programdata\SPLCA98.tmp
    c:\programdata\SPLCB78.tmp
    c:\programdata\SPLD105.tmp
    c:\programdata\SPLE924.tmp
    c:\programdata\SPLF5FE.tmp
    c:\programdata\SPLF612.tmp
    c:\users\Jacob.Melanie-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Melanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\webget_iels
    c:\users\Melanie\AppData\Local\Torch\User Data\Default\Preferences
    c:\users\Melanie\AppData\Roaming\Install.dat
    c:\users\Melanie\AppData\Roaming\ipCommonInit\ipCommonInit.dll
    c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Recent\http--www.epa.gov-osw-education-quest-pdfs-sections-u2_chap4.pdf.url
    c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Recent\WP_20131228_007.jpg140 KB.url
    c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\searchplugins\trovi-search.xml
    c:\users\Melanie\Documents\~WRL0005.tmp
    c:\users\Melanie\Documents\~WRL1577.tmp
    c:\windows\Fonts\browab.ttf
    c:\windows\Fonts\browaub.ttf
    c:\windows\Fonts\CALIBRIZ.TTF
    c:\windows\Fonts\CAMBRIAZ.TTF
    c:\windows\Fonts\moolbor.ttf
    c:\windows\Fonts\REFSPCL.TTF
    c:\windows\Fonts\upcei.ttf
    c:\windows\Fonts\upcel.ttf
    c:\windows\Fonts\verdanai.ttf
    c:\windows\system32\FAPassSync.dll
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-08-25 to 2014-09-25 )))))))))))))))))))))))))))))))
    .
    .
    2014-09-25 01:10 . 2014-09-25 01:10 -------- d-----w- c:\users\Jacob.Melanie-PC\AppData\Local\temp
    2014-09-25 01:10 . 2014-09-25 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-09-25 01:10 . 2014-09-25 01:10 -------- d-----w- c:\users\Drew\AppData\Local\temp
    2014-09-25 01:10 . 2014-09-25 01:10 -------- d-----w- c:\users\Drew.Melanie-PC\AppData\Local\temp
    2014-09-24 11:44 . 2014-09-24 23:52 -------- d-----w- c:\users\Melanie\AppData\Local\CrashDumps
    2014-09-24 01:13 . 2014-09-24 03:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-24 00:49 . 2014-09-24 00:49 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-24 00:49 . 2014-09-24 00:49 -------- d-----w- c:\programdata\RogueKiller
    2014-09-23 18:40 . 2014-09-23 18:40 -------- d-----w- C:\found.003
    2014-09-23 14:13 . 2014-09-24 01:13 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-23 14:12 . 2014-09-24 01:11 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-23 14:12 . 2014-09-23 23:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-09-23 14:12 . 2014-09-23 14:12 -------- d-----w- c:\programdata\Malwarebytes
    2014-09-23 14:12 . 2014-05-12 11:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-23 14:12 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-23 14:01 . 2006-11-03 03:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2014-09-23 14:01 . 2013-03-07 20:14 1974576 ----a-w- c:\windows\system32\drivers\BCMWLHIGH664.SYS
    2014-09-23 14:01 . 2013-03-07 20:13 96560 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2014-09-23 14:01 . 2013-03-07 18:06 3659264 ----a-w- c:\windows\system32\bcmihvui64.dll
    2014-09-23 14:01 . 2013-03-07 18:06 4395008 ----a-w- c:\windows\system32\bcmihvsrv64.dll
    2014-09-23 14:01 . 2014-09-23 14:01 -------- d-----w- c:\program files (x86)\NETGEAR
    2014-09-23 14:00 . 2014-09-23 14:00 -------- d-----w- c:\programdata\NETGEAR
    2014-08-30 20:41 . 2014-08-30 20:41 -------- d-----w- C:\found.002
    2014-08-30 18:33 . 2010-01-21 08:10 644608 ------w- c:\windows\system32\stapi64.dll
    2014-08-30 15:08 . 2014-09-23 14:52 -------- d-----w- c:\programdata\Search Protection
    2014-08-30 15:08 . 2014-08-30 15:08 -------- d-----w- c:\users\Melanie\AppData\Local\adawarebp
    2014-08-30 15:08 . 2014-08-30 17:26 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2014-08-30 15:08 . 2014-08-30 15:08 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2014-08-30 15:06 . 2014-08-30 15:06 -------- d-----w- c:\program files (x86)\Lavasoft
    2014-08-30 15:02 . 2014-08-30 15:02 -------- d-----w- c:\programdata\Lavasoft
    2014-08-30 14:55 . 2014-08-21 15:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E62E372-F591-442B-8273-DD3F92CBBEA8}\mpengine.dll
    2014-08-28 23:39 . 2014-08-30 14:54 -------- d-----w- c:\programdata\EuxttraiSSHopeper
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-24 15:38 . 2008-01-21 02:50 157696 ----a-w- c:\windows\SysWow64\verifier.dll
    2014-09-24 15:33 . 2008-01-21 02:49 111616 ----a-w- c:\windows\SysWow64\activeds.tlb
    2014-09-24 15:28 . 2009-12-06 22:12 143360 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
    2014-09-24 15:24 . 2006-11-02 08:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2014-08-30 17:25 . 2011-03-28 22:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-05 13:20 . 2010-09-12 13:11 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-08-01 21:08 . 2014-08-01 21:08 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2014-07-31 21:16 . 2014-07-31 21:16 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2014-07-04 00:20 . 2014-07-04 00:20 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2014-02-08 01:10 . 2014-02-08 01:10 49940480 ----a-w- c:\program files (x86)\GUT4A27.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2014-07-25 13:44 116248 ----a-w- c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c} "= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2014-07-25 116248]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "EA Core "= "c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-28 3890208]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Redirector "= "c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-06-14 153992]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
    "Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "FATrayAlert "= "c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
    "Dell V505 "= "c:\program files (x86)\Dell V505\fm3032.exe" [2008-10-02 312560]
    "ConnectionCenter "= "c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-06-14 395656]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41056]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "Ad-Aware Browsing Protection "= "c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs "=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
    @= "Driver "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
    @= "Driver "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "
    .
    R3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
    S2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe [x]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-02 02:07 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 00:41]
    .
    2014-04-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 13:32]
    .
    2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf492ce448e187.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-09 00:39]
    .
    2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2dcca88328e0.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-09 00:39]
    .
    2014-06-19 c:\windows\Tasks\PowerInbox Updater.job
    - c:\program files (x86)\PowerInbox\PowerInbox\UpdateClient.exe [2014-02-04 23:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2014-07-25 13:44 132264 ----a-w- c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c} "= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll" [2014-07-25 132264]
    .
    [HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-06 21:12 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-06-05 21:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-06-05 21:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-06-05 21:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-06-05 21:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-06-05 21:46 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WPCUMI "= "c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
    "SysTrayApp "= "c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
    "LanuchApp "= "c:\program files (x86)\NETGEAR\A6200\LanuchApp.exe" [2012-07-11 15136]
    "GENIE "= "c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2013-02-18 348888]
    "dldwamon "= "c:\program files (x86)\Dell V505\dldwamon.exe" [2008-10-02 16624]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://speedial.com/?f=1&a=spd_softdl4u_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0BtAtBtDyCtA0C0EtC0C0EtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0AyEtA0D0AtByCtGyE0AtDyDtGzztA0DyDtGzytA0EzytGtDzy0F0Bzz0CyE0CyDzyyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0F0A0FyCzyyB0AtGtAtCyDzytGzytD0ByEtG0D0AzyzytGyBtAyD0Ezz0A0DtD0CyD0FtD2Q&cr=956281966&ir=
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\
    FF - prefs.js: browser.search.selectedEngine - Trovi search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?gd=&ctid=CT3322520&octid=EB_ORIGINAL_CTID&ISID=MF0A2E9A9-D0D3-42EA-B3A9-6E672AE91B16&SearchSource=55&CUI=&UM=5&UP=SP62B4C81C-A397-4DBA-9B0E-F0095886A027&SSPV=
    FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=394&systemid=406&v=a9396-115&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2363152454084512&o=APN10645&q=
    user_pref(extensions.autoDisableScopes,14);
    FF - user.js: extensions.nspdlsd.aflt - spd_softdl4u_14_23_ch
    FF - user.js: extensions.nspdlsd.instlRef - 142905_b
    FF - user.js: extensions.nspdlsd.cr - 956281966
    FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutDtDtBtB0F0BtAtBtDyCtA0C0EtC0C0EtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0AyEtA0D0AtByCtGyE0AtDyDtGzztA0DyDtGzytA0EzytGtDzy0F0Bzz0CyE0CyDzyyE0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0F0A0FyCzyyB0AtGtAtCyDzytGzytD0ByEtG0D0AzyzytGyBtAyD0Ezz0A0DtD0CyD0FtD2Q
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{ec2bae47-25af-4ce9-9e78-10627a49c9ea} - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKCU-Run-ipCommonInit - c:\users\Melanie\AppData\Roaming\ipCommonInit\ipCommonInit.dll
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
    Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    Toolbar-10 - (no file)
    HKLM-Run-SynTPEnh - H.EXE
    HKLM-Run-dldwmon.exe - .EXE
    HKLM-Run-Dell DataSafe Online - E.EXE
    AddRemove-{7BCAC0EB-3993-2416-0531-848C39DF8B65} - c:\programdata\EuxttraiSSHopeper\UVim.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
    "ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-218266781-4151974111-564667469-1003\Software\SecuROM\License information*]
    "datasecu "=hex:eb,93,fe,4d,46,b6,73,f5,9c,c0,1d,c0,fe,e8,7f,b8,11,40,f5,3b,08,
    58,15,8d,61,fb,42,b3,c6,5d,f6,b5,09,c5,76,a7,f3,60,5f,8f,49,90,c2,e3,3f,4f,\
    "rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.12 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker5 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @= "Shockwave Flash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=" "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @= "FlashBroker "
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    c:\program files (x86)\webget\updatewebget.exe
    c:\program files (x86)\webget\bin\utilwebget.exe
    c:\program files (x86)\NETGEAR\A6200\WifiService.exe
    c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    c:\program files (x86)\Citrix\Receiver\Receiver.exe
    c:\program files (x86)\Dell V505\dldwMsdMon.exe
    c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
    c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    c:\program files (x86)\PureLeads\PureLeads.Service.exe
    .
    **************************************************************************
    .
    Completion time: 2014-09-25 03:06:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-09-25 02:26
    .
    Pre-Run: 347,532,288,000 bytes free
    Post-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
    .
    - - End Of File - - 5C5FE4BB084A4CD25EFD00CC0BB26C2B
    5C616939100B85E558DA92B899A0FC36
     
    Last edited: 2014/09/25
  7. 2014/09/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,

    The logs are pasted in below. The computer seems to be much more responsive now. However, still can't access the internet and the pop up dialog boxes that I mentioned in the first post are still there. I'm able to close them all out much faster now but they are still there.

    AdWareCleaner

    # AdwCleaner v3.310 - Report created 25/09/2014 at 19:59:48
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : Melanie - MELANIE-PC
    # Running from : C:\Users\Melanie\Desktop\adwcleaner_3.310.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : 70e6ca8c
    [#] Service Deleted : Update webget
    [#] Service Deleted : Util webget
    [#] Service Deleted : {55685567-4840-4a91-962b-49a412e9485a}Gt64

    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\Ask
    [!] Folder Deleted : C:\ProgramData\Babylon
    [!] Folder Deleted : C:\ProgramData\BitGuard
    [!] Folder Deleted : C:\ProgramData\blekko toolbars
    [!] Folder Deleted : C:\ProgramData\Browser Manager
    [!] Folder Deleted : C:\ProgramData\BrowserProtect
    [!] Folder Deleted : C:\ProgramData\FileCure
    [!] Folder Deleted : C:\ProgramData\Search Protection
    [!] Folder Deleted : C:\ProgramData\Systweak
    [!] Folder Deleted : C:\ProgramData\Tarma Installer
    [!] Folder Deleted : C:\ProgramData\EuxttraiSSHopeper
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
    [!] Folder Deleted : C:\Program Files (x86)\Advanced System Protector
    [!] Folder Deleted : C:\Program Files (x86)\ConduitEngine
    [!] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    [!] Folder Deleted : C:\Program Files (x86)\RegClean Pro
    [!] Folder Deleted : C:\Program Files (x86)\SearchProtect
    [!] Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
    [!] Folder Deleted : C:\Program Files (x86)\webget
    [!] Folder Deleted : C:\Program Files\003
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\Conduit
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\ConduitEngine
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\FunWebProducts
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\IncrediMail_MediaBar_2
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Drew\AppData\LocalLow\PriceGong
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\Local\blekkotb_031
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\LocalLow\DataMngr
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\LocalLow\FunWebProducts
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Jacob\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Jacob\AppData\LocalLow\PriceGong
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\Local\blekkotb_031
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\LocalLow\DataMngr
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\LocalLow\FunWebProducts
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Systweak
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\blekkotb_031
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\Conduit
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\ParetoLogic
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\SearchProtect
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\torch
    [!] Folder Deleted : C:\Users\Melanie\AppData\LocalLow\adawaretb
    [!] Folder Deleted : C:\Users\Melanie\AppData\LocalLow\Conduit
    [!] Folder Deleted : C:\Users\Melanie\AppData\LocalLow\ConduitEngine
    [!] Folder Deleted : C:\Users\Melanie\AppData\LocalLow\DataMngr
    [!] Folder Deleted : C:\Users\Melanie\AppData\LocalLow\PriceGong
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Babylon
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\FileAssociationManager
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Optimizer Pro
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Systweak
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\adawaretb
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\clramxqi.default\adawaretb
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\adawaretb
    [!] Folder Deleted : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [!] Folder Deleted : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\clramxqi.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [!] Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\t5q0fniv.default-1377728630782\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [!] Folder Deleted : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    File Deleted : C:\Windows\System32\sasnative64.exe
    File Deleted : C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gt64.sys
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\searchplugins\Ask.xml
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\searchplugins\conduit-search.xml
    File Deleted : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\searchplugins\Speedial.xml
    File Deleted : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\clramxqi.default\searchplugins\Speedial.xml
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\searchplugins\Speedial.xml
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\t5q0fniv.default-1377728630782\searchplugins\Speedial.xml
    File Deleted : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\searchplugins\web-search.xml
    File Deleted : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\user.js
    File Deleted : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\clramxqi.default\user.js
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\user.js
    File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\t5q0fniv.default-1377728630782\user.js
    File Deleted : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

    ***** [ Scheduled Tasks ] *****

    Task Deleted : LaunchApp
    Task Deleted : RegClean Pro
    Task Deleted : RegClean Pro_DEFAULT
    Task Deleted : RegClean Pro_UPDATES

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
    Key Deleted : HKLM\SOFTWARE\Classes\.bdc
    Key Deleted : HKLM\SOFTWARE\Classes\.bgl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Classes\ExxtraShhopppEar.ExxtraShhopppEar
    Key Deleted : HKLM\SOFTWARE\Classes\ExxtraShhopppEar.ExxtraShhopppEar.1.7
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3C7264D-6FB6-8CF9-9B97-82B4477270F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3C7264D-6FB6-8CF9-9B97-82B4477270F3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F3C7264D-6FB6-8CF9-9B97-82B4477270F3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\webget
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKCU\Software\AppDataLow\Software\alot
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\adawaretb
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Fun Web Products
    Key Deleted : HKLM\SOFTWARE\FunWebProducts
    Key Deleted : HKLM\SOFTWARE\MyWebSearch
    Key Deleted : HKLM\SOFTWARE\SearchProtect
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\torch
    Key Deleted : HKLM\SOFTWARE\webget
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7BCAC0EB-3993-2416-0531-848C39DF8B65}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean-Pro_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Speedial
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7BCAC0EB-3993-2416-0531-848C39DF8B65}
    Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16545


    -\\ Mozilla Firefox v22.0 (en-US)

    [ File : C:\Users\Drew.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\6e76b6gn.default\prefs.js ]

    Line Deleted : user_pref( "extensions.sahtb.searchEngineNameCurrent ", "Web Search ");
    Line Deleted : user_pref( "extensions.sahtb.searchEngineNameSAH ", "Web Search ");
    Line Deleted : user_pref( "extensions.sahtb.url.prefs.data ", "<ToolbarPrefs>\r\n <XMLVersion Number=\ "{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n <AnalyticsURL URL=\ "hxxp://www.google-analytics.com/__utm.gif?utmw[...]
    Line Deleted : user_pref( "keyword.URL ", "hxxp://websearch.shopathome.com?user_id={8eb1b097-2ac8-4591-ae04-cce322a1ea56}&q= ");

    [ File : C:\Users\Jacob.Melanie-PC\AppData\Roaming\Mozilla\Firefox\Profiles\clramxqi.default\prefs.js ]


    [ File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\prefs.js ]

    Line Deleted : user_pref( "browser.search.defaultenginename ", "Ask.com ");
    Line Deleted : user_pref( "browser.search.order.1 ", "Ask.com ");
    Line Deleted : user_pref( "browser.search.selectedEngine ", "Trovi search ");
    Line Deleted : user_pref( "browser.startup.homepage ", "hxxp://search.conduit.com/?gd=&ctid=CT3322520&octid=EB_ORIGINAL_CTID&ISID=MF0A2E9A9-D0D3-42EA-B3A9-6E672AE91B16&SearchSource=55&CUI=&UM=5&UP=SP62B4C81C-A397-4DBA[...]
    Line Deleted : user_pref( "keyword.URL ", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=394&systemid=406&v=a9396-115&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2363152454084512&o=APN10645&q= ");
    Line Deleted : user_pref( "browser.newtab.url ", "hxxp://www.trovi.com/?gd=&ctid=CT3320050&octid=EB_ORIGINAL_CTID&ISID=M1C71144A-F0B0-475F-987C-720E0B65505D&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP62B4C81C-A397-4DB[...]

    [ File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\t5q0fniv.default-1377728630782\prefs.js ]


    -\\ Google Chrome v35.0.1916.153

    *************************

    AdwCleaner[R0].txt - [24478 octets] - [25/09/2014 19:57:37]
    AdwCleaner[S0].txt - [21262 octets] - [25/09/2014 19:59:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21323 octets] ##########

    Junkware Removal

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.2.0 (09.22.2014:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Melanie on Fri 09/26/2014 at 6:37:46.21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BC0FFB9E-19A5-4407-82EC-BB355B672FC1}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Melanie\appdata\local\adawarebp "
    Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815 "
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin "



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\Melanie\AppData\Roaming\mozilla\firefox\profiles\4aoyaso8.default\extensions\hoyocpsnaf@hoyocpsnaf.org.xpi [Tracur]
    Successfully deleted: [Folder] C:\Users\Melanie\AppData\Roaming\mozilla\firefox\profiles\4aoyaso8.default\extensions\staged
    Successfully deleted: [Folder] C:\Users\Melanie\AppData\Roaming\mozilla\firefox\profiles\4aoyaso8.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}



    ~~~ Chrome

    Dumping contents of C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagedhdjdigdgcdcdhdgdgdfdjdfdfge
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagegfdedfdgdedjdfdjdedidegedhgb
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagedhdjdigdgcdcdhdgdgdfdjdfdfge\background.js
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagedhdjdigdgcdcdhdgdgdfdjdfdfge\ContentScript.js
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagedhdjdigdgcdcdhdgdgdfdjdfdfge\manifest.json
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagegfdedfdgdedjdfdjdedidegedhgb\background.html
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagegfdedfdgdedjdfdjdedidegedhgb\ContentScript.js
    C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default\aagegfdedfdgdedjdfdjdedidegedhgb\manifest.json

    Successfully deleted: [Folder] C:\Users\Melanie\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 09/26/2014 at 6:42:20.90
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Here is the FarBar FRST log. Addition coming.

    FarBarFRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
    Ran by Melanie (administrator) on MELANIE-PC on 26-09-2014 07:00:01
    Running from C:\Users\Melanie\Desktop
    Loaded Profile: Melanie (Available profiles: Melanie & Jacob & Drew)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\stacsv64.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe
    ( ) C:\Windows\System32\dldwcoms.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Electronic Arts) C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    () C:\Program Files (x86)\Dell V505\dldwmsdmon.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => H.EXE
    HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
    HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
    HKLM\...\Run: [dldwmon.exe] => .EXE "
    HKLM\...\Run: [dldwamon] => C:\Program Files (x86)\Dell V505\dldwamon.exe [16624 2008-10-02] ()
    HKLM\...\Run: [Dell DataSafe Online] => E.EXE" /M
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-28] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-07-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95488 2008-09-05] (Sensible Vision )
    HKLM-x32\...\Run: [Dell V505] => C:\Program Files (x86)\Dell V505\fm3032.exe [312560 2008-10-02] ()
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2012-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
    HKLM-x32\...\Run: [FAStartup] => [X]
    HKU\S-1-5-21-218266781-4151974111-564667469-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-218266781-4151974111-564667469-1003\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2752512 2008-07-21] (Electronic Arts)
    HKU\S-1-5-21-218266781-4151974111-564667469-1003\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-218266781-4151974111-564667469-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Drew.Melanie-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Jacob.Melanie-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1009\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1008\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_soft...tGyBtAyD0Ezz0A0DtD0CyD0FtD2Q&cr=956281966&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_soft...tGyBtAyD0Ezz0A0DtD0CyD0FtD2Q&cr=956281966&ir=
    URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKCU - {E15A4E0E-A14D-4A68-86D5-21AFD928C2D4} URL = http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&channel=Cbrwsr&clientid=Cnsmr&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: PowerInbox -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} -> C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO64.dll (PowerInbox Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: FAIESSOHelper Class -> {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: PowerInbox -> {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} -> C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO.dll (PowerInbox Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn3.phh.com/dana-cached/sc/JuniperSetupClient.cab
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
    FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
    FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Melanie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
    FF Extension: ArcadeFrontier - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53} [2014-04-05]
    FF Extension: New tab - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\Extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}(437) [2014-01-27]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
    FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-24]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-07]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\extensions\hoyocpsnaf@hoyocpsnaf.org.xpi [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\extensions\nosquint@urandom.ca.xpi [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\extensions\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\extensions\{4E2E7F2A-C103-C918-2526-5F0A9A69C325} [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-15]
    CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
    CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
    CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
    CHR Extension: (Productivity Owl) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoagmdboiealblmpaahjlhajggndaahi [2014-07-02]
    CHR Extension: (avast! Online Security) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-07]
    CHR Extension: (LiveHive Extension) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf [2014-08-28]
    CHR Extension: (Google Wallet) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
    CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-06]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] () [File not signed]
    S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2009-04-08] (Creative Labs) [File not signed]
    S2 dldwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [34032 2008-05-16] ()
    R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1041136 2008-05-16] ( )
    R2 dldw_device; C:\Windows\SysWOW64\dldwcoms.exe [595184 2008-05-16] ( )
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
    S2 FontCache; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S2 FontCache; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S2 gupdate1c9b8aba8273bbc; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-04-08] (Google Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
    R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8918 2011-05-15] () [File not signed]
    R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
    S2 seclogon; C:\Windows\system32\seclogon.dll [0 2008-01-20] () [File not signed]
    S3 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [46912 2013-02-04] (Spiceworks, Inc.)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3e0eef5b\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
    R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [1974576 2013-03-07] (Broadcom Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-05-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-05-06] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
    S1 Beep; No ImagePath
    S3 motport; C:\Windows\System32\DRIVERS\motport.sys [29184 2007-06-20] (Motorola)
    S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [22016 2008-01-20] () [File not signed]
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2014-02-19] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-09-23] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    S3 catchme; \??\C:\rob_bonner.exe\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    U3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
    U3 tunmp; system32\DRIVERS\tunmp.sys
    S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-26 07:00 - 2014-09-26 07:00 - 00027885 _____ () C:\Users\Melanie\Desktop\FRST.txt
    2014-09-26 06:59 - 2014-09-26 07:00 - 00000000 ____D () C:\FRST
    2014-09-26 06:59 - 2014-09-26 06:55 - 02108928 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
    2014-09-26 06:58 - 2014-09-26 06:58 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\EncryptStick
    2014-09-26 06:42 - 2014-09-26 06:42 - 00002948 _____ () C:\Users\Melanie\Desktop\JRT.txt
    2014-09-26 06:37 - 2014-09-26 06:37 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-25 20:09 - 2014-09-25 19:53 - 01024790 _____ (Thisisu) C:\Users\Melanie\Desktop\JRT.exe
    2014-09-25 19:57 - 2014-09-25 20:01 - 00000000 ____D () C:\AdwCleaner
    2014-09-25 19:56 - 2014-09-25 19:52 - 01373475 _____ () C:\Users\Melanie\Desktop\adwcleaner_3.310.exe
    2014-09-25 03:31 - 2014-09-25 03:31 - 00000000 __SHD () C:\found.004
    2014-09-25 03:06 - 2014-09-25 03:06 - 00024292 _____ () C:\ComboFix.txt
    2014-09-24 19:58 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-09-24 19:58 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-09-24 19:58 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-09-24 19:58 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-09-24 19:58 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-09-24 19:58 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-09-24 19:58 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-09-24 19:58 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-09-24 19:39 - 2014-09-25 03:06 - 00000000 ____D () C:\Qoobox
    2014-09-24 19:35 - 2014-09-24 21:48 - 00000000 ____D () C:\Windows\erdnt
    2014-09-24 19:29 - 2014-09-24 19:29 - 00001537 _____ () C:\Users\Melanie\Desktop\Windows Explorer.lnk
    2014-09-24 07:52 - 2014-09-24 07:53 - 00003042 _____ () C:\Users\Melanie\Desktop\FSS.txt
    2014-09-24 07:44 - 2014-09-25 20:07 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
    2014-09-24 07:40 - 2014-09-24 07:40 - 00269832 _____ () C:\Windows\Minidump\Mini092414-01.dmp
    2014-09-23 21:11 - 2014-09-23 23:44 - 00000000 ____D () C:\Users\Melanie\Desktop\mbar
    2014-09-23 20:49 - 2014-09-23 20:49 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-23 20:37 - 2014-09-24 07:55 - 00000000 ____D () C:\Users\Melanie\Desktop\CleanupTools
    2014-09-23 14:40 - 2014-09-23 14:40 - 00000000 ____D () C:\found.003
    2014-09-23 13:55 - 2014-09-23 13:56 - 00275232 _____ () C:\Windows\Minidump\Mini092314-01.dmp
    2014-09-23 10:13 - 2014-09-23 21:13 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-23 10:12 - 2014-09-23 21:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-23 10:12 - 2014-09-23 19:51 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-23 10:12 - 2014-09-23 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-23 10:12 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-09-23 10:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-09-23 10:11 - 2014-09-23 10:11 - 00001537 _____ () C:\Users\Melanie\Documents\Windows Explorer.lnk
    2014-09-23 10:01 - 2014-09-23 10:01 - 00011140 _____ () C:\Users\Melanie\AppData\Local\dd_vcredistUI60A6.txt
    2014-09-23 10:01 - 2014-09-23 10:01 - 00001796 _____ () C:\Users\Melanie\AppData\Local\dd_vcredistMSI60A6.txt
    2014-09-23 10:01 - 2014-09-23 10:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01005.Wdf
    2014-09-23 10:01 - 2014-09-23 10:01 - 00000000 ____D () C:\Program Files (x86)\NETGEAR
    2014-09-23 10:01 - 2013-03-07 16:14 - 01974576 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWLHIGH664.SYS
    2014-09-23 10:01 - 2013-03-07 16:13 - 00096560 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
    2014-09-23 10:01 - 2013-03-07 14:06 - 04395008 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
    2014-09-23 10:01 - 2013-03-07 14:06 - 03659264 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
    2014-09-23 10:01 - 2006-11-02 23:04 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01005.dll
    2014-08-31 16:07 - 2014-09-23 10:54 - 00000732 _____ () C:\Users\Melanie\AppData\Local\d3d9caps64.dat
    2014-08-30 16:41 - 2014-08-30 16:41 - 00000000 ____D () C:\found.002
    2014-08-30 14:33 - 2010-01-21 04:10 - 00644608 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
    2014-08-30 11:06 - 2014-08-30 11:06 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
    2014-08-28 19:35 - 2014-08-28 19:35 - 00000999 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-26 01:49 - 2009-03-31 01:39 - 01505455 _____ () C:\Windows\WindowsUpdate.log
    2014-09-25 20:13 - 2006-11-02 08:46 - 00009082 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-25 20:06 - 2014-06-09 05:58 - 00011552 _____ () C:\Windows\PFRO.log
    2014-09-25 20:06 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-25 20:03 - 2006-11-02 11:42 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-09-24 21:43 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
    2014-09-24 21:15 - 2006-11-02 08:33 - 55836672 _____ () C:\Windows\system32\config\components.bak
    2014-09-24 21:15 - 2006-11-02 08:33 - 31195136 _____ () C:\Windows\system32\config\system.bak
    2014-09-24 21:15 - 2006-11-02 08:33 - 133431296 _____ () C:\Windows\system32\config\software.bak
    2014-09-24 21:15 - 2006-11-02 08:33 - 04456448 _____ () C:\Windows\system32\config\default.bak
    2014-09-24 21:15 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2014-09-24 21:15 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2014-09-24 21:07 - 2013-04-05 14:49 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\ipCommonInit
    2014-09-24 19:02 - 2006-11-02 11:21 - 00367328 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-24 11:38 - 2008-01-20 22:50 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\verifier.dll
    2014-09-24 11:35 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-09-24 11:33 - 2008-01-20 22:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.tlb
    2014-09-24 11:24 - 2006-11-02 04:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-09-24 07:40 - 2014-07-02 16:30 - 253386244 _____ () C:\Windows\MEMORY.DMP
    2014-09-24 07:40 - 2011-08-03 19:07 - 00000000 ____D () C:\Windows\Minidump
    2014-09-23 12:30 - 2014-06-04 16:36 - 00002202 _____ () C:\Windows\setupact.log
    2014-09-23 10:52 - 2013-03-25 12:20 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\ShopAtHome
    2014-09-23 10:01 - 2009-04-07 19:48 - 00000000 ____D () C:\Users\Melanie
    2014-09-23 10:01 - 2009-03-31 06:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-09-23 09:33 - 2014-07-30 20:20 - 00000000 _____ () C:\Windows\system32\Drivers\SPPD.sys
    2014-08-30 13:56 - 2014-08-03 16:09 - 00000552 _____ () C:\Windows\system32\spsys.log
    2014-08-30 13:23 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 13:23 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-30 10:54 - 2014-08-03 13:51 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-30 10:30 - 2014-04-07 19:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

    Files to move or delete:
    ====================
    C:\Users\Melanie\CREATIVE-LABS_SOUND-BLASTER-_A00_R213242.exe


    Some content of TEMP:
    ====================
    C:\Users\Melanie\AppData\Local\Temp\EAD52E0.exe
    C:\Users\Melanie\AppData\Local\Temp\nshCA33.tmp.exe
    C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Melanie\AppData\Local\Temp\SPSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-25 20:12

    ==================== End Of Log ============================
     
  10. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    First Part of FarBar Addition Log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
    Ran by Melanie at 2014-09-26 07:01:22
    Running from C:\Users\Melanie\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    ATI Catalyst Install Manager (HKLM\...\{F0E881D1-3487-82B2-1B85-583D79FBD4B4}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Danish (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Dutch (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Finnish (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization French (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization German (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Italian (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Japanese (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Korean (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Norwegian (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Portuguese (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Russian (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Spanish (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Catalyst Control Center Localization Swedish (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Danish (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help English (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help French (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help German (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Italian (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Korean (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Russian (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2008.0703.2235.38526 - ATI) Hidden
    ccc-core-static (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    ccc-utility64 (Version: 2008.0703.2236.38526 - ATI) Hidden
    Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Citrix Authentication Manager (x32 Version: 5.0.0.60597 - Citrix Systems, Inc.) Hidden
    Citrix Online Launcher (HKLM-x32\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix)
    Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
    Citrix Receiver Inside (x32 Version: 3.4.0.45902 - Citrix Systems, Inc.) Hidden
    Citrix Receiver Updater (x32 Version: 4.0.0.45893 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(Aero) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(DV) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(USB) (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    Complete Care Consumer Service Agreement (HKLM-x32\...\{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}) (Version: 2.0.0 - Dell Inc.)
    Cortona3D Viewer (HKLM-x32\...\{C06CE867-0019-4BDD-88C3-CD96F79FCDC7}) (Version: 6.0.179 - ParallelGraphics)
    Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.00 - )
    Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
    Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)
    Dell V505 (HKLM\...\Dell V505) (Version: - Dell, Inc.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    EA Download Manager (HKLM-x32\...\{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: - )
    FastAccess (HKLM\...\{60D7B7D1-16A5-4168-9F46-AE956B0C5046}) (Version: 2.2.13.1 - Sensible Vision)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
    Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
    GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
    hp officejet v series (HKLM-x32\...\{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Photo Printing Software (HKLM-x32\...\HP Photo Printing Software) (Version: - )
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
    Integrated Webcam Driver (1.05.02.1227) (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)
    Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    Line Rider 2 (HKLM-x32\...\LineRider2) (Version: - )
    LiveAction Client 2.63 (HKLM-x32\...\7129-7318-7633-3109) (Version: 2.63 - ActionPacked! Networks)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Communicator 2007 (HKLM-x32\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (x32 Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 RsFx Driver (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{48B08845-0CB0-45EC-893C-15319ADDA312}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft UI Engine (x32 Version: 6.3.2380.0 - Microsoft Corporation) Hidden
    Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Web Developer 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM-x32\...\{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}) (Version: 2.02.07.002.14 - Novatel Wireless)
    Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Server 5.5 (HKLM\...\{B5A55A7F-73D6-4D36-85F8-9850635D6895}) (Version: 5.5.12 - Oracle Corporation)
    NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR)
    Nmap 5.61-Spiceworks (HKLM-x32\...\Spiceworks-Nmap) (Version: - )
    Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    PDFlite 0.8 (HKLM-x32\...\PDFlite) (Version: 0.8 - Amnis Technology Ltd)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
    PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
    PowerInbox (HKLM-x32\...\{1B178766-9F0A-4321-A007-673042682E0A}) (Version: 1.14.0.0 - PowerInbox)
    PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
    Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.13 - Dell Inc.)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - Amnis Technology Ltd)
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skins (x32 Version: 2008.0703.2236.38526 - ATI) Hidden
    Spiceworks (HKLM-x32\...\Spiceworks) (Version: 6.2.00829 - Spiceworks, Inc.)
    SPOREâ„¢ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
    SQL Server 2008 R2 SP1 Common Files (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Management Studio (x32 Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{51EBE89D-6C1B-4D57-8FEC-87B45DE0F39C}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
     
  11. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    FarBarAddition - Last Part



    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-218266781-4151974111-564667469-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-218266781-4151974111-564667469-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-218266781-4151974111-564667469-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-218266781-4151974111-564667469-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-218266781-4151974111-564667469-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    03-08-2014 15:49:23 Windows Update
    28-08-2014 23:37:07 Windows Update
    28-08-2014 23:43:22 Windows Update
    30-08-2014 14:51:21 Removed SpyHunter
    30-08-2014 15:02:42 AA11
    24-09-2014 01:02:51 BroniHelp
    24-09-2014 03:42:00 Malwarebytes Anti-Rootkit Restore Point
    25-09-2014 02:23:26 Scheduled Checkpoint
    26-09-2014 01:10:26 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2014-09-24 21:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {0CE9156D-DDD8-4F09-81B3-8664FD755802} - System32\Tasks\WOT W2 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {297C35F2-96CC-4252-ACD3-489F65D645DC} - System32\Tasks\WOT WWED1 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {3606C67E-42F0-4A3B-9B4A-237941E6AF5C} - System32\Tasks\PowerInbox Updater => C:\Program Files (x86)\PowerInbox\PowerInbox\UpdateClient.exe [2014-02-04] (PowerInbox)
    Task: {45B3326F-49F8-422E-98F7-DD9C037BA31B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-06] (AVAST Software)
    Task: {465CCBDA-19FF-4F13-894B-7A40220F7ABD} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
    Task: {73ED0AFA-9954-49B1-B3A2-F78FDED7F0BA} - System32\Tasks\GoogleUpdateTaskMachineCore1cf492ce448e187 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-08] (Google Inc.)
    Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {7EFF24D8-33A9-461D-A712-420DD46B0529} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {8F10CBCB-8B1F-4B03-8614-BD9BCB173519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {983E81EC-1EA5-4ECB-A81B-79577E37DB45} - System32\Tasks\WOT W1 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {ACABD8B3-4627-4BEB-B504-B0BF797AE81D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
    Task: {AF8FE543-4905-4D8F-B0C1-8BCD6D6DFC2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-14] (Adobe Systems Incorporated)
    Task: {B1070C91-2407-4962-9DC0-A23AFB104DE3} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Dell V505\dldwamon.exe [2008-10-02] ()
    Task: {BA7BD5BD-1B7F-4651-A8BA-7E303ACACAF1} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-25] (Google)
    Task: {BDBC923C-E274-4094-840B-A124021DD590} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
    Task: {C149914B-95FE-4C5A-8CF3-C9C04561CA5F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Melanie => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
    Task: {D0972F23-AF17-4EF1-9E6B-C0F541D5EAA4} - System32\Tasks\WOT WTHUR1 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {E13D5CA0-5CBF-44AD-940B-161285B853C8} - System32\Tasks\WOT WTUE1 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {E8DE61C9-C5FD-4B9D-9087-9AE201C4D075} - System32\Tasks\WOT WMON1 => Iexplore.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
    Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: {EC3F1D03-65BD-469E-B8FA-DF99A42228CA} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2dcca88328e0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-08] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf492ce448e187.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2dcca88328e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\PowerInbox Updater.job => C:\Program Files (x86)\PowerInbox\PowerInbox\UpdateClient.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-11-04 18:45 - 2008-07-17 06:01 - 00045568 _____ () C:\Windows\System32\DLDWPMON.DLL
    2009-11-04 18:45 - 2008-01-28 07:38 - 00057344 _____ () C:\Windows\System32\DLDWOEM.DLL
    2009-11-04 18:45 - 2008-07-17 05:49 - 00081408 _____ () C:\Program Files (x86)\Dell V505\ipcmt64.dll
    2012-07-08 20:31 - 2005-03-11 20:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
    2009-11-04 18:50 - 2008-05-09 08:56 - 00147456 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldwdrpp.dll
    2011-04-11 14:37 - 2011-04-11 14:37 - 09632256 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    2014-09-23 10:01 - 2012-09-24 17:28 - 00029984 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
    2009-11-04 18:44 - 2008-10-02 14:42 - 00025840 _____ () C:\Program Files (x86)\Dell V505\dldwMsdMon.exe
    2014-09-23 10:01 - 2013-02-18 16:13 - 00106496 _____ () C:\Program Files (x86)\NETGEAR\A6200\GWlanController.dll
    2014-09-23 10:01 - 2013-03-26 17:00 - 00018944 _____ () C:\Program Files (x86)\NETGEAR\A6200\GWPSController.dll
    2009-11-04 18:44 - 2008-05-27 03:36 - 00028672 _____ () C:\Program Files (x86)\Dell V505\App4R.Monitor.Common.dll
    2009-11-04 18:44 - 2008-05-27 03:36 - 00036864 _____ () C:\Program Files (x86)\Dell V505\App4R.Monitor.Core.dll
    2009-11-04 18:44 - 2008-05-27 03:35 - 00065536 _____ () C:\Program Files (x86)\Dell V505\app4r.devmons.mcmdevmon.dll
    2009-11-04 18:44 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files (x86)\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
    2010-03-18 14:27 - 2010-03-18 14:27 - 00000000 _____ () C:\Windows\system32\MSVCR100_CLR0400.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Melanie\Downloads\Cinema - Skrillex.mp3:TOC.WMV
    AlternateDataStreams: C:\Users\Melanie\Downloads\KYOTO (FT. SIRAH) - SKRILLEX.mp3:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => " "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => " "= "Service "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => " "= "service "

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-218266781-4151974111-564667469-500 -> Administrator - Disabled - Status: Degraded)
    Drew (S-1-5-21-218266781-4151974111-564667469-1009 -> Limited - Enabled - Status: OK) => C:\Users\Drew.Melanie-PC
    Guest (S-1-5-21-218266781-4151974111-564667469-501 -> Limited - Disabled - Status: Degraded)
    Jacob (S-1-5-21-218266781-4151974111-564667469-1008 -> Limited - Enabled - Status: OK) => C:\Users\Jacob.Melanie-PC
    Melanie (S-1-5-21-218266781-4151974111-564667469-1003 -> Administrator - Enabled - Status: OK) => C:\Users\Melanie

    ==================== Faulty Device Manager Devices =============

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #3
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #4
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #5
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #6
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #7
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #8
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #9
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #11
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #12
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #13
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #14
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #14
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #15
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{6D97E1C7-6F0E-4E93-B0F0-CE8FD8080B9E}
    Description: Microsoft ISATAP Adapter
    Class Guid:
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{6CFEEC2C-C47A-4BFC-AAAD-2D672F948E13}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{839842B4-661D-4A9B-8940-AC80E1BCE0C2}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall ", and then click "Scan for hardware changes" to load a usable driver.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall ", and then click "Scan for hardware changes" to load a usable driver.

    Name: facap, FastAccess Video Capture
    Description: facap, FastAccess Video Capture
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Sensible Vision
    Service: FACAP
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft eHome Infrared Transceiver
    Description: Microsoft eHome Infrared Transceiver
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Microsoft
    Service: HidIr
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (09/26/2014 06:54:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: Network Location Awareness3221226008 (0xC0000218)

    Error: (09/26/2014 06:54:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1062

    Error: (09/26/2014 06:54:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Network List ServiceNetwork Location Awareness%%0

    Error: (09/26/2014 06:54:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: Network Location Awareness3221226008 (0xC0000218)

    Error: (09/26/2014 06:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Network List ServiceNetwork Location Awareness%%1062

    Error: (09/26/2014 06:54:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Network List ServiceNetwork Location Awareness%%0


    Microsoft Office Sessions:
    =========================
    Error: (04/07/2013 02:14:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 242 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (12/11/2011 11:59:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13129 seconds with 9300 seconds of active time. This session ended with a crash.

    Error: (07/10/2011 04:40:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (05/22/2011 09:00:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3887 seconds with 3540 seconds of active time. This session ended with a crash.

    Error: (04/10/2011 00:25:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16316 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (10/31/2010 10:46:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 707 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (07/08/2010 06:40:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1286 seconds with 540 seconds of active time. This session ended with a crash.

    Error: (07/08/2010 06:18:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43805 seconds with 6360 seconds of active time. This session ended with a crash.

    Error: (06/20/2010 09:17:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (06/20/2010 09:16:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19868 seconds with 300 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-26 07:01:10.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:10.312
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:09.813
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:09.423
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:08.284
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:08.019
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:07.520
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:07.146
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-24 21:07:15.036
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\rob_bonner.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-09-24 21:07:14.786
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\rob_bonner.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
    Percentage of memory in use: 36%
    Total physical RAM: 4089.95 MB
    Available physical RAM: 2611.49 MB
    Total Pagefile: 8397.17 MB
    Available Pagefile: 6659.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:450.61 GB) (Free:318.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.96 GB) NTFS
    Drive f: () (Removable) (Total:29.44 GB) (Free:28.38 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 78000000)
    Partition 1: (Not Active) - (Size=157 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=450.6 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: CA483E00)
    Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  12. 2014/09/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  13. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,

    Here is the Fixlog. I have noticed some slowness in some operations such as moving all these tools and logs back and forth using a flash drive. Sometimes when I click on a file to move it, I get the spinning ball for 20 or 30 seconds before it finishes the action.

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
    Ran by Melanie at 2014-09-26 20:07:02 Run:1
    Running from C:\Users\Melanie\Desktop
    Loaded Profile: Melanie (Available profiles: Melanie & Jacob & Drew)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [FAStartup] => [X]
    GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1009\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1008\User: Group Policy restriction detected <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_softd...=956281966&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_softd...=956281966&ir=
    URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\hoyocpsnaf@hoyocpsnaf.org.xpi [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\nosquint@urandom.ca.xpi [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} [Not Found]
    FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\{4E2E7F2A-C103-C918-2526-5F0A9A69C325} [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S1 Beep; No ImagePath
    S3 catchme; \??\C:\rob_bonner.exe\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
    C:\Users\Melanie\CREATIVE-LABS_SOUND-BLASTER-_A00_R213242.exe
    C:\Users\Melanie\AppData\Local\Temp\EAD52E0.exe
    C:\Users\Melanie\AppData\Local\Temp\nshCA33.tmp.exe
    C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe
    C:\Users\Melanie\AppData\Local\Temp\SPSetup.exe
    Task: {8F10CBCB-8B1F-4B03-8614-BD9BCB173519} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\Melanie\Downloads\Cinema - Skrillex.mp3:TOC.WMV
    AlternateDataStreams: C:\Users\Melanie\Downloads\KYOTO (FT. SIRAH) - SKRILLEX.mp3:TOC.WMV


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1009\User => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-218266781-4151974111-564667469-1008\User => Moved successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    "HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    "HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.
    "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
    C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\hoyocpsnaf@hoyocpsnaf.org.xpi not found.
    C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\nosquint@urandom.ca.xpi not found.
    C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} not found.
    C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\4aoyaso8.default\ extensions\{4E2E7F2A-C103-C918-2526-5F0A9A69C325} not found.
    C:\Program Files (x86)\McAfee\SiteAdvisor not found.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    Beep => Service deleted successfully.
    catchme => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    USBAAPL64 => Service deleted successfully.
    C:\Users\Melanie\CREATIVE-LABS_SOUND-BLASTER-_A00_R213242.exe => Moved successfully.
    C:\Users\Melanie\AppData\Local\Temp\EAD52E0.exe => Moved successfully.
    C:\Users\Melanie\AppData\Local\Temp\nshCA33.tmp.exe => Moved successfully.
    C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Melanie\AppData\Local\Temp\SPSetup.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F10CBCB-8B1F-4B03-8614-BD9BCB173519}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F10CBCB-8B1F-4B03-8614-BD9BCB173519}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
    C:\Users\Melanie\Downloads\Cinema - Skrillex.mp3 => ":TOC.WMV" ADS removed successfully.
    C:\Users\Melanie\Downloads\KYOTO (FT. SIRAH) - SKRILLEX.mp3 => ":TOC.WMV" ADS removed successfully.


    The system needed a reboot.

    ==== End of Fixlog ====
     
  14. 2014/09/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    OK. At this point your computer should be fairly clean so let's investigate connection issue little bit more.

    [​IMG] Re-run FSS (Farbar Service Scanner) one more time and post fresh log.
    You ran the tool before so you should have it on your Desktop.

    [​IMG] Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Restore Points
    Click Go and post the result.
     
  15. 2014/09/26
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Here are the logs:

    FSS2

    Farbar Service Scanner Version: 21-07-2014
    Ran by Melanie (administrator) on 26-09-2014 at 22:00:25
    Running from "C:\Users\Melanie\Desktop "
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    MiniToolBoxResult

    MiniToolBox by Farbar Version: 21-07-2014
    Ran by Melanie (administrator) on 26-09-2014 at 22:12:58
    Running from "C:\Users\Melanie\Desktop "
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
    Intel(R) WiFi Link 5100 = Wireless Network Connection (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Melanie-PC
    Primary Dns Suffix . . . . . . . : Melanie-pc.com
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : Melanie-pc.com

    Wireless LAN adapter Wireless Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) WiFi Link 5100
    Physical Address. . . . . . . . . : 00-22-FB-32-06-3C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : hsd1.md.comcast.net.
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-22-19-E5-58-2F
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    50 ...00 22 fb 32 06 3c ...... Intel(R) WiFi Link 5100
    10 ...00 22 19 e5 58 2f ...... Broadcom NetLink (TM) Gigabit Ethernet
    1 ........................... Software Loopback Interface 1
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (09/26/2014 10:09:55 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.

    Error: (09/26/2014 08:44:59 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.

    Error: (09/26/2014 08:40:00 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.

    Error: (09/26/2014 08:23:21 PM) (Source: LoadPerf) (User: )
    Description: WmiApRplWmiApRpl8

    Error: (09/26/2014 08:23:21 PM) (Source: LoadPerf) (User: )
    Description: Performance16

    Error: (09/26/2014 08:19:16 PM) (Source: PlsvcV2) (User: )
    Description: on service startOperation is not valid due to the current state of the object.

    Error: (09/26/2014 08:19:08 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.

    Error: (09/26/2014 08:18:43 PM) (Source: Application Error) (User: )
    Description: Faulting application fm3032.exe, version 2.164.0.0, time stamp 0x487f232a, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc000007b, fault offset 0x0006f52f,
    process id 0xf24, application start time 0xfm3032.exe0.

    Error: (09/26/2014 08:17:31 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.

    Error: (09/26/2014 08:17:28 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "1 ".Error in manifest or policy file "2" on line 3.
    Invalid Xml syntax.


    System errors:
    =============
    Error: (09/26/2014 09:31:34 PM) (Source: Service Control Manager) (User: )
    Description: DHCP Client%%5

    Error: (09/26/2014 09:31:34 PM) (Source: Service Control Manager) (User: )
    Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%0

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: DHCP Client%%5

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%0

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: DHCP Client%%5

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%0

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: DHCP Client%%5

    Error: (09/26/2014 09:31:26 PM) (Source: Service Control Manager) (User: )
    Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%0

    Error: (09/26/2014 09:31:13 PM) (Source: Service Control Manager) (User: )
    Description: DHCP Client%%5

    Error: (09/26/2014 09:31:13 PM) (Source: Service Control Manager) (User: )
    Description: WinHTTP Web Proxy Auto-Discovery ServiceDHCP Client%%0


    Microsoft Office Sessions:
    =========================
    Error: (04/07/2013 02:14:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 242 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (12/11/2011 11:59:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13129 seconds with 9300 seconds of active time. This session ended with a crash.

    Error: (07/10/2011 04:40:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (05/22/2011 09:00:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3887 seconds with 3540 seconds of active time. This session ended with a crash.

    Error: (04/10/2011 00:25:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16316 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (10/31/2010 10:46:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 707 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (07/08/2010 06:40:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1286 seconds with 540 seconds of active time. This session ended with a crash.

    Error: (07/08/2010 06:18:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43805 seconds with 6360 seconds of active time. This session ended with a crash.

    Error: (06/20/2010 09:17:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (06/20/2010 09:16:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19868 seconds with 300 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-26 07:01:10.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:10.312
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:09.813
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:09.423
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:08.284
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:08.019
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:07.520
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-26 07:01:07.146
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-24 21:07:15.036
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\rob_bonner.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-09-24 21:07:14.786
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\rob_bonner.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ========================= Devices: ================================

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #3
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver ", which starts the Hardware Update wizard.

    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #4
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #5
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #6
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #7
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #8
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #9
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #11
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #12
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #13
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #14
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #14
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #15
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{6D97E1C7-6F0E-4E93-B0F0-CE8FD8080B9E}
    Description: Microsoft ISATAP Adapter
    Class Guid:
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{0CD7EE51-ABFE-4917-BD8D-2A24CA140E68}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{FD18450D-EDD7-4ED3-B76B-712E4A3E6A10}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{6CFEEC2C-C47A-4BFC-AAAD-2D672F948E13}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: isatap.{839842B4-661D-4A9B-8940-AC80E1BCE0C2}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall ", and then click "Scan for hardware changes" to load a usable driver.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Tun Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunmp
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall ", and then click "Scan for hardware changes" to load a usable driver.

    Name: facap, FastAccess Video Capture
    Description: facap, FastAccess Video Capture
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Sensible Vision
    Service: FACAP
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft eHome Infrared Transceiver
    Description: Microsoft eHome Infrared Transceiver
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Microsoft
    Service: HidIr
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ========================= Restore Points ==================================

    03-08-2014 15:49:23 Windows Update
    28-08-2014 23:37:07 Windows Update
    28-08-2014 23:43:22 Windows Update
    30-08-2014 14:51:21 Removed SpyHunter
    30-08-2014 15:02:42 AA11
    24-09-2014 01:02:51 BroniHelp
    24-09-2014 03:42:00 Malwarebytes Anti-Rootkit Restore Point
    25-09-2014 02:23:26 Scheduled Checkpoint
    26-09-2014 01:10:26 Scheduled Checkpoint
    26-09-2014 14:08:01 Scheduled Checkpoint

    **** End of log ****
     
  16. 2014/09/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Let's try simple tool first...

    • Please download comintrep.zip and save it to your desktop[/*]
    • Unzip downloaded file. It'll create cintrepair folder. Inside that folder you'll find CIntRep.exe file[/*]
    • Double click on CIntRep.exe to run the tool[/*]
    • Place a checkmark next to the following entries:[/*]

    • Reset Internet Protocol (TCP/IP)[/*]
    • Repair Winsock (Reset Catalog)[/*]
    • Renew Internet Connections[/*]
    • Flush DNS Resolver Cache[/*]
    • Repair Internet Explorer xxxx[/*]
    • Clear Windows Update History[/*]
    • Repair Windows / Automatic Updates[/*]
    • Repair SSL / HTTPS / Cryptography[/*]
    • Reset Windows Firewall Configuration[/*]
    • Restore the default hosts file[/*]
    • Repair Workgroup Computers view[/*]

    • Click Go![/*]
    • Ignore any error messages for now[/*]
    • Click OK to reboot your computer[/*]
    • Check your internet access[/*]
     
  17. 2014/09/27
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,

    I ran the Internet Repair Tool but still no networks found. When I mouse over the icon next to the clock, I get a pop up box that says "Connection status unknown. The dependency group failed to start ".

    I did get a dialog box that said Windows Firewall has blocked EA and I had the option to unblock but I didn't. I Googled EA and it appears that it is integral to some games that appear to be on this computer. Don't know if this is significant.

    I should note that upon reboot the computer ran Check Disk again.
     
    Last edited: 2014/09/27
  18. 2014/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator ".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  19. 2014/09/28
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Ran the Windows Repair and it produced two logs that were titled "Windows Repair Log" which are posted below. I think I may have inadvertently stopped it and then it restarted - not sure. Also, I have never been able to "disable" Avast. I cant' get the control paned to open to disable it.

    Still no internet access and when I right click on the internet icon by the clock in the tray I get a message that "Windows cannot find any networks ". Also, I still cannot access the Device Manager - get a message "MMC could not create the snap in ".

    Windows Repair Log 1

    Tweaking.com - Windows Repair v2.9.1
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows Vista (TM) Home Premium
    OS Architecture: 64-bit
    OS Version: 6.0.6002
    OS Service Pack: Service Pack 2
    Computer Name: MELANIE-PC
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile:
    Current Profile SID: S-1-5-21-218266781-4151974111-564667469-1003
    Current Profile Classes: S-1-5-21-218266781-4151974111-564667469-1003_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Melanie\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:07:32

    Process Count: 74
    Commit Total: 1.73 GB
    Commit Limit: 8.16 GB
    Commit Peak: 1.90 GB
    Handle Count: 17362
    Kernel Total: 556.86 MB
    Kernel Paged: 485.59 MB
    Kernel Non Paged: 71.27 MB
    System Cache: 2.13 GB
    Thread Count: 722
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.99 GB
    Memory Used: 1.52 GB(38.0805%)
    Memory Avail.: 2.47 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.99 GB
    Memory Used: 1.33 GB(33.2781%)
    Memory Avail.: 2.66 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (9/28/2014 9:53:28 AM)


    Repairs stopped. The current repair, if running, will still go until finished.

    Repairs Stopped By User.
    Done at (9/28/2014 9:53:28 AM)
    Total Repair Time: 00:00:02

    Windows Repair Log 2

    Tweaking.com - Windows Repair v2.9.1
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows Vista (TM) Home Premium
    OS Architecture: 64-bit
    OS Version: 6.0.6002
    OS Service Pack: Service Pack 2
    Computer Name: MELANIE-PC
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile:
    Current Profile SID: S-1-5-21-218266781-4151974111-564667469-1003
    Current Profile Classes: S-1-5-21-218266781-4151974111-564667469-1003_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Melanie\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:07:49

    Process Count: 74
    Commit Total: 1.72 GB
    Commit Limit: 8.16 GB
    Commit Peak: 1.90 GB
    Handle Count: 17367
    Kernel Total: 556.76 MB
    Kernel Paged: 486.34 MB
    Kernel Non Paged: 70.43 MB
    System Cache: 1.80 GB
    Thread Count: 718
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.99 GB
    Memory Used: 1.34 GB(33.4645%)
    Memory Avail.: 2.66 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.99 GB
    Memory Used: 1.32 GB(33.0087%)
    Memory Avail.: 2.68 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (9/28/2014 9:53:46 AM)

    01 - Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (9/28/2014 9:53:50 AM)
    Running Repair Under Current User Account
    Done (9/28/2014 9:54:26 AM)

    01 - Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (9/28/2014 9:54:26 AM)
    Running Repair Under System Account
    Done (9/28/2014 10:16:47 AM)

    01 - Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (9/28/2014 10:16:47 AM)
    Running Repair Under System Account
    Done (9/28/2014 10:25:02 AM)

    03 - Reset Service Permissions
    Start (9/28/2014 10:25:03 AM)
    Running Repair Under System Account
    Done (9/28/2014 10:26:25 AM)

    04 - Register System Files
    Start (9/28/2014 10:26:26 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:27:27 AM)

    05 - Repair WMI
    Start (9/28/2014 10:27:27 AM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    No Antivirus Products Reported.

    Exporting AntiSpyware Info...
    Windows Defender Exported.

    Exporting 3rd Party Firewall Info...
    No Firewall Products Reported.

    Running Repair Under Current User Account
    Done (9/28/2014 10:39:18 AM)

    06 - Repair Windows Firewall
    Start (9/28/2014 10:39:18 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:39:54 AM)

    07 - Repair Internet Explorer
    Start (9/28/2014 10:39:54 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:40:53 AM)

    08 - Repair MDAC/MS Jet
    Start (9/28/2014 10:40:53 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:41:18 AM)

    09 - Repair Hosts File
    Start (9/28/2014 10:41:18 AM)
    Running Repair Under System Account
    Done (9/28/2014 10:41:20 AM)

    10 - Remove Policies Set By Infections
    Start (9/28/2014 10:41:20 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:41:24 AM)

    11 - Repair Start Menu Icons Removed By Infections
    Start (9/28/2014 10:41:24 AM)
    Running Repair Under System Account
    Done (9/28/2014 10:41:27 AM)

    12 - Repair Icons
    Start (9/28/2014 10:41:27 AM)
    Running Repair Under Current User Account
    Done (9/28/2014 10:41:29 AM)

    13 - Repair Winsock & DNS Cache
    Start (9/28/2014 10:41:29 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:41:41 AM)

    15 - Repair Proxy Settings
    Start (9/28/2014 10:41:41 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:41:44 AM)

    17 - Repair Windows Updates
    Start (9/28/2014 10:41:44 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (9/28/2014 10:42:37 AM)

    18 - Repair CD/DVD Missing/Not Working
    Start (9/28/2014 10:42:37 AM)
    iTunes not found, not applying UpperFilters iTunes Reg Key
    Done (9/28/2014 10:42:37 AM)

    19 - Repair Volume Shadow Copy Service
    Start (9/28/2014 10:42:37 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:18 AM)

    21 - Repair MSI (Windows Installer)
    Start (9/28/2014 10:43:18 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:31 AM)

    23.01 - Repair bat Association
    Start (9/28/2014 10:43:31 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:34 AM)

    23.02 - Repair cmd Association
    Start (9/28/2014 10:43:34 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:38 AM)

    23.03 - Repair com Association
    Start (9/28/2014 10:43:38 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:41 AM)

    23.04 - Repair Directory Association
    Start (9/28/2014 10:43:41 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:45 AM)

    23.05 - Repair Drive Association
    Start (9/28/2014 10:43:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:48 AM)

    23.06 - Repair exe Association
    Start (9/28/2014 10:43:48 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:51 AM)

    23.07 - Repair Folder Association
    Start (9/28/2014 10:43:51 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:55 AM)

    23.08 - Repair inf Association
    Start (9/28/2014 10:43:55 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:43:58 AM)

    23.09 - Repair lnk (Shortcuts) Association
    Start (9/28/2014 10:43:58 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:01 AM)

    23.10 - Repair msc Association
    Start (9/28/2014 10:44:01 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:05 AM)

    23.11 - Repair reg Association
    Start (9/28/2014 10:44:05 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:08 AM)

    23.12 - Repair scr Association
    Start (9/28/2014 10:44:08 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:12 AM)

    24 - Repair Windows Safe Mode
    Start (9/28/2014 10:44:12 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:15 AM)

    25 - Repair Print Spooler
    Start (9/28/2014 10:44:15 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:31 AM)

    26 - Restore Important Windows Services
    Start (9/28/2014 10:44:32 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:44:40 AM)

    27 - Set Windows Services To Default Startup
    Start (9/28/2014 10:44:40 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:45:04 AM)

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.0

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.0

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.0

    31 - Repair Windows 'New' Submenu
    Start (9/28/2014 10:45:04 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (9/28/2014 10:45:08 AM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (9/28/2014 10:45:08 AM)
    Total Repair Time: 00:51:24


    ...YOU MUST RESTART YOUR SYSTEM...
     
  20. 2014/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Are you trying to use wireless or wired connection?
    Do you see any errors in Control Panel?
     
  21. 2014/09/28
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    937
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    I am using a wireless connection. In the apartment complex where we live, wireless is our only option. At one point when I started working with the laptop, I could see the available wireless connections. Now when I click "Connect to a wireless network ", I get a message that Windows cannot find any networks. I have a Cisco media bridge that I could dig out and see if I can connect it to the wireless network and then connect the problem laptop via Ethernet if you think it would help.

    When you ask about errors in the Control Panel, do you mean icons that would indicate a problem with the yellow triangle. If so, there is one icon like that - Problem Reports and Solutions. When I open it, I see a list of problems that pretty well correspond to the pop up dialog boxes that I see on boot up.

    Net Runtime Optimization Service (15 instances)
    Catalyst Control Center:Host Application (32 instances)
    Clash of Clans Game Downloader (1)
    COM Surrogate (1)
    FAXMAN Server (16)
    Google Chrome (1)
    grep.3XE (9)
    gsar.3XE (1)
    iexplore.exe (18)
    Internet Explorer (18)
    LineRider2.bbz (1)
    Origin (1)
    QuickSet (1)
    Windows (1)
    Windows Defender Command (17)
    Windows Media Center Store Update Manager (5)
    WSearch (1)

    Most of the reasons for the problems were "Stopped Working ".
     

Share This Page