Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91980 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

A problem appeared this morning: nengine.dll did not start [Solved]


  • This topic is locked This topic is locked
34 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 26 February 2014 - 02:50 PM

Cheatengine is more than just a hex editor (though that is essentially true).  The same "processes" it uses to hack the game can be used to hack your computer - thus the designation of potentially unsafe application.  If you installed it yourself, then it is probably not being used to hack you.

 

The setup file of GOM player and ccsetup have been patched to install foistware.  Foistware is not really "dangerous", just annoying and uses rescources.  It's just the setup file, not the program so you don't need it after install anyway.

 

Snes9x is infected with Solimba.  I'm surprised that your Trend Micro didn't squawk about this.  It's adware with a downloader component.  It attempts to contact a malicious site where other malware can be downloaded.  It doesn't seem to send any personal data to the site on contact.

 

Several files have been flagged infected by OpenCandy.  At's adware similiar to Solimba.  Same with Wajam found in your Glary's.

 

Win32/DownloadAdmin.G has been found in several applications.  It contains a rootkit like component and is a known hijacker.  Amonetize is a cracker.

 

The reason I asked about problems in December is that on December 19th a whole boatload of Microsoft files were restored.  Made me think there might have been some problem that required this.

 

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
    File::
    
    C:\Users\Terry\Documents\InvestorsBusinessDaily\jenkatgame_9944.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\100freechess-setup.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\100freehearts-setup.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\cbsidlm-tr1_12-Sudoku-SEO-10668151.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine61.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\CheatEngine62.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\DriverSweeper_3.0.0.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\Glary_Utilities_TSV19IPG.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\IZArc4.1.6.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\mahjongsolitaire7-setup.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\microsoft chess titans windows 7__3038_i203470221_il12297609.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\Snes9x.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\SoftonicDownloader_for_gom-player.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\spidersolitaire-setup.exe
    
    C:\Users\Terry\Documents\SoftwareUpdates\[www.indowebster.com]-PSX1.13BiosMemoryCard.exe
    
    C:\Users\Terry\Downloads\CheatEngine63.exe
    
    
    
    
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 

 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#17 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 26 February 2014 - 04:55 PM

Understand about CE and GOM, and I did install them.  SNES9x was never installed just the installation application in SoftwareUpdates folder.  One file in there that was deleted was c:\users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe and I wish that one had been kept, The File itself is located in my games folder so no blood no foul.

 

Here is the output:

ComboFix 14-02-24.02 - Terry 02/26/2014  16:42:05.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.6066 [GMT -6:00]
Running from: c:\users\Terry\Desktop\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Terry\Documents\InvestorsBusinessDaily\jenkatgame_9944.exe"
"c:\users\Terry\Documents\SoftwareUpdates\[www.indowebster.com]-PSX1.13BiosMemoryCard.exe"
"c:\users\Terry\Documents\SoftwareUpdates\100freechess-setup.exe"
"c:\users\Terry\Documents\SoftwareUpdates\100freehearts-setup.exe"
"c:\users\Terry\Documents\SoftwareUpdates\cbsidlm-tr1_12-Sudoku-SEO-10668151.exe"
"c:\users\Terry\Documents\SoftwareUpdates\CheatEngine61.exe"
"c:\users\Terry\Documents\SoftwareUpdates\CheatEngine62.exe"
"c:\users\Terry\Documents\SoftwareUpdates\DriverSweeper_3.0.0.exe"
"c:\users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe"
"c:\users\Terry\Documents\SoftwareUpdates\Glary_Utilities_TSV19IPG.exe"
"c:\users\Terry\Documents\SoftwareUpdates\IZArc4.1.6.exe"
"c:\users\Terry\Documents\SoftwareUpdates\mahjongsolitaire7-setup.exe"
"c:\users\Terry\Documents\SoftwareUpdates\microsoft chess titans windows 7__3038_i203470221_il12297609.exe"
"c:\users\Terry\Documents\SoftwareUpdates\Snes9x.exe"
"c:\users\Terry\Documents\SoftwareUpdates\SoftonicDownloader_for_gom-player.exe"
"c:\users\Terry\Documents\SoftwareUpdates\spidersolitaire-setup.exe"
"c:\users\Terry\Downloads\CheatEngine63.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Terry\Documents\InvestorsBusinessDaily\jenkatgame_9944.exe
c:\users\Terry\Documents\SoftwareUpdates\[www.indowebster.com]-PSX1.13BiosMemoryCard.exe
c:\users\Terry\Documents\SoftwareUpdates\100freechess-setup.exe
c:\users\Terry\Documents\SoftwareUpdates\100freehearts-setup.exe
c:\users\Terry\Documents\SoftwareUpdates\cbsidlm-tr1_12-Sudoku-SEO-10668151.exe
c:\users\Terry\Documents\SoftwareUpdates\CheatEngine61.exe
c:\users\Terry\Documents\SoftwareUpdates\CheatEngine62.exe
c:\users\Terry\Documents\SoftwareUpdates\DriverSweeper_3.0.0.exe
c:\users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe
c:\users\Terry\Documents\SoftwareUpdates\Glary_Utilities_TSV19IPG.exe
c:\users\Terry\Documents\SoftwareUpdates\IZArc4.1.6.exe
c:\users\Terry\Documents\SoftwareUpdates\mahjongsolitaire7-setup.exe
c:\users\Terry\Documents\SoftwareUpdates\microsoft chess titans windows 7__3038_i203470221_il12297609.exe
c:\users\Terry\Documents\SoftwareUpdates\Snes9x.exe
c:\users\Terry\Documents\SoftwareUpdates\SoftonicDownloader_for_gom-player.exe
c:\users\Terry\Documents\SoftwareUpdates\spidersolitaire-setup.exe
c:\users\Terry\Downloads\CheatEngine63.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-26 to 2014-02-26  )))))))))))))))))))))))))))))))
.
.
2014-02-26 22:45 . 2014-02-26 22:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 14:14 . 2014-02-25 18:43 -------- d-----w- c:\programdata\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\users\Terry\AppData\Local\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\program files (x86)\TechSmith
2014-02-25 13:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59658F00-46B7-4E18-AD16-5BB8FBAF36A9}\mpengine.dll
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Roaming\Malwarebytes
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 12:44 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Local\Programs
2014-02-25 12:31 . 2014-02-25 12:32 -------- d-----w- C:\AdwCleaner
2014-02-25 12:23 . 2014-02-25 12:23 -------- d-----w- c:\windows\ERUNT
2014-02-17 14:27 . 2014-02-17 14:27 -------- d-----w- c:\users\Terry\AppData\Roaming\AVAST Software
2014-02-17 14:20 . 2014-02-17 14:20 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-17 13:16 . 2014-02-17 14:20 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-17 13:16 . 2014-02-17 14:20 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-17 13:16 . 2014-02-17 14:20 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-16 17:54 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-16 17:54 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-16 01:07 . 2014-02-16 01:07 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-02-15 23:10 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-15 22:44 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-15 22:44 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-13 15:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 02:29 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 02:29 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 02:29 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 02:29 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 00:13 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 00:13 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-04 03:44 . 2014-02-04 03:44 -------- d-----w- c:\program files (x86)\Yahoo!
2014-01-30 13:19 . 2014-01-30 13:19 -------- d-----w- c:\users\Terry\AppData\Roaming\Stormdance
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 11:45 . 2013-12-31 04:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 11:45 . 2013-12-31 04:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 14:20 . 2013-12-31 00:15 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-17 14:20 . 2013-12-31 00:15 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-17 14:20 . 2013-12-31 00:15 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-17 14:20 . 2013-12-31 00:15 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-17 14:20 . 2013-12-31 00:15 43152 ----a-w- c:\windows\avastSS.scr
2014-02-15 23:43 . 2013-12-19 19:28 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2013-12-31 00:15 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-06 08:38 . 2013-12-21 22:38 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-06 03:28 . 2014-01-07 09:31 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-12-20 14:04 . 2013-12-20 14:04 3017128 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{5D292E0F-F1DB-4606-97A1-0B020621A139}\ScottradeELITELauncher.exe
2013-12-19 23:17 . 2013-12-19 23:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 23:17 . 2013-12-19 23:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-19 23:17 . 2013-12-19 23:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-19 23:17 . 2013-12-19 23:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-19 23:17 . 2013-12-19 23:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-19 23:17 . 2013-12-19 23:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-19 23:17 . 2013-12-19 23:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-19 23:17 . 2013-12-19 23:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-19 23:17 . 2013-12-19 23:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-19 23:17 . 2013-12-19 23:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-19 23:17 . 2013-12-19 23:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-19 23:17 . 2013-12-19 23:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-19 23:17 . 2013-12-19 23:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-19 23:17 . 2013-12-19 23:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-19 23:17 . 2013-12-19 23:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 23:16 . 2013-12-19 23:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 23:16 . 2013-12-19 23:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 23:16 . 2013-12-19 23:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 23:16 . 2013-12-19 23:16 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 23:16 . 2013-12-19 23:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-19 23:16 . 2013-12-19 23:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-19 23:16 . 2013-12-19 23:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-19 23:16 . 2013-12-19 23:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-19 23:16 . 2013-12-19 23:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-19 23:16 . 2013-12-19 23:16 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-19 23:16 . 2013-12-19 23:16 413696 ----a-w- c:\windows\system32\html.iec
2013-12-19 23:16 . 2013-12-19 23:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 23:16 . 2013-12-19 23:16 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-19 23:16 . 2013-12-19 23:16 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-19 23:16 . 2013-12-19 23:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-19 23:16 . 2013-12-19 23:16 235520 ----a-w- c:\windows\system32\url.dll
2013-12-19 23:16 . 2013-12-19 23:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 23:16 . 2013-12-19 23:16 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-19 23:16 . 2013-12-19 23:16 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 23:16 . 2013-12-19 23:16 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 23:16 . 2013-12-19 23:16 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-19 23:16 . 2013-12-19 23:16 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 23:16 . 2013-12-19 23:16 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-19 23:16 . 2013-12-19 23:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 23:16 . 2013-12-19 23:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 23:16 . 2013-12-19 23:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-19 23:15 . 2013-12-19 23:15 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 859648 ----a-w- c:\windows\system32\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-12-19 23:15 . 2013-12-19 23:15 243712 ----a-w- c:\windows\system32\wow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-12-19 23:15 . 2013-12-19 23:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-12-19 23:15 . 2013-12-19 23:15 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-12-19 23:15 . 2013-12-19 23:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-12-19 23:15 . 2013-12-19 23:15 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-12-19 23:15 . 2013-12-19 23:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-12-19 23:15 . 2013-12-19 23:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-19 22:38 . 2013-12-19 22:39 117544 ----a-w- c:\windows\SysWow64\atashost.exe
2013-12-19 22:38 . 2013-12-19 22:39 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-17 3767096]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\FINDFAST.EXE [1997-7-11 122880]
Microsoft Office.lnk - c:\program files (x86)\Office\Microsoft Office 2000\Office\OSA9.EXE -b -l [1999-2-17 65588]
Office Startup.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\OSA.EXE -b [1997-7-11 61440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/12/13 12:31;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ST7007;ST7007;c:\windows\system32\drivers\ST7007.sys;c:\windows\SYSNATIVE\drivers\ST7007.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-26 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06 08:37]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Monthly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Weekly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-17 14:20 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-26 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-14 1425408]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\Office\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-26  16:46:44
ComboFix-quarantined-files.txt  2014-02-26 22:46
ComboFix2.txt  2014-02-25 22:02
.
Pre-Run: 173,668,872,192 bytes free
Post-Run: 173,378,916,352 bytes free
.
- - End Of File - - 384A28F5F12F6E496B3C4EA33EB114A7
 



#18 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 26 February 2014 - 06:00 PM

Final fantasy has adware... but it isn't gone.  It's just quarantined for now.

 

If you want it restored... do the following,  If not - ignore:

 

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\users\Terry\Documents\SoftwareUpdates\Final_Fantasy_III_rom_for_snes_by_progameroms.rar.exe.vir
    
    
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 

Now... how do things seem to be running?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#19 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 26 February 2014 - 07:07 PM

The file final_fantasy_anthology_-_final_fantasy_vi_(v1.1).bin that was extracted from the executable, is intact and the scan didn't delete it.

 I'm not sure why, but when trying to open yahoo mail, all I get is a error page indicating that the Navigation Canceled.  Also my homepage msn.com will not open.  The IE works as I'm at your site with it.   Let me do some more tests:

Most of the rest of favorites seem to open except yahoo mail yahoo is ok, but I am unable to get to mail even from the main site and msn.com is nonresponsive

 

EDIT:  Now google is non responsive


Edited by terryfelter, 26 February 2014 - 08:11 PM.


#20 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 26 February 2014 - 08:12 PM

Off the top of my head I can't think of what would cause those anomalies.. but let me know how it goes.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#21 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 26 February 2014 - 08:50 PM

From a different machine, I'm re-running ComboFix again and will post the results in an edit to this post.

 

EDIT:  New combofix output:

 

ComboFix 14-02-24.02 - Terry 02/26/2014  20:46:03.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.6187 [GMT -6:00]
Running from: c:\users\Terry\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-27 to 2014-02-27  )))))))))))))))))))))))))))))))
.
.
2014-02-27 02:50 . 2014-02-27 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-26 03:35 . 2014-02-26 03:35 -------- d-----w- c:\program files (x86)\ESET
2014-02-25 14:14 . 2014-02-25 18:43 -------- d-----w- c:\programdata\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\users\Terry\AppData\Local\TechSmith
2014-02-25 14:13 . 2014-02-25 14:13 -------- d-----w- c:\program files (x86)\TechSmith
2014-02-25 13:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59658F00-46B7-4E18-AD16-5BB8FBAF36A9}\mpengine.dll
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Roaming\Malwarebytes
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 12:44 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-25 12:44 . 2014-02-25 12:44 -------- d-----w- c:\users\Terry\AppData\Local\Programs
2014-02-25 12:31 . 2014-02-25 12:32 -------- d-----w- C:\AdwCleaner
2014-02-25 12:23 . 2014-02-25 12:23 -------- d-----w- c:\windows\ERUNT
2014-02-17 14:27 . 2014-02-17 14:27 -------- d-----w- c:\users\Terry\AppData\Roaming\AVAST Software
2014-02-17 14:20 . 2014-02-17 14:20 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-17 13:16 . 2014-02-17 14:20 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-17 13:16 . 2014-02-17 14:20 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-17 13:16 . 2014-02-17 14:20 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-16 17:54 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-16 17:54 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-16 01:07 . 2014-02-16 01:07 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-02-15 23:10 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-15 22:44 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-15 22:44 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-13 15:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 02:29 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 02:29 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 02:29 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 02:29 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 00:13 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 00:13 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 00:13 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-04 03:44 . 2014-02-04 03:44 -------- d-----w- c:\program files (x86)\Yahoo!
2014-01-30 13:19 . 2014-01-30 13:19 -------- d-----w- c:\users\Terry\AppData\Roaming\Stormdance
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 11:45 . 2013-12-31 04:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 11:45 . 2013-12-31 04:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 14:20 . 2013-12-31 00:15 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-17 14:20 . 2013-12-31 00:15 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-17 14:20 . 2013-12-31 00:15 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-17 14:20 . 2013-12-31 00:15 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-17 14:20 . 2013-12-31 00:15 43152 ----a-w- c:\windows\avastSS.scr
2014-02-15 23:43 . 2013-12-19 19:28 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2013-12-31 00:15 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-06 08:38 . 2013-12-21 22:38 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-06 03:28 . 2014-01-07 09:31 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-12-20 14:04 . 2013-12-20 14:04 3017128 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{5D292E0F-F1DB-4606-97A1-0B020621A139}\ScottradeELITELauncher.exe
2013-12-19 23:17 . 2013-12-19 23:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-19 23:17 . 2013-12-19 23:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-19 23:17 . 2013-12-19 23:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-19 23:17 . 2013-12-19 23:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-19 23:17 . 2013-12-19 23:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-19 23:17 . 2013-12-19 23:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-19 23:17 . 2013-12-19 23:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-19 23:17 . 2013-12-19 23:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-19 23:17 . 2013-12-19 23:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-19 23:17 . 2013-12-19 23:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-19 23:17 . 2013-12-19 23:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-19 23:17 . 2013-12-19 23:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-19 23:17 . 2013-12-19 23:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-19 23:17 . 2013-12-19 23:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-19 23:17 . 2013-12-19 23:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-19 23:17 . 2013-12-19 23:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-19 23:16 . 2013-12-19 23:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-19 23:16 . 2013-12-19 23:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-19 23:16 . 2013-12-19 23:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-19 23:16 . 2013-12-19 23:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-19 23:16 . 2013-12-19 23:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-19 23:16 . 2013-12-19 23:16 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-19 23:16 . 2013-12-19 23:16 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-19 23:16 . 2013-12-19 23:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-19 23:16 . 2013-12-19 23:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-19 23:16 . 2013-12-19 23:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-19 23:16 . 2013-12-19 23:16 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-19 23:16 . 2013-12-19 23:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-19 23:16 . 2013-12-19 23:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-19 23:16 . 2013-12-19 23:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-19 23:16 . 2013-12-19 23:16 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-19 23:16 . 2013-12-19 23:16 413696 ----a-w- c:\windows\system32\html.iec
2013-12-19 23:16 . 2013-12-19 23:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-19 23:16 . 2013-12-19 23:16 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-19 23:16 . 2013-12-19 23:16 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-19 23:16 . 2013-12-19 23:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-19 23:16 . 2013-12-19 23:16 235520 ----a-w- c:\windows\system32\url.dll
2013-12-19 23:16 . 2013-12-19 23:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-19 23:16 . 2013-12-19 23:16 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-19 23:16 . 2013-12-19 23:16 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-19 23:16 . 2013-12-19 23:16 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-19 23:16 . 2013-12-19 23:16 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-19 23:16 . 2013-12-19 23:16 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-19 23:16 . 2013-12-19 23:16 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-19 23:16 . 2013-12-19 23:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-19 23:16 . 2013-12-19 23:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-19 23:16 . 2013-12-19 23:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-19 23:15 . 2013-12-19 23:15 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 859648 ----a-w- c:\windows\system32\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-12-19 23:15 . 2013-12-19 23:15 243712 ----a-w- c:\windows\system32\wow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-12-19 23:15 . 2013-12-19 23:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-12-19 23:15 . 2013-12-19 23:15 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-12-19 23:15 . 2013-12-19 23:15 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-12-19 23:15 . 2013-12-19 23:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-12-19 23:15 . 2013-12-19 23:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-19 23:15 . 2013-12-19 23:15 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-12-19 23:15 . 2013-12-19 23:15 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-12-19 23:15 . 2013-12-19 23:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-12-19 23:15 . 2013-12-19 23:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-12-19 23:15 . 2013-12-19 23:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-12-19 23:15 . 2013-12-19 23:15 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-12-19 23:15 . 2013-12-19 23:15 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-19 23:15 . 2013-12-19 23:15 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-19 22:38 . 2013-12-19 22:39 117544 ----a-w- c:\windows\SysWow64\atashost.exe
2013-12-19 22:38 . 2013-12-19 22:39 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 20:01 . 2013-12-19 20:01 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-17 3767096]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\FINDFAST.EXE [1997-7-11 122880]
Microsoft Office.lnk - c:\program files (x86)\Office\Microsoft Office 2000\Office\OSA9.EXE -b -l [1999-2-17 65588]
Office Startup.lnk - c:\program files (x86)\Office\Microsoft Office 97\Office\OSA.EXE -b [1997-7-11 61440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/12/13 12:31;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ST7007;ST7007;c:\windows\system32\drivers\ST7007.sys;c:\windows\SYSNATIVE\drivers\ST7007.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-27 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06 08:37]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Monthly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
2014-02-23 c:\windows\Tasks\TradeStation Backup - Weekly.job
- c:\program files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07 10:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-17 14:20 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-26 626552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-14 1425408]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\Office\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: scottrade.com\www
TCP: DhcpNameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-26  20:51:44
ComboFix-quarantined-files.txt  2014-02-27 02:51
ComboFix2.txt  2014-02-27 01:34
ComboFix3.txt  2014-02-25 22:02
.
Pre-Run: 173,528,268,800 bytes free
Post-Run: 173,463,707,648 bytes free
.
- - End Of File - - 38D69E3DA622A53FAC5B519F3BD5A6A5

 

Some of the web pages returned but not all.
 


Edited by terryfelter, 26 February 2014 - 09:27 PM.


#22 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 26 February 2014 - 10:10 PM

From a different machine, I'm re-running ComboFix again and will post the results in an edit to this post.

 

That appears to be the same machine.  Why did you re-run ComboFix?

 

If I understand correctly... you can't use google or go to MSN.com?

 

Your DSN is google so you are going through google to access any web page.  What part of Google is not working.

 

I see nothing in your logs that should "block" google or MSN.  Please verify my understanding is correct before we run a different scan.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#23 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 26 February 2014 - 10:36 PM

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

 

 

From a different machine, I'm re-running ComboFix again and will post the results in an edit to this post.

 

That appears to be the same machine.  Why did you re-run ComboFix?

 

If I understand correctly... you can't use google or go to MSN.com?

 

Your DSN is google so you are going through google to access any web page.  What part of Google is not working.

 

I see nothing in your logs that should "block" google or MSN.  Please verify my understanding is correct before we run a different scan.

 

 

1.  Yes the web pages listed could not be displayed.

2.  Yes the post was from a different machine while the scan was running, and yes the edit was from the "infected" machine.

3.  I don't understand "Your DSN is google", I don't have anything from google on any of my machines other than a general link to their site for search purposes.  I really try hard to not allow those add-ons from various software from installing baggage, especially Chrome and google toolbars.

4. I decide to run combofix again as everything seemed to work before it was run the first time.  Since you said you don't understand these anomalies, it was a gamble that anything that might be preventing certain web pages to not open might be "fixed".  Their is only a couple of web sites that I could not open after running it again.  Maybe bad logic.



#24 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 26 February 2014 - 11:30 PM

Your DNS server is set to 8.8.8.8 , that is the google DNS.  DNS is the "Dynamic Name Server".  You can think of it like a phone book.  If you wanted to call me... you would look up my name - TomK - in your phone book and it would give you my phone number that you can then enter in your phone to reach me. The internet actually finds web pages by their IP address.  When you ask your browser to go to MSN.com... your browser goes to your DNS and looks for MSN.com and finds that it's address is 65.55.206.228.  You can verify this by putting 65.55.206.228 in your address bar and msn.com should open.  It is much easier for users to remember the name of a website than it's IP address.  And even better, if the website is moved... once the address is registered, the DNS will find it.  You don't even need to know that it moved because the name remains the same.  8.8.8.8 is the address of the Google DNS.  It is the only address (besides your own) that your browser knows until it uses the server to "look up" the address that you want.  So when you enter a name, your browser doesn't know what to do so it looks for the "phone book" and your's has been told to go to 8.8.8.8 - the DNS maintained by Google - where it can look up the address of any other web page.  There is a multitude of DNS servers out there besides google. Many/most IP's maintain their own DNS plus there are many "universal" servers like google, yahoo, MSN (they have one per state), OpenDNS, Norton, Verizon... there are a bunch.  There is nothing wrong with using googles DNS.  It is the most used DNS in the world. 

 

All I was trying to say is that because you are able to reach web pages, you must be able to reach google to utilise the DNS.  But apparently something is keeping you from reaching their search engine.  You did have some potential hijackers on board.  A hijacker "reroutes" your search requests to their own DNS or search engine and you typically notice that the page you get isn't the one you asked for or sometimes you get an "intermediate" page (usually full of adverts) before your page opens.  However, you haven't been experiencing that nor am I seeing a hijacker active in your logs.

 

Let's get a different scan that will give us a different look at some of those settings:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#25 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 27 February 2014 - 06:03 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by Terry (administrator) on MININT-P570M4T on 27-02-2014 05:44:22
Running from C:\Users\Terry\Documents\SoftwareUpdates
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Office\Microsoft Office 97\Office\OSA.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-17] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tradestation...rt/ieatgpc1.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-17] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2014-01-05] (Glarysoft Ltd)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2012-01-25] (Dell Inc.)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-27 05:41 - 2014-02-27 05:44 - 00000000 ____D () C:\FRST
2014-02-26 20:51 - 2014-02-26 20:51 - 00030022 _____ () C:\ComboFix.txt
2014-02-26 16:46 - 2014-02-26 16:46 - 00032510 _____ () C:\Users\Terry\Desktop\ComboFix.bac
2014-02-25 23:29 - 2014-02-25 23:29 - 00004379 _____ () C:\Users\Terry\Desktop\eset.txt
2014-02-25 21:35 - 2014-02-25 21:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-25 15:26 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-25 15:26 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-25 15:26 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-25 15:26 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-25 15:26 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-25 15:26 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-25 15:26 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-25 15:26 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-25 15:25 - 2014-02-26 20:51 - 00000000 ____D () C:\Qoobox
2014-02-25 15:25 - 2014-02-25 16:01 - 00000000 ____D () C:\Windows\erdnt
2014-02-25 14:19 - 2014-02-25 15:24 - 05185084 ____R (Swearware) C:\Users\Terry\Desktop\ComboFix.exe
2014-02-25 08:14 - 2014-02-25 12:43 - 00000000 ____D () C:\ProgramData\TechSmith
2014-02-25 08:13 - 2014-02-25 08:13 - 00000000 ____D () C:\Users\Terry\AppData\Local\TechSmith
2014-02-25 08:13 - 2014-02-25 08:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-25 06:44 - 2014-02-25 06:44 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Malwarebytes
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 06:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-25 06:43 - 2014-02-25 06:43 - 00002229 _____ () C:\Users\Terry\Desktop\AdwCleaner[S0].txt
2014-02-25 06:31 - 2014-02-25 06:32 - 00000000 ____D () C:\AdwCleaner
2014-02-25 06:29 - 2014-02-25 06:29 - 00001784 _____ () C:\Users\Terry\Desktop\JRT.txt
2014-02-25 06:23 - 2014-02-25 06:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-25 06:13 - 2014-02-25 06:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Terry\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-25 06:08 - 2014-02-25 06:09 - 01241834 _____ () C:\Users\Terry\Desktop\AdwCleaner.exe
2014-02-25 06:05 - 2014-02-25 06:06 - 01037734 _____ (Thisisu) C:\Users\Terry\Desktop\JRT.exe
2014-02-21 09:47 - 2014-02-21 09:47 - 00399504 _____ () C:\Users\Terry\Downloads\trainerwithsocketexample.zip
2014-02-18 21:24 - 2014-02-18 21:25 - 02471706 _____ () C:\Users\Terry\Downloads\tactics_ogre_-_let_us_cling_together.7z
2014-02-18 19:16 - 2014-02-18 19:20 - 02379996 _____ () C:\Users\Terry\Downloads\legend_of_zelda,_the_-_a_link_to_the_past.7z
2014-02-17 08:27 - 2014-02-17 08:27 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\AVAST Software
2014-02-17 08:20 - 2014-02-17 08:20 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 07:16 - 2014-02-27 05:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-17 07:16 - 2014-02-17 08:20 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 07:16 - 2014-02-17 08:20 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 07:16 - 2014-02-17 08:20 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-16 11:54 - 2013-11-26 17:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-16 11:54 - 2013-11-26 16:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-15 19:07 - 2014-02-15 19:07 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-02-15 19:07 - 2014-02-15 19:07 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-02-15 17:43 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-15 17:43 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 17:43 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 17:43 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 17:43 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-15 17:43 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-15 17:43 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 17:43 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-15 17:43 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-15 17:43 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-15 17:43 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-15 17:43 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-15 17:43 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-15 17:43 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-15 17:43 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-15 17:43 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-15 17:10 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 17:10 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 17:10 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 17:10 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 17:10 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 17:10 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 17:10 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 17:10 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 17:10 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 17:10 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 17:10 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 17:10 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 17:10 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 17:10 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 17:10 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 17:10 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 17:10 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 17:10 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 16:44 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-15 16:44 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-15 16:35 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 16:35 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 09:47 - 2014-02-15 09:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-15 00:05 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 00:05 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 00:05 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-15 00:05 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 00:05 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-15 00:05 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-15 00:05 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 00:05 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-15 00:05 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 00:05 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 00:05 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-15 00:05 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-15 00:05 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-15 00:05 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-15 00:05 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-15 00:05 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-15 00:05 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 00:05 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-15 00:05 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-15 00:05 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-15 00:05 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 00:05 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-15 00:05 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-15 00:05 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 00:05 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-15 00:05 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-15 00:05 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-15 00:05 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-15 00:05 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-15 00:05 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 00:05 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 00:05 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-15 00:05 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-15 00:05 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-15 00:05 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 00:05 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-15 00:05 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-15 00:05 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-15 00:05 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 09:00 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:00 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 20:29 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:29 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:29 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:29 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 18:13 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 18:13 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 18:13 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 18:13 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-03 21:44 - 2014-02-03 21:44 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-03 21:43 - 2014-02-03 21:44 - 00692048 _____ (Yahoo! Inc.) C:\Users\Terry\Downloads\msgr11us.exe
2014-01-30 20:14 - 2014-02-21 17:41 - 00001513 _____ () C:\Windows\SysWOW64\error.log
2014-01-30 07:19 - 2014-01-30 07:19 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Stormdance

==================== One Month Modified Files and Folders =======

2014-02-27 05:44 - 2014-02-27 05:41 - 00000000 ____D () C:\FRST
2014-02-27 05:44 - 2013-12-20 07:30 - 00000000 ____D () C:\Users\Terry\Documents\SoftwareUpdates
2014-02-27 05:42 - 2013-12-13 12:19 - 01936038 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 05:42 - 2009-07-13 23:13 - 00797150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-27 05:38 - 2014-02-17 07:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-27 05:38 - 2013-12-21 16:38 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-02-27 05:37 - 2013-12-30 23:44 - 00163604 _____ () C:\Windows\PFRO.log
2014-02-27 05:37 - 2013-12-30 13:25 - 00005599 _____ () C:\Windows\setupact.log
2014-02-27 05:37 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 20:51 - 2014-02-26 20:51 - 00030022 _____ () C:\ComboFix.txt
2014-02-26 20:51 - 2014-02-25 15:25 - 00000000 ____D () C:\Qoobox
2014-02-26 20:50 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-26 20:11 - 2009-07-13 22:45 - 00020896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:11 - 2009-07-13 22:45 - 00020896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 16:49 - 2013-12-19 23:02 - 00000000 ____D () C:\Program Files (x86)\pSX113
2014-02-26 16:46 - 2014-02-26 16:46 - 00032510 _____ () C:\Users\Terry\Desktop\ComboFix.bac
2014-02-26 16:45 - 2013-12-19 12:54 - 00000000 ____D () C:\Users\Terry\Documents\InvestorsBusinessDaily
2014-02-26 16:37 - 2013-12-20 06:34 - 00000000 ____D () C:\Program Files (x86)\QuoteTracker
2014-02-25 23:29 - 2014-02-25 23:29 - 00004379 _____ () C:\Users\Terry\Desktop\eset.txt
2014-02-25 21:35 - 2014-02-25 21:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-25 21:34 - 2013-12-31 23:35 - 00000000 ____D () C:\Users\Terry\AppData\Local\CrashDumps
2014-02-25 16:02 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-02-25 16:01 - 2014-02-25 15:25 - 00000000 ____D () C:\Windows\erdnt
2014-02-25 15:57 - 2013-12-13 12:49 - 00000031 _____ () C:\tmuninst.ini
2014-02-25 15:35 - 2009-07-13 20:34 - 77332480 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-25 15:35 - 2009-07-13 20:34 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-25 15:35 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-25 15:35 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-25 15:35 - 2009-07-13 20:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-25 15:24 - 2014-02-25 14:19 - 05185084 ____R (Swearware) C:\Users\Terry\Desktop\ComboFix.exe
2014-02-25 12:43 - 2014-02-25 08:14 - 00000000 ____D () C:\ProgramData\TechSmith
2014-02-25 08:14 - 2013-12-19 12:35 - 00000000 ____D () C:\Users\Terry
2014-02-25 08:13 - 2014-02-25 08:13 - 00000000 ____D () C:\Users\Terry\AppData\Local\TechSmith
2014-02-25 08:13 - 2014-02-25 08:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-25 08:13 - 2013-12-19 13:21 - 00005341 _____ () C:\Users\Terry\Documents\Finder.txt
2014-02-25 06:44 - 2014-02-25 06:44 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Malwarebytes
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-25 06:44 - 2014-02-25 06:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-25 06:43 - 2014-02-25 06:43 - 00002229 _____ () C:\Users\Terry\Desktop\AdwCleaner[S0].txt
2014-02-25 06:32 - 2014-02-25 06:31 - 00000000 ____D () C:\AdwCleaner
2014-02-25 06:29 - 2014-02-25 06:29 - 00001784 _____ () C:\Users\Terry\Desktop\JRT.txt
2014-02-25 06:23 - 2014-02-25 06:23 - 00000000 ____D () C:\Windows\ERUNT
2014-02-25 06:20 - 2014-02-25 06:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Terry\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-25 06:09 - 2014-02-25 06:08 - 01241834 _____ () C:\Users\Terry\Desktop\AdwCleaner.exe
2014-02-25 06:06 - 2014-02-25 06:05 - 01037734 _____ (Thisisu) C:\Users\Terry\Desktop\JRT.exe
2014-02-23 05:45 - 2013-12-30 22:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 05:45 - 2013-12-30 22:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-23 05:45 - 2013-12-21 16:38 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-02-22 22:01 - 2013-12-19 17:37 - 00000600 _____ () C:\Windows\Tasks\TradeStation Backup - Monthly.job
2014-02-22 21:09 - 2013-12-21 19:05 - 00000000 ____D () C:\Program Files (x86)\TradeStation Archives
2014-02-22 21:08 - 2014-01-04 19:05 - 36213921 _____ () C:\Windows\DYNAZIP.LOG
2014-02-22 19:20 - 2013-12-21 14:12 - 00000596 _____ () C:\Windows\Tasks\TradeStation Backup - Weekly.job
2014-02-21 17:41 - 2014-01-30 20:14 - 00001513 _____ () C:\Windows\SysWOW64\error.log
2014-02-21 14:55 - 2013-12-19 15:19 - 00000000 ____D () C:\ProgramData\performance
2014-02-21 14:37 - 2013-12-19 15:16 - 00000000 ____D () C:\Program Files (x86)\eSignal
2014-02-21 14:37 - 2013-12-19 12:35 - 00000000 ____D () C:\Users\Terry\AppData\Local\VirtualStore
2014-02-21 09:47 - 2014-02-21 09:47 - 00399504 _____ () C:\Users\Terry\Downloads\trainerwithsocketexample.zip
2014-02-18 22:52 - 2013-12-19 13:20 - 00000000 ____D () C:\Users\Terry\Documents\Stock Info
2014-02-18 22:13 - 2013-12-19 13:10 - 00000000 ____D () C:\Users\Terry\Documents\My Cheat Tables
2014-02-18 21:56 - 2013-12-20 10:05 - 00000000 ____D () C:\Program Files (x86)\Zsnesx151
2014-02-18 21:25 - 2014-02-18 21:24 - 02471706 _____ () C:\Users\Terry\Downloads\tactics_ogre_-_let_us_cling_together.7z
2014-02-18 19:20 - 2014-02-18 19:16 - 02379996 _____ () C:\Users\Terry\Downloads\legend_of_zelda,_the_-_a_link_to_the_past.7z
2014-02-17 08:27 - 2014-02-17 08:27 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\AVAST Software
2014-02-17 08:20 - 2014-02-17 08:20 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 08:20 - 2014-02-17 07:16 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 08:20 - 2014-02-17 07:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 08:20 - 2014-02-17 07:16 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-17 08:20 - 2013-12-30 18:15 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 08:20 - 2013-12-30 18:15 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-17 08:20 - 2013-12-30 18:15 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 08:20 - 2013-12-30 18:15 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 08:20 - 2013-12-30 18:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 08:20 - 2013-12-30 18:15 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-17 07:20 - 2013-12-30 18:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-17 07:16 - 2013-12-30 18:15 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-17 07:06 - 2013-12-19 12:36 - 00129520 _____ () C:\Users\Terry\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-17 07:03 - 2009-07-13 22:45 - 00481032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-15 21:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 20:33 - 2013-12-19 20:55 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Simple Sudoku
2014-02-15 19:07 - 2014-02-15 19:07 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-02-15 19:07 - 2014-02-15 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-02-15 19:07 - 2014-02-15 19:07 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-02-15 17:44 - 2013-12-19 13:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 17:43 - 2013-12-19 13:28 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 09:47 - 2014-02-15 09:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-15 00:06 - 2013-12-13 12:56 - 00789968 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 13:24 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-06 06:16 - 2014-02-15 00:05 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-15 00:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-15 00:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-15 00:05 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-15 00:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-15 00:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-15 00:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-15 00:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-15 00:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-15 00:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-15 00:05 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-15 00:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-15 00:05 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-15 00:05 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-15 00:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-15 00:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-15 00:05 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-15 00:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-15 00:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-15 00:05 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-15 00:05 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-15 00:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-15 00:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-15 00:05 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-15 00:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-15 00:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-15 00:05 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-15 00:05 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-15 00:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-15 00:05 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-15 00:05 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-15 00:05 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-15 00:05 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-15 00:05 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-15 00:05 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-15 00:05 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-15 00:05 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-15 00:05 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-15 00:05 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 21:44 - 2014-02-03 21:44 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-02-03 21:44 - 2014-02-03 21:43 - 00692048 _____ (Yahoo! Inc.) C:\Users\Terry\Downloads\msgr11us.exe
2014-02-03 17:20 - 2013-12-13 12:34 - 00000000 ____D () C:\ProgramData\Sonic
2014-01-30 07:19 - 2014-01-30 07:19 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Stormdance

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 08:34

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2014 01
Ran by Terry at 2014-02-27 05:44:41
Running from C:\Users\Terry\Documents\SoftwareUpdates
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AuthenTec Fingerprint Software (Version: 8.4.4.39 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00001.001 - Dell Inc.)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSignal (x32 Version: 10.6.2425.1208 - eSignal) Hidden
eSignal 10.6 (HKLM-x32\...\eSignal) (Version: 10.6.2425.1208 - eSignal)
FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION
Frhed 1.7.1 (HKLM-x32\...\Frhed) (Version: 1.7.1 - Raihan Kibria)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Glary Utilities 4.4 (HKLM-x32\...\Glary Utilities 4) (Version: 4.4.0.86 - Glarysoft Ltd)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6388.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{5F962F59-DCCB-440B-A8E5-3BA4F7F09594}) (Version: 2.1.4.213 - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.213 - O2Micro) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoRazor (HKLM-x32\...\PhotoRazor) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
QuoteTracker (HKLM-x32\...\QuoteTracker_is1) (Version:  - T2 API Technologies, LLC)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScottradeELITE 2013 (HKLM-x32\...\{5D292E0F-F1DB-4606-97A1-0B020621A139}) (Version: 5.2.3.0 - Scottrader)
Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version:  - )
Snagit 11 (HKLM-x32\...\{5EAF9FAA-C4B6-4741-81B4-74CD81759EAA}) (Version: 11.4.0 - TechSmith Corporation)
Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0016 - ST Microelectronics)
SuDoKu-Cracker (HKCU\...\SuDoKu-Cracker) (Version:  - )
TeleChart 2007 (HKLM-x32\...\{8F899627-1EA1-484D-91EA-7B22C05358DB}) (Version: 6.00.0000 - Worden Brothers Inc)
TextPad 4 (HKLM-x32\...\TextPad 4) (Version:  - )
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
TradeStation 9.1 (HKLM-x32\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12681 - TradeStation Technologies)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinHex (HKLM-x32\...\WinHex) (Version:  - )

==================== Restore Points  =========================

17-02-2014 13:20:59 avast! antivirus system restore point
21-02-2014 12:36:36 Windows Update
25-02-2014 13:26:32 Windows Update
25-02-2014 14:13:15 Installed Snagit 11

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-02-26 16:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E75C1A9-EA32-4CA0-93A6-AB8CFBF90553} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {0FD5EAE5-0BDB-4DC2-8018-8A5824A252F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {127DDF58-35AF-4D00-97F2-DAD7FBEFB68A} - System32\Tasks\TradeStation Backup - Weekly => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07] (TradeStation Technologies, Inc.)
Task: {1F69D280-DCC3-45DF-B323-287CB843F8C4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {347F0CD6-DBBB-4D8A-B0D3-6049A7119E9D} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-01-06] (Glarysoft Ltd)
Task: {50AFF016-7625-4A1C-8F8D-34F24524B982} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5E2E7740-E4BF-40A0-AE3B-656A22BA5843} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {69FAE356-EE72-4CD1-83C0-6A5BF9AEAF45} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A41710BC-3F2F-4DB1-BB22-6702E1EC6C22} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-11-07] (TradeStation Technologies, Inc.)
Task: {AF92837D-FFF1-4551-8A36-263A4D3E1EF4} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-01-06] (Glarysoft Ltd)
Task: {AFD9110C-2456-41BF-8E78-98AD86D3A1BB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CAE7A69C-1B52-42FC-AEC4-50622BAF46FD} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe
Task: C:\Windows\Tasks\TradeStation Backup - Weekly.job => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 07:45 - 2012-01-17 07:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 07:45 - 2012-01-17 07:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 07:55 - 2011-11-07 07:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 15:42 - 2013-12-13 13:00 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 15:41 - 2013-12-13 13:00 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2013-12-13 12:05 - 2012-03-26 16:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 00061440 _____ () C:\Program Files (x86)\Office\Microsoft Office 97\Office\OSA.EXE
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-26 05:46 - 2014-02-26 04:39 - 02185216 _____ () C:\Program Files\AVAST Software\Avast\defs\14022600\algo.dll
2014-02-27 05:38 - 2014-02-27 01:12 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14022700\algo.dll
1998-06-01 00:00 - 1998-06-01 00:00 - 03792896 _____ () C:\Program Files (x86)\Office\Microsoft Office 97\Office\MSO97.DLL
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-02-17 08:20 - 2014-02-17 08:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-13 14:02 - 2014-02-13 14:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-12-13 12:57 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-13 13:15 - 2012-02-21 13:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 00036864 _____ () C:\Windows\SysWow64\docobj.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2014 05:38:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 08:05:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:42:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:37:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 06:30:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/26/2014 05:46:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 09:34:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: fceu.exe, version: 0.0.0.0, time stamp: 0x413049a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc5c
Faulting application start time: 0xfceu.exe0
Faulting application path: fceu.exe1
Faulting module path: fceu.exe2
Report Id: fceu.exe3

Error: (02/25/2014 07:15:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 03:43:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 03:37:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/27/2014 05:43:08 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6D293042-6C96-41D4-8C77-6E93D9A652DF}.
The backup browser is stopping.

Error: (02/27/2014 05:37:47 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/26/2014 10:39:07 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6D293042-6C96-41D4-8C77-6E93D9A652DF}.
The backup browser is stopping.

Error: (02/26/2014 08:50:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/26/2014 08:48:56 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/26/2014 08:42:48 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/26/2014 08:42:47 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/26/2014 08:42:47 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/26/2014 08:42:46 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/26/2014 08:09:39 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6D293042-6C96-41D4-8C77-6E93D9A652DF}.
The backup browser is stopping.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-26 16:45:20.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-26 16:45:20.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-26 16:45:20.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-26 16:45:20.434
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-25 15:32:15.027
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-25 15:32:14.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8065.2 MB
Available physical RAM: 5699.42 MB
Total Pagefile: 16128.58 MB
Available Pagefile: 13633.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:284.42 GB) (Free:161.4 GB) NTFS
Drive d: (Heroes3) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6A243D62)
Partition 1: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by terryfelter, 27 February 2014 - 06:05 AM.

    Advertisements

Register to Remove


#26 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 27 February 2014 - 12:12 PM

You're throwing an error in your browser:

Error: (02/27/2014 05:43:08 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6D293042-6C96-41D4-8C77-6E93D9A652DF}.
The backup browser is stopping.

This is not something I've seen before but could be why those pages are not loading for you.  Trend Micro has apparently caused those errors in the past... so let's remove the remnants on your system and see if it helps.
 
Also, you have FileParade Bundle installed.  It has been reported as hijacking Google calls to Bing.  Let's remove it also.
 
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 

FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know if symptoms improve.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#27 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 27 February 2014 - 03:37 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by Terry at 2014-02-27 15:34:35 Run:1
Running from C:\Users\Terry\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\tmpx => Key deleted successfully.
HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.
HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key deleted successfully.

==== End of Fixlog ====

 

I noticed a lot of errors with combofix\catchme.sys

 

I did uninstalled trendmicro


Edited by terryfelter, 27 February 2014 - 03:38 PM.


#28 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 27 February 2014 - 03:45 PM

I saw that you deleted it... but it had left a bunch of orphans in the registry -  which are now gone.  Catchme.sys often throws errors.  It is a rootkit scanner so it is looking "in front" of the operating system.

 

Did the little adjustments we just made with FRST make any difference in accessing your websites?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#29 terryfelter

terryfelter

    Authentic Member

  • Authentic Member
  • PipPip
  • 175 posts

Posted 27 February 2014 - 06:49 PM

I can't find a web site that can't be loaded


Edited by terryfelter, 27 February 2014 - 06:49 PM.


#30 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 27 February 2014 - 07:04 PM

That sounds great.

 

Do you want to play with it a bit or are you ready to clean up so you can return to your regularly scheduled life?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users