Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014 Ran by Owner (administrator) on OWNER-PC on 05-10-2014 12:54:27 Running from C:\Users\Owner\Downloads Loaded Profile: Owner (Available profiles: Owner & Darryl) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (ArcSoft, Inc.) C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1320937888\ee\aolsoftware.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe () C:\Program Files (x86)\Windows Manager\winmgr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Autodesk Inc.) C:\Users\Owner\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1320937888\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [296520 2014-04-25] (RealNetworks, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-20] (Autodesk Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ISLAlwaysOn: C:\Program Files (x86)\ISL Online\ISL AlwaysOn\aon_notify64.dll () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-09-12] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.) HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [26303488 2014-04-22] () HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\Policies\Explorer: [] HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: D - D:\autorun.exe HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {252808db-d992-11e3-8f76-00038a000015} - F:\Setup.exe HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {b0240b3e-00da-11e1-881b-806e6f6e6963} - D:\setup.exe HKU\S-1-5-21-2281097704-164782711-356799163-1000\...\MountPoints2: {d2917123-0bd5-11e1-bdb2-00038a000015} - E:\HPLauncher.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe () ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DC01587C40BCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM-x32 - DefaultScope {2AFDC4CD-0115-4FA1-9672-6D359ECC9896} URL = SearchScopes: HKCU - 9FC3F499D0BE429BB089348458577255 URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315827&CUI=UN10031926243087029&UM=2 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=B99CD49001CD111914EFF1EA&install_time=2012-04-02T21:44:10Z&src_id=30663&camp_id=4053&tb_version=1.1.3001.0(B) SearchScopes: HKCU - {F83BCEDF-A200-4372-A91A-1CAF5B23CDAC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://energy.webex.com/client/WBXclient-T28L10NSP12-16655/webex/ieatgpc1.cab Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - No File Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - No File Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation) Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Extension: Address Bar Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ozpw4nhr.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-25] FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-25] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-20] (Autodesk Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 BackupService; C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [248664 2013-09-12] (Garmin Ltd or its subsidiaries) R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) S3 isl_always_on; C:\Program Files (x86)\ISL Online\ISL AlwaysOn\ISLAlwaysOnService.exe [67512 2010-03-23] (XLAB d.o.o.) R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp) R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-25] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] () [File not signed] S2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S1 MpKsl1e0172ff; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{223F1FA8-1AC3-4535-8DBA-4873366C20EE}\MpKsl1e0172ff.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S1 tmkfmklt; \??\C:\Windows\system32\drivers\tmkfmklt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 12:53 - 2014-10-05 12:53 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion 2014-10-04 13:31 - 2014-10-04 13:32 - 00000179 _____ () C:\ProgramData\LockFilePath.ini 2014-09-30 16:48 - 2014-09-30 16:50 - 00000000 ____D () C:\Users\Owner\Downloads\Logs From Scan 2014-09-26 07:29 - 2014-10-03 07:29 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 2014-09-25 21:25 - 2014-09-25 23:48 - 00005575 _____ () C:\Users\Owner\Documents\aswMBR.txt 2014-09-25 21:25 - 2014-09-25 23:48 - 00000512 _____ () C:\Users\Owner\Documents\MBR.dat 2014-09-25 16:07 - 2014-09-25 16:07 - 05185536 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe 2014-09-25 16:02 - 2014-09-25 16:02 - 05579290 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe 2014-09-25 15:58 - 2014-09-25 15:58 - 05579290 _____ () C:\Users\Owner\Downloads\ComboFix.exe 2014-09-25 15:57 - 2014-09-25 15:57 - 05580995 _____ () C:\Users\Owner\Downloads\ComboFix.exe.part 2014-09-25 15:34 - 2014-09-25 15:34 - 00112072 _____ () C:\Users\Owner\Downloads\Shortcut.txt 2014-09-25 15:31 - 2014-09-25 15:34 - 00042844 _____ () C:\Users\Owner\Downloads\Addition.txt 2014-09-25 15:30 - 2014-10-05 12:54 - 00025373 _____ () C:\Users\Owner\Downloads\FRST.txt 2014-09-25 15:30 - 2014-10-05 12:54 - 00000000 ____D () C:\FRST 2014-09-25 15:25 - 2014-10-05 12:53 - 02109440 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe 2014-09-25 15:17 - 2014-10-03 07:29 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 2014-09-25 03:06 - 2014-09-25 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 18:25 - 2014-09-24 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-09-24 18:25 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5412.dll 2014-09-24 18:02 - 2014-09-24 18:02 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Darryl\Downloads\tdsskiller.exe 2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Macromedia 2014-09-24 17:58 - 2014-09-24 17:58 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Macromedia 2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Mozilla 2014-09-24 17:55 - 2014-09-24 17:55 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Mozilla 2014-09-24 17:52 - 2014-09-24 17:52 - 00000000 ____D () C:\Users\Darryl\Documents\Autodesk Application Manager 2014-09-24 17:51 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Adobe 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Real 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Logitech 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Autodesk 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Apple Computer 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Autodesk 2014-09-24 17:51 - 2014-09-24 17:51 - 00000000 ____D () C:\Users\Darryl\AppData\Local\AOL 2014-09-24 17:50 - 2014-09-24 18:01 - 00000000 ____D () C:\Users\Darryl\AppData\Roaming\Adobe 2014-09-24 17:50 - 2014-09-24 17:50 - 00001413 _____ () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-24 17:48 - 2014-09-24 17:50 - 00000000 ____D () C:\Users\Darryl 2014-09-24 17:48 - 2014-09-24 17:48 - 00000020 ___SH () C:\Users\Darryl\ntuser.ini 2014-09-24 17:48 - 2011-11-11 04:02 - 00000000 ____D () C:\Users\Darryl\AppData\Local\Microsoft Help 2014-09-24 17:48 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-24 17:48 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Darryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-24 10:46 - 2014-09-24 10:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-23 09:41 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-23 09:38 - 2014-09-23 09:40 - 158875752 _____ () C:\Users\Owner\Downloads\setup_11.0.3.7.x01_2014_09_23_18_27.exe 2014-09-22 19:51 - 2014-09-22 19:51 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\Hewlett-Packard 2014-09-22 19:48 - 2014-09-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-09-22 19:32 - 2014-09-22 19:32 - 00002212 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk 2014-09-22 19:32 - 2014-09-22 19:32 - 00001888 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk 2014-09-22 19:32 - 2014-09-22 19:32 - 00001217 _____ () C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk 2014-09-22 19:32 - 2014-09-22 19:32 - 00001180 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk 2014-09-22 19:29 - 2014-09-22 19:29 - 00000000 ____D () C:\Program Files\HP 2014-09-22 17:28 - 2014-09-22 17:29 - 00000000 ____D () C:\Users\Owner\Documents\Seminary Application Information 2014-09-13 13:15 - 2014-10-05 03:25 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Owner 2014-09-13 13:15 - 2014-10-05 03:25 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job 2014-09-13 13:15 - 2014-10-04 13:35 - 00002960 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Owner 2014-09-13 13:15 - 2014-10-04 13:35 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job 2014-09-13 13:15 - 2014-09-26 07:28 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job 2014-09-13 13:15 - 2014-09-13 13:15 - 00003612 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Owner 2014-09-13 13:15 - 2014-09-13 13:15 - 00002668 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Owner 2014-09-11 00:59 - 2014-09-20 15:37 - 00000000 ____D () C:\Users\Owner\Documents\Logos Log Files 2014-09-11 00:05 - 2014-09-11 00:05 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software 5.lnk 2014-09-11 00:05 - 2014-09-11 00:05 - 00002269 _____ () C:\Users\Owner\Desktop\Logos Bible Software 5.lnk 2014-09-11 00:02 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Logos5 2014-09-10 00:28 - 2014-09-10 00:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-10 00:28 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-10 00:27 - 2014-09-10 00:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iTunes 2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files\iPod 2014-09-10 00:27 - 2014-09-10 00:27 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-07 20:12 - 2014-09-28 20:12 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2281097704-164782711-356799163-1000 2014-09-07 20:12 - 2014-09-28 20:12 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2281097704-164782711-356799163-1000 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-05 12:52 - 2011-10-27 15:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-10-05 12:51 - 2012-04-11 08:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-05 12:50 - 2014-09-01 12:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe 2014-10-05 12:50 - 2014-05-11 22:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-10-05 12:13 - 2011-11-14 16:55 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-05 10:36 - 2011-10-27 13:34 - 01614162 _____ () C:\Windows\WindowsUpdate.log 2014-10-04 23:13 - 2011-11-14 16:55 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-01 07:10 - 2014-08-01 13:50 - 00000000 ____D () C:\Users\Owner\Desktop\Tremco Price List 2014-10-01 07:10 - 2011-11-10 18:11 - 00000000 ____D () C:\Users\Owner\Documents\Tremco Files 2014-10-01 06:54 - 2014-04-20 00:48 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files 2014-10-01 06:54 - 2013-10-05 07:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\575FBD5E-1C20-4307-967F-91631EBA51A1.aplzod 2014-09-30 14:25 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 22:32 - 2009-07-13 21:51 - 00003925 _____ () C:\Windows\setupact.log 2014-09-26 07:30 - 2011-11-19 01:43 - 00000000 ___RD () C:\Users\Owner\Dropbox 2014-09-26 07:30 - 2011-11-19 01:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox 2014-09-26 03:06 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-26 03:06 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-25 23:58 - 2013-03-22 09:07 - 00039860 _____ () C:\SUService.log 2014-09-25 23:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-25 15:54 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-09-25 13:28 - 2013-03-04 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 18:28 - 2013-02-17 20:07 - 00489472 ___SH () C:\Users\Owner\Documents\Thumbs.db 2014-09-24 18:25 - 2011-11-09 16:40 - 00000000 ____D () C:\Program Files (x86)\HP 2014-09-24 17:51 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-09-24 12:52 - 2012-04-11 08:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 12:51 - 2012-04-11 08:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 12:51 - 2011-10-27 14:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 09:10 - 2014-09-01 19:15 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager 2014-09-23 02:12 - 2014-06-05 03:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-09-22 21:36 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-09-22 21:21 - 2012-05-18 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-22 21:20 - 2012-05-18 22:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-22 20:39 - 2009-07-13 21:45 - 00622776 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-22 20:25 - 2011-11-25 20:34 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-09-22 19:48 - 2011-10-28 14:59 - 00189632 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 19:26 - 2011-11-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-22 19:26 - 2011-10-27 15:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google 2014-09-22 18:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-22 17:42 - 2011-11-19 01:43 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk 2014-09-22 17:42 - 2011-11-19 01:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-22 14:56 - 2011-11-14 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer 2014-09-22 12:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-18 13:31 - 2013-03-22 09:33 - 00000529 _____ () C:\Users\Owner\Desktop\CRM - logon.website 2014-09-15 22:22 - 2010-11-20 20:47 - 00298088 _____ () C:\Windows\PFRO.log 2014-09-15 15:04 - 2011-11-10 14:18 - 00000000 ____D () C:\Tremspec ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2281097704-164782711-356799163-1000\$e67713bd0b769398522382128486d6c3 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$e67713bd0b769398522382128486d6c3 Some content of TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmputuah3.dll C:\Users\Owner\AppData\Local\Temp\GoogleEarthPRO7.1.exe C:\Users\Owner\AppData\Local\Temp\ose00000.exe C:\Users\Owner\AppData\Local\Temp\_is8AB2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client LastRegBack: 2014-09-26 00:43 ==================== End Of Log ============================