Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake Microsoft Support call - my mother fell for it, please help!

Started by madgeuk , Apr 06 2014 11:59 AM

  • This topic is locked This topic is locked

#1
madgeuk
Posted 06 April 2014 - 11:59 AM

madgeuk

    Member

  • Member
  • PipPip
  • 16 posts

My elderly mother has sadly been taken in by a fake scam where somebody called her pretending to be from Microsoft.  It was an Indian call centre and she followed all their instructions which included allowing them to take control of the laptop and goodness knows what else.  I've tried to get as much information from her but I don't have much to go on.  It was an Indian call centre and I think they installed Team Viewer 8 to gain access to the machine.  My mother remembers lots of windows flashing on and off and the whole thing took several hours.  They asked her if she has a second machine and she said yes and they proceeded to do a similar thing on the second machine.  She has one machine for herself and a second laptop for a youth club where she helps out.  So I think both laptops could be compromised and infected. The only good news is that she didn't give out any bank details, but as a precaution she has informed her bank and changed her current account card.  So I am worried that the 2 laptops are infected but also what else might have been compromised.  I am going to work with her to change all her online passwords like Amazon, Paypal, Ebay etc etc.  I'm not noticing any symptoms such as popups or slowness to be honest.

 

I am unsure if I can get help with 2 machine in this single thread, so I will firstly post the OTL log from laptop number 1.  If I can get help with laptop 2 here as well just let me know and I will post the laptop 2 OTL log.  If a separate thread is best just let me know.

 

OTL log from laptop 1 posted below :

 

OTL logfile created on: 4/6/2014 6:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pat Folland\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 40.98% Memory free
5.74 Gb Paging File | 3.45 Gb Available in Paging File | 60.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.67 Gb Total Space | 220.33 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
 
Computer Name: PATFOLLAND-VAIO | User Name: Pat Folland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/06 18:01:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat Folland\Downloads\OTL.exe
PRC - [2014/03/03 10:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 10:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/02/03 13:03:18 | 000,805,280 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/01/24 17:26:54 | 000,404,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/01/03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/01 19:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/01 19:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 17:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:35 | 000,716,616 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 01:50:34 | 000,100,168 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/01/03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/28 02:14:46 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/01/27 09:37:08 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/01/27 09:31:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/01/21 05:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/08/13 07:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009/07/24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/16 17:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 22:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 22:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/18 02:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2014/03/17 17:12:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/03 10:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 10:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/02/06 20:38:26 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/31 21:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/28 00:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/28 00:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/28 00:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/28 00:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/28 00:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 18:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 19:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 19:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 19:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/27 09:43:26 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/01/27 09:37:32 | 000,344,688 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/01/27 09:33:26 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/01/27 09:31:34 | 000,520,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/01/27 09:30:06 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/01/27 09:29:22 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/21 04:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 04:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/09/23 14:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/01/19 12:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/01/19 12:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/08/05 02:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/08/05 02:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 21:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 21:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/30 21:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/30 21:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/30 21:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/30 21:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/28 11:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV - [2009/09/07 15:56:00 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 15:56:00 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 15:56:00 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 15:56:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=999944610&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SVEA_enGB365
IE - HKCU\..\SearchScopes\{C7D52AB2-E08C-4F72-A315-A07C4B3DF152}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pat Folland\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pat Folland\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/27 23:17:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/02/14 21:43:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/27 23:17:35 | 000,000,000 | ---D | M]
 
[2012/10/31 12:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Mysearchdial (Enabled)
CHR - default_search_provider: search_url = http://start.mysearc...r=999944610&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15705.1852_0\
CHR - Extension: Google Wallet = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Find and Remind by easyfundraising = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp\2.2.6_0\
CHR - Extension: YouTube = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15705.1852_0\
CHR - Extension: Google Wallet = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Find and Remind by easyfundraising = C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp\2.2.6_0\
 
O1 HOSTS File: ([2014/03/26 15:26:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (FindAndRemind) - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (FindAndRemind) - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (TBSB03575 Class) - {BF942B3C-B33B-465F-A3C1-2A597658B2A5} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (easyfundraising toolbar) - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AACBF180-8AE6-44BB-BAFF-02CC6CABAB17}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE3AED8E-17A7-4ACC-B16C-AF6ECD8C8AED}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 17:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/04/05 12:02:46 | 000,000,000 | ---D | C] -- C:\Users\Pat Folland\AppData\Roaming\TeamViewer
[2014/03/26 15:34:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/26 15:10:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/26 15:10:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/26 15:10:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/26 14:54:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/26 14:54:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/26 14:27:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/26 14:20:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/21 23:36:27 | 000,000,000 | ---D | C] -- C:\Users\Pat Folland\Documents\The Customs House_files
[2014/03/21 23:27:22 | 000,000,000 | ---D | C] -- C:\Users\Pat Folland\AppData\Local\Skype
[2014/03/21 23:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/21 23:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/06 17:57:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 17:57:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 17:52:08 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\BT NetProtect Plus.lnk
[2014/04/06 17:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/06 17:47:11 | 2311,335,936 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 16:37:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
[2014/04/05 16:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
[2014/04/05 15:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/05 12:37:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core.job
[2014/04/05 11:57:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 10:09:26 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/05 10:09:26 | 000,667,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/05 10:09:26 | 000,126,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/26 15:26:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/26 11:48:14 | 000,000,043 | ---- | M] () -- C:\Users\Pat Folland\AppData\Roaming\WB.CFG
[2014/03/21 23:36:27 | 000,017,637 | ---- | M] () -- C:\Users\Pat Folland\Documents\The Customs House.htm
[2014/03/15 21:53:05 | 000,448,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/03 18:11:39 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
[2014/04/01 12:32:52 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
[2014/03/26 15:10:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/26 15:10:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/26 15:10:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/26 15:10:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/26 15:10:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/26 11:48:14 | 000,000,043 | ---- | C] () -- C:\Users\Pat Folland\AppData\Roaming\WB.CFG
[2014/03/21 23:36:25 | 000,017,637 | ---- | C] () -- C:\Users\Pat Folland\Documents\The Customs House.htm
[2014/02/25 20:40:03 | 000,766,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/28 16:50:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/08 21:27:25 | 000,002,930 | ---- | C] () -- C:\Users\Pat Folland\AppData\Roaming\wklnhst.dat
[2010/02/28 17:56:34 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2010/02/19 18:27:38 | 000,001,066 | ---- | C] () -- C:\Users\Pat Folland\Pictures - Shortcut.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/31 12:26:54 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/06 17:49:48 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\Dropbox
[2012/04/20 22:51:48 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\IE ChiliCoupon
[2014/04/05 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\TeamViewer
[2010/06/08 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\Template
[2010/05/06 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\Pat Folland\AppData\Roaming\Tific
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
emeraldnzl
Posted 06 April 2014 - 03:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello madgeuk,

Welcome to Geekstogo.

Bit to do in this post. :)

Now

I can see some adware/foistware there and we will deal with that.

Firstly though I see ComboFix has been run recently on that machine.

If we can, I would like to see the log/s from that.

Go to  Start and in the Search programs and files panel type in Qoobox and navigate to:

 :\Qoobox folder (most likely C:\Qoobox\ComboFix.txt). Copy and paste the contents of the text file ComboFix.txt back here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

If there are more than one ComboFix.txts then please copy and paste each one back here.

After that

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

So when you return please post
  • ComboFix.txts
  • FRST.txt
  • Addition.txt


  • 0

#3
madgeuk
Posted 07 April 2014 - 03:21 AM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi and thanks for the reply!

 

There is a C:\Qoobox folder but it does not have any Combofix.txt files in it.  It has a BackEnv folder, a Quarantine folder and then text files called Add-Remove Programs and also ComboFix-quarantined-files.  But I did find a Combofix.txt file in the root C: folder and the file has the same date/time as the Qoobox files.  So I am pasting the ComboFix.txt from the C: location here :

 

ComboFix 14-03-24.01 - Pat Folland 26/03/2014  14:13:57.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2939.1286 [GMT 0:00]
Running from: c:\users\Pat Folland\Desktop\2634\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pat Folland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\users\Pat Folland\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-26 to 2014-03-26  )))))))))))))))))))))))))))))))
.
.
2014-03-26 14:26 . 2014-03-26 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-26 13:27 . 2014-03-26 13:27 -------- d-----w- c:\windows\ERUNT
2014-03-26 13:20 . 2014-03-26 13:25 -------- d-----w- C:\AdwCleaner
2014-03-26 10:55 . 2014-03-26 10:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B52C31A-D0E8-4312-896E-DC7DB132364A}\offreg.dll
2014-03-26 10:46 . 2014-03-26 12:48 -------- d-----w- c:\program files (x86)\Mega Browse
2014-03-25 09:57 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B52C31A-D0E8-4312-896E-DC7DB132364A}\mpengine.dll
2014-03-21 22:27 . 2014-03-21 22:27 -------- d-----w- c:\users\Pat Folland\AppData\Local\Skype
2014-03-21 22:27 . 2014-03-21 22:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-14 19:36 . 2014-03-01 04:32 1837056 ----a-w- c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-03-14 19:35 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-14 19:35 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-14 19:35 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-14 19:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-14 19:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-25 19:37 . 2014-02-25 19:37 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 19:35 . 2010-10-01 18:43 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-17 16:12 . 2012-04-20 21:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-17 16:12 . 2011-07-17 20:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-27 08:43 . 2013-08-05 13:30 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-01-27 08:37 . 2013-02-19 12:56 344688 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-01-27 08:37 . 2013-08-05 13:24 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-01-27 08:33 . 2013-02-19 12:54 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-01-27 08:31 . 2013-08-05 13:30 520696 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-01-27 08:30 . 2013-08-05 13:30 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 08:29 . 2013-02-19 12:52 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-01-21 03:50 . 2014-01-21 03:50 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-01-21 03:50 . 2014-01-21 03:50 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-01-21 03:50 . 2014-01-21 03:50 422712 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{468D13A4-B001-464C-8376-12D433B36F23}]
2014-02-20 11:00 529032 ----a-w- c:\users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4e6cd411-ce62-4584-97ff-6afbcf6900af}]
2014-03-26 01:18 249632 ----a-w- c:\program files (x86)\Mega Browse\MegaBrowseBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20918432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
.
c:\users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdx64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Update Mega Browse;Update Mega Browse;c:\program files (x86)\Mega Browse\updateMegaBrowse.exe;c:\program files (x86)\Mega Browse\updateMegaBrowse.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 16:12]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 21:09]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05 21:09]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core.job
- c:\users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 17:37]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA.job
- c:\users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 17:37]
.
2014-03-16 c:\windows\Tasks\REGSERVO.job
- c:\program files\REGSERVO\RegSERVO.exe [2013-06-05 05:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{468D13A4-B001-464C-8376-12D433B36F23}]
2014-02-20 11:01 613000 ----a-w- c:\users\Pat Folland\AppData\Local\FindAndRemind\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = 
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{BF942B3C-B33B-465F-A3C1-2A597658B2A5} - c:\program files (x86)\easyfundraising toolbar\tbcore3.dll
BHO-{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - c:\program files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll
Toolbar-{37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - c:\program files (x86)\easyfundraising toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-easyfundraising toolbar - c:\program files (x86)\easyfundraising toolbar\uninstaller.exe
AddRemove-Hardware Helper_is1 - c:\program files (x86)\Driver-Soft\HardwareHelper\unins000.exe
AddRemove-UpdaterEX - c:\users\Pat Folland\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-26  14:34:08
ComboFix-quarantined-files.txt  2014-03-26 14:34
.
Pre-Run: 219,193,561,088 bytes free
Post-Run: 220,321,902,592 bytes free
.
- - End Of File - - 583CAB23BE132E6B5628180732F69178
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Contents of FRST.txt :
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Pat Folland (administrator) on PATFOLLAND-VAIO on 07-04-2014 10:18:08
Running from C:\Users\Pat Folland\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-05] (Google Inc.)
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [Google Update] - C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
Startup: C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=999944610&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ferrer:source?}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {C7D52AB2-E08C-4F72-A315-A07C4B3DF152} URL = http://rover.ebay.co...e={searchTerms}
BHO: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader64.dll ()
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: TBSB03575 Class - {BF942B3C-B33B-465F-A3C1-2A597658B2A5} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - easyfundraising toolbar - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?barid={3E28B0EE-234E-11E2-AE42-0024BE84B4C5}
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-13]
CHR Extension: (Google Search) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-14]
CHR Extension: (SiteAdvisor) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-05]
CHR Extension: (Skype Click to Call) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-17]
CHR Extension: (Google Wallet) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-13]
CHR Extension: (Find and Remind by easyfundraising) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2013-06-02]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-06-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PATFOL~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 Util Mega Browse; "C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [9216 2009-09-07] (ZTE Incorporated)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-07 10:12 - 2014-04-07 10:15 - 00040164 _____ () C:\Users\Pat Folland\Downloads\Addition.txt
2014-04-07 10:11 - 2014-04-07 10:18 - 00024064 _____ () C:\Users\Pat Folland\Downloads\FRST.txt
2014-04-07 10:10 - 2014-04-07 10:18 - 00000000 ____D () C:\FRST
2014-04-07 10:10 - 2014-04-07 10:10 - 02157056 _____ (Farbar) C:\Users\Pat Folland\Downloads\FRST64.exe
2014-04-06 18:47 - 2014-04-06 18:47 - 00065120 _____ () C:\Users\Pat Folland\Downloads\Extras.Txt
2014-04-06 18:46 - 2014-04-06 18:46 - 00104900 _____ () C:\Users\Pat Folland\Downloads\OTL.Txt
2014-04-06 18:00 - 2014-04-06 18:01 - 00602112 _____ (OldTimer Tools) C:\Users\Pat Folland\Downloads\OTL.exe
2014-04-06 17:51 - 2014-04-06 17:58 - 106273552 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\msert.exe
2014-04-05 12:02 - 2014-04-05 12:02 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\TeamViewer
2014-04-03 18:11 - 2014-04-05 16:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
2014-04-03 18:11 - 2014-04-03 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf
2014-04-01 12:32 - 2014-04-05 16:37 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
2014-04-01 12:32 - 2014-04-01 12:32 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000
2014-03-26 15:34 - 2014-03-26 15:34 - 00025839 _____ () C:\ComboFix.txt
2014-03-26 15:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-26 15:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-26 15:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-26 14:54 - 2014-03-26 15:34 - 00000000 ____D () C:\Qoobox
2014-03-26 14:54 - 2014-03-26 15:27 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 14:27 - 2014-03-26 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 14:20 - 2014-03-26 14:25 - 00000000 ____D () C:\AdwCleaner
2014-03-26 11:48 - 2014-03-26 11:48 - 00000043 _____ () C:\Users\Pat Folland\AppData\Roaming\WB.CFG
2014-03-26 11:44 - 2014-03-26 11:44 - 29720784 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\IE11_setup [1].exe
2014-03-21 23:36 - 2014-03-21 23:36 - 00017637 _____ () C:\Users\Pat Folland\Documents\The Customs House.htm
2014-03-21 23:36 - 2014-03-21 23:36 - 00000000 ____D () C:\Users\Pat Folland\Documents\The Customs House_files
2014-03-21 23:27 - 2014-03-21 23:27 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Skype
2014-03-14 20:37 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 20:37 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 20:37 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 20:37 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 20:37 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 20:37 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 20:37 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 20:37 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 20:37 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 20:37 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 20:37 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 20:37 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 20:37 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 20:37 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 20:37 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 20:37 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 20:37 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 20:37 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 20:37 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 20:37 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 20:37 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 20:37 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 20:37 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 20:37 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 20:37 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 20:37 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 20:37 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 20:37 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 20:37 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 20:37 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 20:36 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 20:36 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 20:36 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 20:36 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 20:36 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 20:36 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 20:36 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 20:36 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 20:36 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 20:36 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 20:36 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 20:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 20:36 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 20:35 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 20:35 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 20:35 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 20:34 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 20:34 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 10:18 - 2014-04-07 10:11 - 00024064 _____ () C:\Users\Pat Folland\Downloads\FRST.txt
2014-04-07 10:18 - 2014-04-07 10:10 - 00000000 ____D () C:\FRST
2014-04-07 10:15 - 2014-04-07 10:12 - 00040164 _____ () C:\Users\Pat Folland\Downloads\Addition.txt
2014-04-07 10:10 - 2014-04-07 10:10 - 02157056 _____ (Farbar) C:\Users\Pat Folland\Downloads\FRST64.exe
2014-04-07 10:07 - 2010-07-26 19:41 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\Skype
2014-04-07 09:59 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 09:59 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 09:55 - 2013-08-05 14:31 - 00001844 _____ () C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2014-04-07 09:55 - 2010-02-01 23:45 - 02019403 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 09:51 - 2012-08-26 23:06 - 00000000 ___RD () C:\Users\Pat Folland\Dropbox
2014-04-07 09:51 - 2012-08-26 21:16 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\Dropbox
2014-04-07 09:50 - 2009-07-14 05:51 - 00214993 _____ () C:\Windows\setupact.log
2014-04-06 18:47 - 2014-04-06 18:47 - 00065120 _____ () C:\Users\Pat Folland\Downloads\Extras.Txt
2014-04-06 18:46 - 2014-04-06 18:46 - 00104900 _____ () C:\Users\Pat Folland\Downloads\OTL.Txt
2014-04-06 18:01 - 2014-04-06 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Pat Folland\Downloads\OTL.exe
2014-04-06 17:58 - 2014-04-06 17:51 - 106273552 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\msert.exe
2014-04-05 19:53 - 2012-07-22 19:48 - 00000000 ____D () C:\Users\Pat Folland\Documents\Documents patjan2013
2014-04-05 16:42 - 2010-02-01 23:46 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{47BDCB71-7E3C-45F3-B772-17D654A66C36}
2014-04-05 16:37 - 2014-04-01 12:32 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
2014-04-05 16:16 - 2014-04-03 18:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
2014-04-05 15:57 - 2012-04-20 22:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 14:51 - 2010-02-01 23:49 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Google
2014-04-05 12:37 - 2012-05-12 16:18 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core.job
2014-04-05 12:02 - 2014-04-05 12:02 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\TeamViewer
2014-04-05 11:57 - 2009-09-05 22:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 11:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 10:09 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 10:03 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-03 18:11 - 2014-04-03 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf
2014-04-03 18:11 - 2009-09-05 22:10 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 12:32 - 2014-04-01 12:32 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000
2014-04-01 12:32 - 2012-05-12 16:18 - 00003518 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core
2014-03-27 15:14 - 2010-02-19 17:57 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Apps\2.0
2014-03-27 14:42 - 2009-09-05 22:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-27 11:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 11:40 - 2009-09-05 22:44 - 01187424 _____ () C:\Windows\PFRO.log
2014-03-27 11:15 - 2010-06-27 18:49 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\CrashDumps
2014-03-26 15:34 - 2014-03-26 15:34 - 00025839 _____ () C:\ComboFix.txt
2014-03-26 15:34 - 2014-03-26 14:54 - 00000000 ____D () C:\Qoobox
2014-03-26 15:34 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-26 15:27 - 2014-03-26 14:54 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 15:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-26 15:24 - 2010-02-01 23:45 - 00000000 ____D () C:\Users\Pat Folland
2014-03-26 14:27 - 2014-03-26 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 14:26 - 2012-10-31 12:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 14:26 - 2010-02-01 23:46 - 00000000 ___RD () C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-26 14:25 - 2014-03-26 14:20 - 00000000 ____D () C:\AdwCleaner
2014-03-26 11:48 - 2014-03-26 11:48 - 00000043 _____ () C:\Users\Pat Folland\AppData\Roaming\WB.CFG
2014-03-26 11:44 - 2014-03-26 11:44 - 29720784 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\IE11_setup [1].exe
2014-03-24 12:05 - 2013-08-05 14:30 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-24 10:37 - 2013-08-05 14:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-21 23:36 - 2014-03-21 23:36 - 00017637 _____ () C:\Users\Pat Folland\Documents\The Customs House.htm
2014-03-21 23:36 - 2014-03-21 23:36 - 00000000 ____D () C:\Users\Pat Folland\Documents\The Customs House_files
2014-03-21 23:27 - 2014-03-21 23:27 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Skype
2014-03-21 23:27 - 2013-02-17 23:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 23:26 - 2009-09-05 22:32 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 10:39 - 2014-02-14 13:57 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\FindAndRemind
2014-03-19 20:43 - 2013-08-14 10:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 20:35 - 2010-10-01 19:43 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 22:04 - 2014-02-14 13:57 - 00000000 ____D () C:\Users\Pat Folland\Documents\Add-in Express
2014-03-17 19:37 - 2013-04-08 22:58 - 00000000 ____D () C:\Users\Pat Folland\Cloud Drive
2014-03-17 17:12 - 2012-04-20 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-17 17:12 - 2012-04-20 22:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-17 17:12 - 2011-07-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 21:53 - 2009-07-14 05:45 - 00448592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 21:51 - 2013-03-13 18:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 21:51 - 2013-03-13 18:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-01 12:54
 
==================== End Of Log ============================
 
 
Contents of Addition.txt :
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Pat Folland at 2014-04-07 10:12:55
Running from C:\Users\Pat Folland\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1500_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1500Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.0.2013.841 - Amazon)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ATTENTION
BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.70.06160 - Sony Corporation)
Click to Disc (x32 Version: 1.2.70.06160 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.02 - Sony Corporation)
Click to Disc Editor (x32 Version: 2.0.02 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
easyfundraising toolbar (HKLM-x32\...\easyfundraising toolbar) (Version: 0.5.8 - easyfundraising.org.uk)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Find & Remind (HKLM\...\FindAndRemind_is1) (Version: 1.7 - easyfundraising.org.uk)
Fotosizer 2.08 (HKLM-x32\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Helper (HKLM-x32\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}) (Version: 1.2.2.180 - Omnifone)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.84.0.0 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.3.121 - Roxio) Hidden
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.0.07280 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PUBLISHERR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{0A5F02E5-1A52-4F85-892C-A35227641C75}) (Version: 3.5.0.06261 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{3B1168DE-1F8C-471C-AC49-0CA52F096170}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM-x32\...\{7395DD51-0D1A-47A7-9993-742073ECF4CE}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{949419DF-F4AF-4693-B60A-522B24F233C6}) (Version: 3.5.0.06180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.0.06120 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.5.0.07230 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.5.0.07230 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.07010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.0.08050 - Sony Corporation)
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.0.07280 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.00.06191 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.5.00.06191 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.00.06010 - Sony Corporation)
VAIO NW screensaver (HKLM-x32\...\VAIO NW screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)
VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 4.0.0.07160 - Sony Corporation)
VAIO Premium Partners 1.00 (HKLM-x32\...\VAIO Premium Partners 1.00) (Version:  - )
VAIO Presentation Support (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 2.0.0.05270 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.1.2.4 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.1.2.4 - Sony Corporation) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.0.0.08120 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.0.0.07290 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.2.0.07300 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
ZTE_MF627_USB_MODEM_1.2059.0.4 (HKLM-x32\...\ZTE_MF627_LEGACY_DRIVER_1.2059.0.4) (Version:  - )
 
==================== Restore Points  =========================
 
14-03-2014 19:34:13 Windows Update
15-03-2014 20:16:12 Windows Update
17-03-2014 18:30:58 Removed Google Drive
18-03-2014 23:04:12 Windows Update
19-03-2014 19:32:38 Windows Update
25-03-2014 09:55:31 Windows Update
26-03-2014 10:48:40 Uniblue SpeedUpMyPC installation
27-03-2014 10:50:13 Windows Update
27-03-2014 11:04:52 Windows Update
01-04-2014 11:34:24 Windows Update
04-04-2014 18:31:04 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2014-03-26 15:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {10465EF5-EC90-4508-87E8-2E55A635BD0F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05] (Google Inc.)
Task: {38ACA0B8-88BF-439E-AC45-BE8C49D04F28} - \SpeedUpMyPC Startup No Task File
Task: {6FD5BAE3-F9CA-4E78-9D2A-1D272683182E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core => C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {75A32EDE-5057-433D-ACAE-7B32B954C201} - \SpeedUpMyPC Maintenance No Task File
Task: {C1A28F86-F240-49BD-B3E0-85B0718A1AA9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CAC34BC0-BF01-4903-AEEB-8477BF0E3695} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-31] (Sony Corporation)
Task: {CB1612C7-2AE1-4900-9096-058E9608590B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-05] (Google Inc.)
Task: {E3240016-39E7-4321-8F95-54ACC0C28112} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-08-06] (Sony Corporation)
Task: {EB8E1EFC-FFFA-4274-9C7B-BB77DAE6D5A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000 => C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {F0EC1964-0CD9-4F6C-806B-2D09768A967D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17] (Adobe Systems Incorporated)
Task: {FC099F3C-061F-43A9-837B-05AE6050C65D} - \UpdaterEX No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core.job => C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job => C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-09-05 22:35 - 2009-07-01 19:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-09-05 22:35 - 2009-07-01 19:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 00051016 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 00716616 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 00100168 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 04061000 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 00394568 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:32 - 2014-03-15 01:50 - 01647432 _____ () C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Pat Folland^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.lnk => C:\Windows\pss\Amazon Cloud Drive.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Pat Folland^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Pat Folland^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: NortonOnlineBackup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (04/05/2014 07:49:46 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1068
 
Error: (04/05/2014 07:49:46 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/05/2014 07:48:54 PM) (Source: Service Control Manager) (User: )
Description: The Util Mega Browse service failed to start due to the following error: 
%%2
 
Error: (04/05/2014 07:48:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (04/05/2014 07:48:53 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error: 
%%1243
 
Error: (04/05/2014 07:48:53 PM) (Source: Service Control Manager) (User: )
Description: The HsfXAudioService service failed to start due to the following error: 
%%1053
 
Error: (04/05/2014 07:48:53 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.
 
Error: (04/05/2014 07:48:51 PM) (Source: Service Control Manager) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (04/05/2014 05:41:51 PM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1068
 
Error: (04/05/2014 05:41:51 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2011 08:44:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/27/2011 01:00:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2011 07:27:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2011 07:25:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2011 09:46:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/14/2011 07:44:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/24/2011 07:53:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/21/2011 09:33:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/21/2011 09:29:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/21/2011 09:16:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-26 14:24:58.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-26 14:24:57.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 71%
Total physical RAM: 2939.02 MB
Available physical RAM: 833.36 MB
Total Pagefile: 5876.22 MB
Available Pagefile: 3366.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:288.67 GB) (Free:220 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 21227C0A)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
emeraldnzl
Posted 07 April 2014 - 01:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

But I did find a Combofix.txt file in the root C: folder and the file has the same date/time as the Qoobox files. 


Well done and thank you. :)

Now

Please download Malwarebytes Anti-Malware Free from here.
  • Double click to install the progamme
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg

  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg

  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG

  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.
 
  • 0

#5
madgeuk
Posted 07 April 2014 - 02:41 PM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks for continued help.  Here's the log :

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 07/04/2014
Scan Time: 21:30:41
Logfile: antimalware log 1.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.07.11
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pat Folland
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268778
Time Elapsed: 20 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 43
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [a15fa957e917d22ed887162d06fc9a66], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, Quarantined, [57a9a45cb54b2ed2a881f74d0ff3b44c], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, Quarantined, [629e04fc5ba50ff127021f2555adee12], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [8d73e11f9b658d738d237cc70200c13f], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [fc0431cf5ba530d07d33340f30d27a86], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [907012eeee12b54bc1efe45f9a688080], 
 
Registry Values: 2
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, Quarantined, [4cb43ac613ed9f61f20c21ebdb270ff1], 
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Quarantined, [4cb43ac613ed9f61f20c21ebdb270ff1]
 
Registry Data: 1
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SweetPacks.A, C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (               "homepage_url": "http://www.sweetpacks.com",), Replaced,[8e721be508f8a35d915da1a11ce84db3]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
emeraldnzl
Posted 07 April 2014 - 02:54 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello madgeuk,

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

After that

 

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 

So when you return please post

  • AdwCleaner report
  • FRST.txt

 


  • 0

#7
madgeuk
Posted 07 April 2014 - 03:19 PM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ad cleaner log :

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 22:12:33
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pat Folland - PATFOLLAND-VAIO
# Running from : C:\Users\Pat Folland\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Util Mega Browse
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [31968 octets] - [26/03/2014 14:20:34]
AdwCleaner[R1].txt - [10751 octets] - [07/04/2014 22:11:05]
AdwCleaner[S0].txt - [2896 octets] - [26/03/2014 14:25:38]
AdwCleaner[S1].txt - [10594 octets] - [07/04/2014 22:12:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10655 octets] ##########
 
 
 
FRST log :
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Pat Folland (administrator) on PATFOLLAND-VAIO on 07-04-2014 22:18:12
Running from C:\Users\Pat Folland\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-05] (Google Inc.)
HKU\S-1-5-21-3826142304-1062951191-3146572577-1000\...\Run: [Google Update] - C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)
Startup: C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ferrer:source?}
SearchScopes: HKCU - {C7D52AB2-E08C-4F72-A315-A07C4B3DF152} URL = http://rover.ebay.co...e={searchTerms}
BHO: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader64.dll ()
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: TBSB03575 Class - {BF942B3C-B33B-465F-A3C1-2A597658B2A5} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - easyfundraising toolbar - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://home.sweetim.com/?barid={3E28B0EE-234E-11E2-AE42-0024BE84B4C5}
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-13]
CHR Extension: (Google Search) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-14]
CHR Extension: (SiteAdvisor) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-08-05]
CHR Extension: (Skype Click to Call) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-17]
CHR Extension: (Google Wallet) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-13]
CHR Extension: (Find and Remind by easyfundraising) - C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2013-06-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PATFOL~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR StartMenuInternet: Google Chrome - C:\Users\Pat Folland\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [9216 2009-09-07] (ZTE Incorporated)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [119680 2009-09-07] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [119680 2009-09-07] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-07 22:10 - 2014-04-07 22:10 - 01426178 _____ () C:\Users\Pat Folland\Downloads\AdwCleaner.exe
2014-04-07 21:08 - 2014-04-07 21:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 21:08 - 2014-04-07 21:08 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 21:07 - 2014-04-07 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 21:07 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 21:07 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 21:07 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 21:06 - 2014-04-07 21:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Pat Folland\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-07 10:12 - 2014-04-07 10:15 - 00040164 _____ () C:\Users\Pat Folland\Downloads\Addition.txt
2014-04-07 10:11 - 2014-04-07 22:18 - 00022508 _____ () C:\Users\Pat Folland\Downloads\FRST.txt
2014-04-07 10:10 - 2014-04-07 22:18 - 00000000 ____D () C:\FRST
2014-04-07 10:10 - 2014-04-07 10:10 - 02157056 _____ (Farbar) C:\Users\Pat Folland\Downloads\FRST64.exe
2014-04-06 18:47 - 2014-04-06 18:47 - 00065120 _____ () C:\Users\Pat Folland\Downloads\Extras.Txt
2014-04-06 18:46 - 2014-04-06 18:46 - 00104900 _____ () C:\Users\Pat Folland\Downloads\OTL.Txt
2014-04-06 18:00 - 2014-04-06 18:01 - 00602112 _____ (OldTimer Tools) C:\Users\Pat Folland\Downloads\OTL.exe
2014-04-06 17:51 - 2014-04-06 17:58 - 106273552 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\msert.exe
2014-04-05 12:02 - 2014-04-05 12:02 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\TeamViewer
2014-04-03 18:11 - 2014-04-07 22:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
2014-04-03 18:11 - 2014-04-03 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf
2014-04-01 12:32 - 2014-04-07 21:37 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
2014-04-01 12:32 - 2014-04-01 12:32 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000
2014-03-26 15:34 - 2014-03-26 15:34 - 00025839 _____ () C:\ComboFix.txt
2014-03-26 15:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-26 15:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-26 15:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-26 15:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-26 14:54 - 2014-03-26 15:34 - 00000000 ____D () C:\Qoobox
2014-03-26 14:54 - 2014-03-26 15:27 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 14:27 - 2014-03-26 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 14:20 - 2014-04-07 22:12 - 00000000 ____D () C:\AdwCleaner
2014-03-26 11:48 - 2014-03-26 11:48 - 00000043 _____ () C:\Users\Pat Folland\AppData\Roaming\WB.CFG
2014-03-26 11:44 - 2014-03-26 11:44 - 29720784 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\IE11_setup [1].exe
2014-03-21 23:36 - 2014-03-21 23:36 - 00017637 _____ () C:\Users\Pat Folland\Documents\The Customs House.htm
2014-03-21 23:36 - 2014-03-21 23:36 - 00000000 ____D () C:\Users\Pat Folland\Documents\The Customs House_files
2014-03-21 23:27 - 2014-03-21 23:27 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Skype
2014-03-14 20:37 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 20:37 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 20:37 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 20:37 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 20:37 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 20:37 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 20:37 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 20:37 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 20:37 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 20:37 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 20:37 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 20:37 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 20:37 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 20:37 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 20:37 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 20:37 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 20:37 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 20:37 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 20:37 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 20:37 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 20:37 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 20:37 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 20:37 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 20:37 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 20:37 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 20:37 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 20:37 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 20:37 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 20:37 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 20:37 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 20:36 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 20:36 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 20:36 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 20:36 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 20:36 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 20:36 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 20:36 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 20:36 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 20:36 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 20:36 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 20:36 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 20:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 20:36 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 20:35 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 20:35 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 20:35 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 20:34 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 20:34 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 22:18 - 2014-04-07 10:11 - 00022508 _____ () C:\Users\Pat Folland\Downloads\FRST.txt
2014-04-07 22:18 - 2014-04-07 10:10 - 00000000 ____D () C:\FRST
2014-04-07 22:18 - 2013-08-05 14:31 - 00001844 _____ () C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2014-04-07 22:16 - 2014-04-03 18:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf.job
2014-04-07 22:15 - 2012-08-26 23:06 - 00000000 ___RD () C:\Users\Pat Folland\Dropbox
2014-04-07 22:15 - 2012-08-26 21:16 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\Dropbox
2014-04-07 22:15 - 2010-07-26 19:41 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\Skype
2014-04-07 22:14 - 2009-09-05 22:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 22:13 - 2010-02-01 23:45 - 02038804 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 22:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 22:13 - 2009-07-14 05:51 - 00215161 _____ () C:\Windows\setupact.log
2014-04-07 22:12 - 2014-03-26 14:20 - 00000000 ____D () C:\AdwCleaner
2014-04-07 22:10 - 2014-04-07 22:10 - 01426178 _____ () C:\Users\Pat Folland\Downloads\AdwCleaner.exe
2014-04-07 22:08 - 2010-02-01 23:46 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{47BDCB71-7E3C-45F3-B772-17D654A66C36}
2014-04-07 21:57 - 2012-04-20 22:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 21:40 - 2014-04-07 21:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 21:40 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 21:40 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 21:37 - 2014-04-01 12:32 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000.job
2014-04-07 21:08 - 2014-04-07 21:08 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 21:08 - 2014-04-07 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 21:07 - 2014-04-07 21:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Pat Folland\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-07 21:07 - 2013-04-22 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 10:15 - 2014-04-07 10:12 - 00040164 _____ () C:\Users\Pat Folland\Downloads\Addition.txt
2014-04-07 10:10 - 2014-04-07 10:10 - 02157056 _____ (Farbar) C:\Users\Pat Folland\Downloads\FRST64.exe
2014-04-06 18:47 - 2014-04-06 18:47 - 00065120 _____ () C:\Users\Pat Folland\Downloads\Extras.Txt
2014-04-06 18:46 - 2014-04-06 18:46 - 00104900 _____ () C:\Users\Pat Folland\Downloads\OTL.Txt
2014-04-06 18:01 - 2014-04-06 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Pat Folland\Downloads\OTL.exe
2014-04-06 17:58 - 2014-04-06 17:51 - 106273552 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\msert.exe
2014-04-05 19:53 - 2012-07-22 19:48 - 00000000 ____D () C:\Users\Pat Folland\Documents\Documents patjan2013
2014-04-05 14:51 - 2010-02-01 23:49 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Google
2014-04-05 12:37 - 2012-05-12 16:18 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core.job
2014-04-05 12:02 - 2014-04-05 12:02 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\TeamViewer
2014-04-05 10:09 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 10:03 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-03 18:11 - 2014-04-03 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4f5fc6e288bf
2014-04-03 18:11 - 2009-09-05 22:10 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-07 21:07 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 21:07 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 21:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 12:32 - 2014-04-01 12:32 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000
2014-04-01 12:32 - 2012-05-12 16:18 - 00003518 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core
2014-03-27 15:14 - 2010-02-19 17:57 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Apps\2.0
2014-03-27 14:42 - 2009-09-05 22:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-27 11:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-27 11:40 - 2009-09-05 22:44 - 01187424 _____ () C:\Windows\PFRO.log
2014-03-27 11:15 - 2010-06-27 18:49 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\CrashDumps
2014-03-26 15:34 - 2014-03-26 15:34 - 00025839 _____ () C:\ComboFix.txt
2014-03-26 15:34 - 2014-03-26 14:54 - 00000000 ____D () C:\Qoobox
2014-03-26 15:34 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-26 15:27 - 2014-03-26 14:54 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 15:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-26 15:24 - 2010-02-01 23:45 - 00000000 ____D () C:\Users\Pat Folland
2014-03-26 14:27 - 2014-03-26 14:27 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 14:26 - 2012-10-31 12:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 14:26 - 2010-02-01 23:46 - 00000000 ___RD () C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-26 11:48 - 2014-03-26 11:48 - 00000043 _____ () C:\Users\Pat Folland\AppData\Roaming\WB.CFG
2014-03-26 11:44 - 2014-03-26 11:44 - 29720784 _____ (Microsoft Corporation) C:\Users\Pat Folland\Downloads\IE11_setup [1].exe
2014-03-24 12:05 - 2013-08-05 14:30 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-24 10:37 - 2013-08-05 14:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-21 23:36 - 2014-03-21 23:36 - 00017637 _____ () C:\Users\Pat Folland\Documents\The Customs House.htm
2014-03-21 23:36 - 2014-03-21 23:36 - 00000000 ____D () C:\Users\Pat Folland\Documents\The Customs House_files
2014-03-21 23:27 - 2014-03-21 23:27 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\Skype
2014-03-21 23:27 - 2013-02-17 23:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-21 23:26 - 2009-09-05 22:32 - 00000000 ____D () C:\ProgramData\Skype
2014-03-20 10:39 - 2014-02-14 13:57 - 00000000 ____D () C:\Users\Pat Folland\AppData\Local\FindAndRemind
2014-03-19 20:43 - 2013-08-14 10:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 20:35 - 2010-10-01 19:43 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 22:04 - 2014-02-14 13:57 - 00000000 ____D () C:\Users\Pat Folland\Documents\Add-in Express
2014-03-17 19:37 - 2013-04-08 22:58 - 00000000 ____D () C:\Users\Pat Folland\Cloud Drive
2014-03-17 17:12 - 2012-04-20 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-17 17:12 - 2012-04-20 22:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-17 17:12 - 2011-07-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 21:53 - 2009-07-14 05:45 - 00448592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 21:51 - 2013-03-13 18:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 21:51 - 2013-03-13 18:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
Some content of TEMP:
====================
C:\Users\Pat Folland\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-01 12:54
 
==================== End Of Log ============================

  • 0

#8
emeraldnzl
Posted 07 April 2014 - 03:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello madgeuk,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
 

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  •     Double click zoek.zip
  •     Double click on zoek.exe to run.
  •     Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  •     Copy the text below and paste it into the large window in the zoek tool:

silentrunners;
FFDefaults;
CHRDefaults;
emptyclsid;
EmptyAllTemp;
AutoClean;
  •     Click on Run script button
  •     Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  •     Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 


  • 0

#9
madgeuk
Posted 08 April 2014 - 04:02 AM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi, FRST ran ok but I cannot download the zoek thing because McAfee keeps detecting it as an Artemis trojan and quarantining it!  I have tried the .exe and .zip versions and both times McAfee jumps in and I can't extract or download the file.

 

Here is the FRST log :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Pat Folland at 2014-04-08 10:59:08 Run:1
Running from C:\Users\Pat Folland\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
BHO: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader64.dll ()
BHO-x32: FindAndRemind - {468D13A4-B001-464C-8376-12D433B36F23} - C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll ()
C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll
BHO-x32: TBSB03575 Class - {BF942B3C-B33B-465F-A3C1-2A597658B2A5} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
Toolbar: HKLM-x32 - easyfundraising toolbar - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files (x86)\easyfundraising toolbar\tbcore3.dll No File
C:\Program Files (x86)\easyfundraising toolbar
*****************
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{468D13A4-B001-464C-8376-12D433B36F23} => Key deleted successfully.
HKCR\CLSID\{468D13A4-B001-464C-8376-12D433B36F23} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{468D13A4-B001-464C-8376-12D433B36F23} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{468D13A4-B001-464C-8376-12D433B36F23} => Key deleted successfully.
C:\Users\Pat Folland\AppData\Local\FindAndRemind\adxloader.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF942B3C-B33B-465F-A3C1-2A597658B2A5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BF942B3C-B33B-465F-A3C1-2A597658B2A5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{37AA2B59-4831-4A05-9B8D-B42774DAB6CE} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{37AA2B59-4831-4A05-9B8D-B42774DAB6CE} => Key deleted successfully.
"C:\Program Files (x86)\easyfundraising toolbar" => File/Directory not found.
 
==== End of Fixlog ====

  • 0

#10
madgeuk
Posted 08 April 2014 - 08:44 AM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Apologies, I re-read your instructions and saw the part about the antivirus de-activation so I did that (for 10 minutes) and downloaded the zoek tool.  Log file pasted below - thanks!

 

 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Pat Folland on 08/04/2014 at 11:07:10.77.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pat Folland\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
08/04/2014 15:06:41 Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-3826142304-1062951191-3146572577-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Yahoo! deleted
C:\Users\Pat Folland\AppData\Roaming\Yahoo! deleted
C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\user.js deleted
C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [14/02/2014 21:43]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [27/06/2010 23:17]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/02/2014 09:58]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 10:53]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\PATFOL~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
 
SiteAdvisor - Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Skype Click to Call - Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Find and Remind by easyfundraising - Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...errer:source?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
{C7D52AB2-E08C-4F72-A315-A07C4B3DF152} eBay  Url="http://rover.ebay.co...={searchTerms}"
 
==== Reset Google Chrome ======================
 
C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateInformer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator deleted successfully
 
==== Silent Runners ======================
 
"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]
swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]
Google Update = "C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [Realtek Semiconductor]
Skytel = C:\Program Files\Realtek\Audio\HDA\Skytel.exe [Realtek Semiconductor Corp.]
Apoint = C:\Program Files\Apoint\Apoint.exe
IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
ISBMgr.exe = "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [Sony Corporation]
hpqSRMon = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [Hewlett-Packard]
HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]
PMBVolumeWatcher = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [Sony Corporation]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
(Default) = (empty string) [file not found]
mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.]
mcpltui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\(Default) = Windows Live Family Safety Browser Helper
  -> {HKLM...CLSID} = Windows Live Family Safety Browser Helper Class
                   \InProcServer32\(Default) = C:\Program Files\Windows Live\Family Safety\fssbho.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live Family Safety Browser Helper Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll [MS]
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = McAfee SiteAdvisor BHO
                   \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
  -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor BHO
                         \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]
 
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java™ Plug-In 2 SSV Helper
                   \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM...Wow...CLSID} = Java™ Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{0347C33E-8762-4905-BF09-768834316C61}\(Default) = HP Print Enhancer
  -> {HKLM...Wow...CLSID} = HP Print Enhancer
                         \InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [Hewlett-Packard Co.]
 
{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier
  -> {HKLM...CLSID} = MSS+ Identifier
                   \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [McAfee, Inc.]
  -> {HKLM...Wow...CLSID} = MSS+ Identifier
                         \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [McAfee, Inc.]
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java™ Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = McAfee SiteAdvisor BHO
                   \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
  -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor BHO
                         \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]
 
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java™ Plug-In 2 SSV Helper
                   \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]
  -> {HKLM...Wow...CLSID} = Java™ Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
 
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = HP Smart BHO Class
  -> {HKLM...Wow...CLSID} = HP Smart BHO Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor
  -> {HKLM...CLSID} = Monitor Class
                   \InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{ED58A35B-B554-42AF-A26c-6F3D424200D3} = Sony Power Management Extensiond
  -> {HKLM...CLSID} = Sony.Utilities.VPM.SPMPanel.PowerPropertySheetLoader
                   \InProcServer32\(Default) = mscoree.dll [MS]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]
 
{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
  -> {HKLM...Wow...CLSID} = CLSID_WLMCMimeFilter
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll [MS]
 
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
 
{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = BtwCredentialProvider
  -> {HKLM...CLSID} = BtwCredentialProvider
                   \InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [Broadcom Corporation.]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 
<<!>> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692}
  -> {HKLM...CLSID} = McInternetProtocolRoot Class
                   \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL [McAfee, Inc.]
 
<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
 
<<!>> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
  -> {HKLM...CLSID} = McAfee SACore Protocol Handler
                   \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
 
<<!>> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5}
  -> {HKLM...CLSID} = McAfee SACore Protocol Handler
                   \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
 
<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
  -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS]
 
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
 
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 
McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
  -> {HKLM...CLSID} = McCtxFrmWrk Class
                   \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]
 
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
 
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
 
Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}
  -> {HKLM...CLSID} = Monitor Class
                   \InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]
 
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
  -> {HKCU...CLSID} = DropboxExt
                   \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]
  -> {HKCU...Wow...CLSID} = DropboxExt
                         \InProcServer32\(Default) = C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [Dropbox, Inc.]
 
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
 
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 
McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}
  -> {HKLM...CLSID} = McCtxFrmWrk Class
                   \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
NoRun = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
NoControlPanel = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
HPAutoplayPSE\
Provider = HP Photosmart Essential 3.5
InvokeProgID = HpqPSApl.Autoplay
InvokeVerb = Play
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = {A6873065-D632-4615-A3A9-C5F05EE109C1}
  -> {HKLM...CLSID} = (no title provided)
                   \LocalServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\bin\HpqPsApl.exe [Hewlett-Packard]
 
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;en-us.8081.0709
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;en-us.8081.0709
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
 
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
 
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
 
RoxioSCAudioCDTask36\
Provider = Roxio Central Audio
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B} [null data]
 
RoxioSCCopyCD36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]
 
RoxioSCCopyDisc36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]
 
RoxioSCDataProject36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data [null data]
 
RoxioSCDataTask36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B} [null data]
 
SonyPMBImportPicturesOnArrival\
Provider = PMB
InvokeProgID = SonyPMB.VolumeAutoPlay
InvokeVerb = launch
HKLM\SOFTWARE\Classes\SonyPMB.VolumeAutoPlay\shell\launch\command\(Default) = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe /autoplay /path %1 [Sony Corporation]
 
SonyPMBVideoCameraArrival\
Provider = PMB
ProgID = SonyPMB.NonVolumeAutoPlay
InitCmdLine = /autoplay
HKLM\SOFTWARE\Classes\SonyPMB.NonVolumeAutoPlay\CLSID\(Default) = {2B049B62-A498-4b1d-BEA6-C37EBCAECC5C}
  -> {HKLM...CLSID} = (no title provided)
                   \LocalServer32\(Default) = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /autoplay [file not found]
 
VAIOContentImporterHandler\
Provider = @C:\Program Files (x86)\Sony\VAIO VP Utilities\StringTable.dll,-2011
InvokeProgID = VAIOContentImporter
InvokeVerb = ImportMedia
HKLM\SOFTWARE\Classes\VAIOContentImporter\shell\ImportMedia\Command\(Default) = C:\Program Files (x86)\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe /ImportMedia %1 [null data]
 
VAIOContentImporterHandlerCamera\
Provider = @C:\Program Files (x86)\Sony\VAIO VP Utilities\StringTable.dll,-2011
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe" /Capture %1
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
 
WIA_{06DB3BBD-B732-4CE2-9B14-566797A3E928}\
Provider = @C:\Program Files (x86)\Sony\VAIO VP Utilities\StringTable.dll,-2011
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe /WIAImportPicture;
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
 
WIA_{42DD61A4-9AD2-4587-9A50-BC7844C66480}\
Provider = HP Photosmart Essential 3.5
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\HP\Digital Imaging\bin\HpqPsApl.exe;
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
 
 
Startup items in "Pat Folland" & "All Users" startup folders:
-------------------------------------------------------------
 
C:\Users\Pat Folland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\Pat Folland\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
Bluetooth -> shortcut to: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Broadcom Corporation.]
HP Digital Imaging Monitor -> shortcut to: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.]
McAfee Security Scan Plus -> shortcut to: C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [McAfee, Inc.]
 
 
Non-disabled Scheduled Tasks: {++}
-----------------------------
 
C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
CreateChoiceProcessTask ->  launches: C:\Windows\System32\browserchoice.exe /launch [MS]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA1cf4f5fc6e288bf ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000Core ->  launches: C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-3826142304-1062951191-3146572577-1000UA1cf4d9e1e1a0000 ->  launches: C:\Users\Pat Folland\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{0E626F3C-8A24-4FFB-84FD-07195C3D7244} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{47BDCB71-7E3C-45F3-B772-17D654A66C36} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{41E0A95A-4054-418C-8DFB-BE5A98D278A1} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Citrix\GoToAssist\896\G2AUninstaller.exe" -c /uninstall [MS]
{6165B140-0809-4295-9977-166931FF829E} ->  launches: C:\Windows\system32\pcalua.exe -a F:\setup.exe -d F:\ [MS]
{DECF5C42-1C07-467A-AA78-10D3E6481123} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Pat Folland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB70KLXK\setup[1].exe" -d "C:\Users\Pat Folland\Desktop" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
Calibration Loader ->  launches: {B210D694-C8DF-490d-9576-9E20CDBC20BD}
  -> {HKLM...CLSID} = Color Calibration Loader
                   \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
  -> {HKLM...Wow...CLSID} = Color Calibration Loader
                         \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
 
C:\Windows\System32\Tasks\SONY\VAIO Gate
VAIO Gate ->  launches: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe /AutoStart [Sony Corporation]
 
C:\Windows\System32\Tasks\SONY\VAIO Update
VAIO Update ->  launches: "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary [Sony Corporation]
 
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3826142304-1062951191-3146572577-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000009\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
 
Transport Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
 
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor
  -> {HKLM...CLSID} = McAfee SiteAdvisor Toolbar
                   \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.]
 
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor
  -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor Toolbar
                         \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.]
 
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...Wow...CLSID} = Google Toolbar
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
Explorer Bars
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\
 
{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = HP Smart Web Printing
                         \InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll [Hewlett-Packard Co.]
 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
  -> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS]
 
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
ButtonText = @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015
MenuText = @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650
Script = C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [null data]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = Blog This
MenuText = &Blog This in Windows Live Writer
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
 
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS]
 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
  -> {HKLM...Wow...CLSID} = Skype Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM...Wow...CLSID} = &Research
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]
 
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
ButtonText = Send To Bluetooth
MenuText = Send to &Bluetooth Device...
Script = C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [null data]
 
{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
ButtonText = Show or hide HP Smart Web Printing
CLSIDExtension = {DDE87865-83C5-48c4-8357-2F5B1AA84522}
  -> {HKLM...Wow...CLSID} = ClipBookBtn Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Hewlett-Packard Co.]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Bluetooth Service, btwdins, C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [Broadcom Corporation.]
HP CUE DeviceDiscovery Service, hpqddsvc, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]}
HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [Hewlett-Packard Co.]}
hpqcxs08, hpqcxs08, C:\Windows\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]}
Intel® Matrix Storage Event Monitor, IAANTMON, C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [Intel Corporation]
McAfee Anti-Malware Core, mfecore, C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [McAfee, Inc.]
McAfee AP Service, McAPExe, "C:\Program Files\McAfee\MSC\McAPExe.exe" [McAfee, Inc.]
McAfee Firewall Core Service, mfefire, "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [McAfee, Inc.]
McAfee Home Network, HomeNetSvc, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Platform Services, mcpltsvc, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
McAfee Validation Trust Protection Service, mfevtp, "C:\Windows\system32\mfevtps.exe" [McAfee, Inc.]
McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.]
PMBDeviceInfoProvider, PMBDeviceInfoProvider, "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [Sony Corporation]
Realtek Audio Service, RtkAudioService, C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [Realtek Semiconductor]
Skype Click to Call PNR Service, c2cpnrsvc, "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [MS]
Skype Click to Call Updater, c2cautoupdatesvc, "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [MS]
VAIO Content Folder Watcher, VCFw, "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [Sony Corporation]
VAIO Entertainment Database Service, VzCdbSvc, "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [Sony Corporation]
VAIO Entertainment UPnP Client Adapter, Vcsw, C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [Sony Corporation]
VAIO Event Service, VAIO Event Service, "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [Sony Corporation]
VAIO Power Management, VAIO Power Management, "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [null data]
VSNService, VSNService, "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [Sony Corporation]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
 
 
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
 
<<!>> MCODS, (title not found)
<<!>> mcpltsvc, (title not found)
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
 
<<!>> GoToAssist, Service
<<!>> McMPFSvc, Service
<<!>> MCODS, (title not found)
<<!>> mcpltsvc, (title not found)
<<!>> mfefire, Driver
<<!>> mfefirek, Driver
<<!>> mfefirek.sys, Driver
<<!>> mfehidk, Driver
<<!>> mfehidk.sys, Driver
<<!>> mfevtp, Driver
<<!>> MpfService, Service
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
 
 
Print Monitors:
---------------
 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]
 
 
<<H>>: Suspicious data at a browser hijack point.
 
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pat Folland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pat Folland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Pat Folland\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=5 folders=2 145440 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\AppData\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Pat Folland\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\PATFOL~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
 
==== EOF on 08/04/2014 at 15:37:19.45 ======================

  • 0

Advertisements

#11
emeraldnzl
Posted 08 April 2014 - 04:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again madgeuk,

 

 

 

Apologies, I re-read your instructions and saw the part about the antivirus de-activation so I did that (for 10 minutes) and downloaded the zoek tool.

Well done. :thumbsup:

That one carried out a particular scan called "Silent Runners" that I wanted to check. It also did some nice things clearing away some adware in Chrome that was rather persistent.

Now

Just to be sure Team Viewer is gone.

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

 If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

When you return please post

  • Fixlog.txt
  • ESET scan results


 


  • 0

#12
madgeuk
Posted 09 April 2014 - 06:57 AM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks again... Fixlog :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Pat Folland at 2014-04-09 09:45:34 Run:2
Running from C:\Users\Pat Folland\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-04-05 12:02 - 2014-04-05 12:02 - 00000000 ____D () C:\Users\Pat Folland\AppData\Roaming\TeamViewer
C:\Users\Pat Folland\AppData\Roaming\TeamViewer
*****************

C:\Users\Pat Folland\AppData\Roaming\TeamViewer => Moved successfully.
"C:\Users\Pat Folland\AppData\Roaming\TeamViewer" => File/Directory not found.

==== End of Fixlog ====

 

 

ESET :

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=822f54abc40df646bc20a49d3a130f27
# engine=17811
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-09 12:41:02
# local_time=2014-04-09 01:41:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 88 1393386 145829858 0 0
# compatibility_mode=5893 16776573 100 94 14578 149512312 0 0
# scanned=198946
# found=6
# cleaned=6
# scan_time=13385
sh=3DAE15BC047B21EF17CB19294A54B5BF6CD41A87 ft=1 fh=3c3f1b649fb3d1f0 vn="Win32/SpeedUpMyPC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\uniblue\SpeedUpMyPC\speedupmypc.exe.vir"
sh=9E60FE40C5BA463780413D5D22446858015EFF4B ft=1 fh=b2e9a257c367f009 vn="Win32/Toolbar.Babylon potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\~BabylonToolbar\~BabylonToolbar\~1.5.3.17\~bh\~BabylonToolbar.dll.vir"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pat Folland\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pat Folland\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pat Folland\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=C0093C80E56E3D0954B9C6F3A10745A7210A8B40 ft=1 fh=7c704831bda2a0ea vn="a variant of Win32/DealPly.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pat Folland\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir"
 


  • 0

#13
emeraldnzl
Posted 09 April 2014 - 06:23 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello madgeuk,

 

Here is where I think we are now.

 

We have cleaned this machine of adware/foistware and removed some suspicious files. Teamviewer is not showing any longer and a file from another application that can be used for remote control of a computer was removed by ComboFix.

 

You can never be sure that there isn't something hidden that has been missed but I am not seeing anything in those logs.

 

If you wished you could go for a full reformat of the hard drive and reinstall of Windows and start from base one again. You would then be sure that whatever malicious files might have been there will have gone. If you do that, you would need to backup everything you want to keep before hand because all data will be lost in the format.

 

 

 I am going to work with her to change all her online passwords like Amazon, Paypal, Ebay etc etc.

 

Very important, often these types of hacks don't actually use the information they find but sell it on to second parties. It's sometime down the track that things start happening. Same goes for bank, paypal and credit cards.

 

From you description of what happened it must be assumed that all data on the machine was copied.

 

Now

 

Please tell me how the computer is now and if you are happy with my explanation. After that I will post some instructions for clearing away the tools that have been used. :)


  • 0

#14
madgeuk
Posted 10 April 2014 - 04:53 AM

madgeuk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hi, thanks again for your continued help.  Somebody tried to do a Western Union transfer of several hundred pounds from my mothers bank account yesterday!  Luckily she had already contacted the bank to cancel her cards and to inform them to watch for suspicious activity, so it was blocked.  

 

If you can help with the final clean up of tools/files that would be great.

 

Finally, is it possible for you to take a look at the youth club laptop which I think might also be infected?  If required I can start a new topic for that machine with a new OTL log etc.

 

Thanks!


  • 0

#15
emeraldnzl
Posted 10 April 2014 - 02:45 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again madgeuk,

 

 

Finally, is it possible for you to take a look at the youth club laptop which I think might also be infected?

 

We can continue on in this thread. Please post an OTL scan as you did with this machine. :)

 

Now

 

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
 

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    CF_Uninstall-1.jpg

Step 2


  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP