Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

After Malwarebytes scan, can't install AVG

AVG Windows 7 PUP.Optional

  • Please log in to reply




  • Member
  • PipPip
  • 25 posts

For the last few months, my Windows 7 computer has worked inconsistently.  Sometimes, though, it would freeze so that no keys nor the mouse worked.  The only option was to turn it off and reboot.  Recently, it froze before I could log on every time I tried.  I ran Malwarebytes in safe mode and it found 9 versions of PUP.Optional:  Ilivid, Somoto.A, OpenCandy (5), Bandoo (2).  After they were removed, the computer seemed to work fine, but I now cannot install AVG Free.  I previously had McAfee as a free subscription with Time Warner, but I have no confidence in it.  I would like help to make sure my computer is virus-free and I am able to install virus protection.



OTL logfile created on: 1/23/2015 12:16:11 AM - Run 1
OTL by OldTimer - Version     Folder = H:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.85 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 62.22% Memory free
15.70 Gb Paging File | 12.97 Gb Available in Paging File | 82.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.08 Gb Total Space | 125.22 Gb Free Space | 27.88% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 462.34 Gb Free Space | 99.26% Space Free | Partition Type: NTFS
Drive H: | 7.46 Gb Total Space | 4.65 Gb Free Space | 62.37% Space Free | Partition Type: NTFS
Computer Name: JOHN-HOME | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/21 19:46:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2015/01/08 22:25:26 | 039,206,888 | ---- | M] (Dropbox, Inc.) -- C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/04 07:50:58 | 000,840,592 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2014/09/04 05:50:26 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/06/02 09:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/06/02 09:38:32 | 005,563,760 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/06/02 09:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/04/17 20:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
PRC - [2014/01/10 00:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/02/25 15:35:22 | 003,769,552 | ---- | M] (4Team Corporation) -- C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/11 15:59:32 | 005,387,608 | ---- | M] (SourceTec Software Co., LTD) -- C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/22 19:33:52 | 000,085,784 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2010/04/22 19:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2009/09/15 11:31:48 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
========== Modules (No Company Name) ==========
MOD - [2015/01/23 00:01:07 | 000,043,008 | ---- | M] () -- c:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp355lrn.dll
MOD - [2015/01/08 15:44:46 | 000,863,744 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2015/01/08 15:44:46 | 000,750,080 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2015/01/08 15:44:46 | 000,200,704 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2015/01/08 15:44:46 | 000,047,616 | ---- | M] () -- C:\Users\John\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/11/12 23:02:07 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/11/05 23:13:36 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/11/05 23:13:33 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/11/05 23:13:31 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/08/14 22:39:07 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\245d6862e0c39770654fcf69699fc0a8\Microsoft.VisualBasic.ni.dll
MOD - [2014/08/14 22:39:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f4319843c935b69ebb7e338bfddbad54\System.ServiceProcess.ni.dll
MOD - [2014/08/14 22:39:00 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40d52224797a152552eee1f8433403e4\System.Web.ni.dll
MOD - [2014/08/14 22:38:56 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4d2ee13655653e64c6b91238e6b351df\System.Runtime.Remoting.ni.dll
MOD - [2014/08/14 22:38:51 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce5e2af0775efc3c91ba62d5d26fb39\System.Configuration.ni.dll
MOD - [2014/08/14 22:38:40 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\ec7140de731a291e741f3569063e3438\Accessibility.ni.dll
MOD - [2014/08/14 22:30:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f8914fd903fedcd4da7461c710aad0\System.Xml.ni.dll
MOD - [2014/08/14 22:30:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\434e3a5de2f98ed740aac2b24c6d0890\System.Windows.Forms.ni.dll
MOD - [2014/08/14 22:30:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bce52f0521c930a2e305badb3ea07128\System.Drawing.ni.dll
MOD - [2014/08/14 22:30:34 | 006,638,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8cf8109a63bd7d75874bba9b108f2aef\System.Data.ni.dll
MOD - [2014/08/14 22:30:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ee90c95adb50b0e75b814fcb9d87f8e\System.ni.dll
MOD - [2014/08/14 22:30:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8be9e33457f57805b4068f90099e428\mscorlib.ni.dll
MOD - [2014/06/16 16:18:41 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/03/20 17:49:19 | 002,952,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\\System.Data.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/10 00:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 00:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/04/22 19:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2010/04/22 19:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2010/04/22 19:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/22 17:57:42 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2007/11/27 12:38:56 | 000,427,197 | ---- | M] () -- C:\Program Files (x86)\4Team Corporation\Sync2\sqlite3.dll
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\Windows\SysWOW64\DLAAPI_W.DLL
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/25 08:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/01/21 23:35:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/27 22:24:05 | 000,114,288 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/04 05:50:26 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/07 07:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/06/02 09:48:54 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/06/02 09:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/07/13 13:52:34 | 000,150,920 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/22 19:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/31 15:56:34 | 000,033,616 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/28 21:39:35 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2011/12/28 21:39:32 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/12/28 21:39:29 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/12/28 21:39:29 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/12/28 21:39:21 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/28 21:39:21 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/14 20:12:42 | 000,123,120 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:64bit: - [2011/05/26 12:51:46 | 000,029,696 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\leafnets.sys -- (leafnets)
DRV:64bit: - [2011/04/07 18:36:30 | 000,027,200 | ---- | M] (NETGEAR) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwleaf.sys -- (Fwleaf)
DRV:64bit: - [2010/11/20 22:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/08/18 13:18:10 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,136,952 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/08/18 13:17:58 | 000,143,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/08/18 13:17:56 | 000,033,656 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/08/18 13:17:52 | 000,141,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/08/11 11:06:00 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2006/08/11 10:35:28 | 000,015,992 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2006/08/11 10:35:26 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dilbert.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{92F2840F-1F9A-43E8-B864-51FEBB2977D4}: "URL" = http://www.google.co...&rlz=1I7DGUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/11/05 23:33:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1055\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/10/31 17:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/05 23:33:56 | 000,000,000 | ---D | M]
[2012/03/15 22:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2014/09/27 22:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/27 22:24:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome  ==========
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\34_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.6_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.4_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1055\TmIEPlg.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1055\TmIEPlg32.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [iLivid] "C:\Users\John\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [Safe PST Backup] C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe (4Team Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Sync2] C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe (4Team Corporation)
O4 - HKCU..\Run: [Web Video Downloader] C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48C7557-91D5-445F-A27C-AAAE40CD0CF2}: DhcpNameServer =
O18:64bit: - Protocol\Handler\leaf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1055\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1055\TmIEPlg32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/01 21:24:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.PB1 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/21 22:43:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg2015
[2015/01/21 22:40:49 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\Old Firefox Data
[2015/01/21 21:41:28 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/21 21:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/21 21:41:17 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/01/21 21:41:17 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/01/21 21:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/01/23 00:08:55 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 00:08:55 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/23 00:07:04 | 000,956,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/23 00:07:04 | 000,789,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/23 00:07:04 | 000,168,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/22 23:59:45 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2015/01/22 23:58:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/22 23:58:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/22 23:58:21 | 2028,281,855 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/21 23:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3403377284-3109338177-3723939992-1000UA.job
[2015/01/21 23:55:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/21 23:09:58 | 000,002,368 | ---- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2015/01/21 22:57:14 | 000,559,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/21 22:45:44 | 000,001,137 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/01/21 22:45:38 | 000,001,019 | ---- | M] () -- C:\Users\John\Desktop\Dropbox.lnk
[2015/01/21 21:41:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/21 21:41:19 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/01/21 21:41:19 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/21 23:42:35 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/03/16 14:15:46 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2014/03/16 14:15:45 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/02 00:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\MTSTACK.INI
[2013/09/02 00:10:30 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MTSTACK.EXE
[2013/06/03 22:46:45 | 000,004,608 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/04 23:02:13 | 000,000,040 | ---- | C] () -- C:\ProgramData\.zreglib
[2013/03/04 22:12:49 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2013/03/04 22:12:49 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2012/09/03 13:40:03 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Local\rx_image32.Cache
[2012/05/14 20:14:43 | 000,007,625 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2008/07/09 21:33:21 | 000,000,000 | ---- | C] () -- C:\Users\John\core
[2006/05/01 21:12:27 | 000,000,600 | ---- | C] () -- C:\Users\John\PUTTY.RND
========== ZeroAccess Check ==========
[2014/04/10 23:55:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/04 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\4Team
[2014/11/05 23:46:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2012/02/02 22:03:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canon
[2014/07/19 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.wd.WDMyCloud
[2012/11/13 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DeLorme
[2015/01/21 23:02:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
[2012/03/09 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EPSON
[2013/03/10 20:19:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Garmin
[2012/01/01 16:47:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2012/01/27 00:38:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Memeo
[2013/07/03 21:37:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Oracle
[2014/07/15 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PCDr
[2014/03/16 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\pdf995
[2013/01/27 15:38:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Seagate
[2013/02/15 22:21:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Sony
[2012/08/11 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SourceTec
[2014/05/04 14:46:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TaxCut
[2012/03/12 22:08:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TotalRecorder
[2014/04/28 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\video.mov:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\test1.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\OSUform-9-16-11.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\OSUform2-9-16-11.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\Cruise.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\CATCO001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\John\Desktop\xmas-1.m3u:Roxio EMC Stream
@Alternate Data Stream - 578 bytes -> C:\Users\John\Documents\Vacation-Reply.eml:OECustomProperty

< End of report >

  • 0




    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

Let's see if the free avast will install:


Save and then right click and Run As Admin.
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop. 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

  • Press Scan button. 

  • It will produce a log called FRST.txt in the same directory the tool is run from.  

  • Please copy and paste log back here. 

  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Thanks very much for the reply.  I have not had a chance to follow up on it, but I hope to in the next few days.  I will let you know what happens.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Last night I started up the PC and could not even log on.  Now, when I boot, the mouse and keyboard stop working before I can select my login icon.  I use a wireless keyboard/mouse combination, Logitech mk710, but it did not work with a wired keyboard and mouse either.  I booted into safe mode, but had the same problem.  I used the built-in Windows diagnostics and scanning tools to no avail.


What is a good bootable program that I can use to log in?  Thanks for your help.



  • 0



    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

We usually use FRST  http://www.geekstogo...l/#entry2151691 or the AVG Rescue



  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Thanks, Ron.  Below is the log file.  I look forward to your reply.



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by SYSTEM on MININT-RB317PI on 30-01-2015 16:46:19
Running from h:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3195248 2014-06-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-15] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\John\...\Run: [] => [X]
HKU\John\...\Run: [Web Video Downloader] => C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe [5387608 2010-11-11] (SourceTec Software Co., LTD)
HKU\John\...\Run: [Sync2] => C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe [3769552 2011-02-25] (4Team Corporation)
HKU\John\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2957040 2010-06-29] (SUPERAntiSpyware.com)
HKU\John\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [4337776 2013-02-22] (4Team Corporation)
HKU\John\...\Run: [iLivid] => "C:\Users\John\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\John\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\John\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\John\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Liz\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Liz\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-27] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
S2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
S2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
S2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
S2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
S2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
S1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
S2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
S2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
S0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
S2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27200 2011-04-07] (NETGEAR)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2011-05-26] (Leaf Networks)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 16:46 - 2015-01-30 16:46 - 00000000 ____D () C:\FRST
2015-01-21 21:43 - 2015-01-21 21:43 - 00000000 ____D () C:\Users\John\AppData\Local\Avg2015
2015-01-21 21:40 - 2015-01-21 21:40 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2015-01-21 21:39 - 2015-01-21 21:40 - 04637504 _____ (AVG Technologies) C:\Users\John\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-21 20:41 - 2015-01-23 00:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:41 - 2014-11-21 05:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-21 20:41 - 2014-11-21 05:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 23:18 - 2014-07-19 18:54 - 00000000 ____D () C:\users\DefaultAppPool
2015-01-28 23:18 - 2014-04-28 19:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 23:18 - 2014-03-16 13:15 - 00000000 ____D () C:\ProgramData\pdf995
2015-01-28 23:18 - 2013-08-27 20:14 - 00000000 ____D () C:\Users\John\AppData\Local\Akamai
2015-01-28 23:18 - 2012-03-15 21:21 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Peter
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Liz
2015-01-28 23:18 - 2012-01-01 13:42 - 00000000 ____D () C:\users\John
2015-01-28 23:08 - 2009-07-13 23:13 - 00956188 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-28 23:08 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:08 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:00 - 2013-06-04 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 23:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 23:00 - 2009-07-13 22:51 - 00092047 _____ () C:\Windows\setupact.log
2015-01-28 19:37 - 2011-12-28 18:47 - 01267391 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 19:36 - 2013-06-04 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 19:35 - 2012-11-02 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:35 - 2011-12-28 18:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 19:26 - 2009-07-13 22:45 - 00559936 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-28 19:24 - 2014-07-21 22:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-28 18:57 - 2012-01-03 21:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403377284-3109338177-3723939992-1000UA.job
2015-01-28 18:55 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 01:00 - 2012-01-05 19:45 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-01-23 00:01 - 2014-04-05 10:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5B40343-B39C-49E7-9992-50D8DFA3F1C1}
2015-01-22 23:10 - 2013-06-01 09:58 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-22 22:58 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 23:01 - 2014-04-28 19:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 22:52 - 2006-05-25 18:57 - 00000000 ____D () C:\Users\John\Documents\Computer
2015-01-21 22:25 - 2012-01-03 22:30 - 00000000 ___RD () C:\Users\John\Dropbox
2015-01-21 22:09 - 2012-01-03 21:28 - 00002368 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2015-01-21 22:02 - 2012-01-03 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-01-21 21:57 - 2012-08-11 20:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-21 21:57 - 2010-11-20 21:47 - 00374018 _____ () C:\Windows\PFRO.log
2015-01-21 21:45 - 2012-01-03 22:30 - 00001019 _____ () C:\Users\John\Desktop\Dropbox.lnk
2015-01-21 21:32 - 2014-04-29 18:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-21 20:41 - 2014-01-13 21:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

Some content of TEMP:

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-14 16:17:42
Restore point made on: 2014-11-14 18:18:21
Restore point made on: 2015-01-21 22:32:20
Restore point made on: 2015-01-21 22:33:09
Restore point made on: 2015-01-21 22:37:01
Restore point made on: 2015-01-21 23:00:12
Restore point made on: 2015-01-21 23:00:47
Restore point made on: 2015-01-21 23:01:33
Restore point made on: 2015-01-28 23:30:26
Restore point made on: 2015-01-28 23:31:34

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8040.43 MB
Available physical RAM: 7206.08 MB
Total Pagefile: 8038.63 MB
Available Pagefile: 7209.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.08 GB) (Free:124.31 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:462.34 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:16.64 GB) (Free:8.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (UUI) (Removable) (Total:7.46 GB) (Free:4.65 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F9A53575)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9A5355B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

Disk: 2 (Size: 7.5 GB) (Disk ID: 00073653)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

LastRegBack: 2015-01-28 23:23

==================== End Of Log ============================

  • 0



    Malware Expert

  • Expert
  • 24,713 posts
  • MVP
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.8 GB) - (Type=07 NTFS)



Above is what a normal Win 7 looks like.


This is what yours looks like:


Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F9A53575)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)



Normally it boots off the 100 MB partition then shifts over to the 2nd much larger partition.  Are you running a nonstandard boot?  Maybe a Linux dual boot or something?



We can try to use FRST to remove the odd stuff from your log but I don't think it will make much difference.


Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

I am not running a nonstandard boot, although I have possibly turned off some normal boot items.  Here are the logs.  John



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by SYSTEM at 2015-01-31 12:38:23 Run:1
Running from H:\
Boot Mode: Recovery

Content of fixlist:
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\John\...\Run: [iLivid] => "C:\Users\John\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\John\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value deleted successfully.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
WPRO_41_1742 => Service deleted successfully.
C:\Users\John\AppData\Local\Temp\1nqibjek.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\BJMYRST.EXE => Moved successfully.
C:\Users\John\AppData\Local\Temp\Bootstrapper.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperARA.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperARU.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperCHS.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperCHT.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperCSY.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperDAN.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperDEU.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperELL.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperENU.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperESN.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperESP.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperFIN.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperFRA.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperHEB.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperHRV.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperHUN.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperITA.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperJPN.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperKOR.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperLOC.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperNLD.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperNOR.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperPLK.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperPTB.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperPTG.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperRUS.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperSKY.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperSLV.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperSVE.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperTHA.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperTRK.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\BootstrapperUKR.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\CNEZCOPI.DLL => Moved successfully.
C:\Users\John\AppData\Local\Temp\CNEZDMRC.DLL => Moved successfully.
C:\Users\John\AppData\Local\Temp\CNEZFLDR.DLL => Moved successfully.
C:\Users\John\AppData\Local\Temp\CNEZPAGE.DLL => Moved successfully.
C:\Users\John\AppData\Local\Temp\CNEZRSC.DLL => Moved successfully.
C:\Users\John\AppData\Local\Temp\dotnetfx35setup.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp355lrn.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\GarminInstall.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\InstallAX.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\install_flashplayer13x32au_mssd_aaa_aih.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\issdm_rr_en.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\LOGINFO2.EXE => Moved successfully.
C:\Users\John\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\John\AppData\Local\Temp\MSN93C9.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\safepstbackup_1_00.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\SSUPDATE64.EXE => Moved successfully.
C:\Users\John\AppData\Local\Temp\sync2_2_01_1131.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp19A7.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp3063.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp34D7.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp54E3.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp6FB7.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmp7E16.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmpA602.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmpBF7A.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmpDA68.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmpEF31.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tmpF74B.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\_Setupx.dll => Moved successfully.

==== End of Fixlog 12:38:27 ====



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by SYSTEM on MININT-PFGGN5F on 31-01-2015 12:39:36
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3195248 2014-06-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-15] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\John\...\Run: [] => [X]
HKU\John\...\Run: [Web Video Downloader] => C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe [5387608 2010-11-11] (SourceTec Software Co., LTD)
HKU\John\...\Run: [Sync2] => C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe [3769552 2011-02-25] (4Team Corporation)
HKU\John\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2957040 2010-06-29] (SUPERAntiSpyware.com)
HKU\John\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [4337776 2013-02-22] (4Team Corporation)
HKU\John\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\John\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Liz\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Liz\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-27] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
S2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
S2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
S2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
S2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
S2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
S1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
S2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
S2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
S0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
S2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27200 2011-04-07] (NETGEAR)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2011-05-26] (Leaf Networks)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 16:46 - 2015-01-31 12:39 - 00000000 ____D () C:\FRST
2015-01-21 21:43 - 2015-01-21 21:43 - 00000000 ____D () C:\Users\John\AppData\Local\Avg2015
2015-01-21 21:40 - 2015-01-21 21:40 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2015-01-21 21:39 - 2015-01-21 21:40 - 04637504 _____ (AVG Technologies) C:\Users\John\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-21 20:41 - 2015-01-23 00:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:41 - 2014-11-21 05:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-21 20:41 - 2014-11-21 05:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 23:18 - 2014-07-19 18:54 - 00000000 ____D () C:\users\DefaultAppPool
2015-01-28 23:18 - 2014-04-28 19:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 23:18 - 2014-03-16 13:15 - 00000000 ____D () C:\ProgramData\pdf995
2015-01-28 23:18 - 2013-08-27 20:14 - 00000000 ____D () C:\Users\John\AppData\Local\Akamai
2015-01-28 23:18 - 2012-03-15 21:21 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Peter
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Liz
2015-01-28 23:18 - 2012-01-01 13:42 - 00000000 ____D () C:\users\John
2015-01-28 23:08 - 2009-07-13 23:13 - 00956188 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-28 23:08 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:08 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 23:05 - 2011-12-28 18:47 - 01267391 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 23:00 - 2013-06-04 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 23:00 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 23:00 - 2009-07-13 22:51 - 00092047 _____ () C:\Windows\setupact.log
2015-01-28 19:36 - 2013-06-04 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 19:35 - 2012-11-02 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:35 - 2011-12-28 18:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 19:26 - 2009-07-13 22:45 - 00559936 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-28 19:24 - 2014-07-21 22:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-28 18:57 - 2012-01-03 21:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403377284-3109338177-3723939992-1000UA.job
2015-01-28 18:55 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 01:00 - 2012-01-05 19:45 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-01-23 00:01 - 2014-04-05 10:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5B40343-B39C-49E7-9992-50D8DFA3F1C1}
2015-01-22 23:10 - 2013-06-01 09:58 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-22 22:58 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 23:01 - 2014-04-28 19:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 22:52 - 2006-05-25 18:57 - 00000000 ____D () C:\Users\John\Documents\Computer
2015-01-21 22:25 - 2012-01-03 22:30 - 00000000 ___RD () C:\Users\John\Dropbox
2015-01-21 22:09 - 2012-01-03 21:28 - 00002368 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2015-01-21 22:02 - 2012-01-03 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-01-21 21:57 - 2012-08-11 20:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-21 21:57 - 2010-11-20 21:47 - 00374018 _____ () C:\Windows\PFRO.log
2015-01-21 21:45 - 2012-01-03 22:30 - 00001019 _____ () C:\Users\John\Desktop\Dropbox.lnk
2015-01-21 21:32 - 2014-04-29 18:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-21 20:41 - 2014-01-13 21:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-14 16:17:42
Restore point made on: 2014-11-14 18:18:21
Restore point made on: 2015-01-21 22:32:20
Restore point made on: 2015-01-21 22:33:09
Restore point made on: 2015-01-21 22:37:01
Restore point made on: 2015-01-21 23:00:12
Restore point made on: 2015-01-21 23:00:47
Restore point made on: 2015-01-21 23:01:33
Restore point made on: 2015-01-28 23:30:26
Restore point made on: 2015-01-28 23:31:34

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8040.43 MB
Available physical RAM: 7209.67 MB
Total Pagefile: 8038.63 MB
Available Pagefile: 7201.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.08 GB) (Free:124.31 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:462.34 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:16.64 GB) (Free:8.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (UUI) (Removable) (Total:7.46 GB) (Free:4.65 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F9A53575)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9A5355B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

Disk: 2 (Size: 7.5 GB) (Disk ID: 00073653)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

LastRegBack: 2015-01-28 23:23

==================== End Of Log ============================


  • 0



    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

My gut feeling is we need to make Partition 1 on Disk 0 active.  There is a program called gparted that can do that.  You can use option 1 to make a bootable USB drive on a working computer then boot off it.  http://gparted.org/liveusb.php


Before we do that see if you can get the windows repair to work.  Use your wired up keyboard and mouse.  Reboot and go into the CMOS/BIOS setup.  There should be an option to set things to default..  Do that then Save and Exit.  Now boot into Safe Mode and try to get to Repair Your Computer.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

It seems like we are not making any progress.  I set CPU configuration and system configuration to default.  I did not set power or POST to default.  I then booted into Safe Mode and repaired.  When I restarted, I did it to normal mode and the mouse worked, but not the keyboard.  Then, I rebooted into Safe Mode and the mouse worked, but not the keyboard.  After trying the keyboard, the mouse did not work either.  When I rebooted, neither worked.  I reran FRST, then I used the same FIXLIST that you sent before.  Below are the logs.


Also, after trying to login, I left the computer on.  The router showed high activity when there should have been little.  I think I have been hijacked.  Thanks, again.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by SYSTEM at 2015-02-01 01:26:23 Run:2
Running from h:\
Boot Mode: Recovery

Content of fixlist:
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\John\...\Run: [iLivid] => "C:\Users\John\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\John\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value not found.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value not found.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => Value not found.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk not found.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
WPRO_41_1742 => Service not found.
"C:\Users\John\AppData\Local\Temp\1nqibjek.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\AcDeltree.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BJMYRST.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\Bootstrapper.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperARA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperARU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCHS.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCHT.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCSY.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperDAN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperDEU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperELL.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperENU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperESN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperESP.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperFIN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperFRA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHEB.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHRV.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHUN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperITA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperJPN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperKOR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperLOC.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperNLD.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperNOR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPLK.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPTB.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPTG.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperRUS.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSKY.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSLV.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSVE.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperTHA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperTRK.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperUKR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZCOPI.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZDMRC.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZFLDR.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZPAGE.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZRSC.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\dotnetfx35setup.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp355lrn.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\GarminInstall.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\InstallAX.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\install_flashplayer13x32au_mssd_aaa_aih.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\issdm_rr_en.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\LOGINFO2.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\MSETUP4.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\MSN93C9.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\safepstbackup_1_00.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\SSUPDATE64.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\sync2_2_01_1131.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp19A7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp3063.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp34D7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp54E3.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp6FB7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp7E16.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpA602.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpBF7A.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpDA68.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpEF31.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpF74B.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\wmpfirefoxplugin.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\_Setupx.dll" => File/Directory not found.

==== End of Fixlog 01:26:26 ====



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by SYSTEM on MININT-U03C836 on 01-02-2015 01:16:54
Running from h:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3195248 2014-06-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-15] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\John\...\Run: [] => [X]
HKU\John\...\Run: [Web Video Downloader] => C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe [5387608 2010-11-11] (SourceTec Software Co., LTD)
HKU\John\...\Run: [Sync2] => C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe [3769552 2011-02-25] (4Team Corporation)
HKU\John\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2957040 2010-06-29] (SUPERAntiSpyware.com)
HKU\John\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [4337776 2013-02-22] (4Team Corporation)
HKU\John\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\John\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Liz\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Liz\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-27] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
S2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
S2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
S2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
S2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
S2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
S1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
S2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
S2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
S0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
S2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27200 2011-04-07] (NETGEAR)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2011-05-26] (Leaf Networks)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 16:46 - 2015-02-01 01:16 - 00000000 ____D () C:\FRST
2015-01-21 21:43 - 2015-01-21 21:43 - 00000000 ____D () C:\Users\John\AppData\Local\Avg2015
2015-01-21 21:40 - 2015-01-21 21:40 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2015-01-21 21:39 - 2015-01-21 21:40 - 04637504 _____ (AVG Technologies) C:\Users\John\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-21 20:41 - 2015-01-23 00:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:41 - 2014-11-21 05:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-21 20:41 - 2014-11-21 05:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 23:55 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 23:42 - 2009-07-13 23:13 - 00956188 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-31 23:42 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:42 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:35 - 2013-06-04 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 23:34 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 23:34 - 2009-07-13 22:51 - 00092215 _____ () C:\Windows\setupact.log
2015-01-31 23:34 - 2009-07-13 22:45 - 00559936 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-31 23:11 - 2011-12-28 18:47 - 01309190 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 23:18 - 2014-07-19 18:54 - 00000000 ____D () C:\users\DefaultAppPool
2015-01-28 23:18 - 2014-04-28 19:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 23:18 - 2014-03-16 13:15 - 00000000 ____D () C:\ProgramData\pdf995
2015-01-28 23:18 - 2013-08-27 20:14 - 00000000 ____D () C:\Users\John\AppData\Local\Akamai
2015-01-28 23:18 - 2012-03-15 21:21 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Peter
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Liz
2015-01-28 23:18 - 2012-01-01 13:42 - 00000000 ____D () C:\users\John
2015-01-28 19:36 - 2013-06-04 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 19:35 - 2012-11-02 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:35 - 2011-12-28 18:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 19:24 - 2014-07-21 22:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-28 18:57 - 2012-01-03 21:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403377284-3109338177-3723939992-1000UA.job
2015-01-23 01:00 - 2012-01-05 19:45 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-01-23 00:01 - 2014-04-05 10:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5B40343-B39C-49E7-9992-50D8DFA3F1C1}
2015-01-22 23:10 - 2013-06-01 09:58 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-22 22:58 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 23:01 - 2014-04-28 19:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 22:52 - 2006-05-25 18:57 - 00000000 ____D () C:\Users\John\Documents\Computer
2015-01-21 22:25 - 2012-01-03 22:30 - 00000000 ___RD () C:\Users\John\Dropbox
2015-01-21 22:09 - 2012-01-03 21:28 - 00002368 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2015-01-21 22:02 - 2012-01-03 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-01-21 21:57 - 2012-08-11 20:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-21 21:57 - 2010-11-20 21:47 - 00374018 _____ () C:\Windows\PFRO.log
2015-01-21 21:45 - 2012-01-03 22:30 - 00001019 _____ () C:\Users\John\Desktop\Dropbox.lnk
2015-01-21 21:32 - 2014-04-29 18:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-21 20:41 - 2014-01-13 21:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-14 16:17:42
Restore point made on: 2014-11-14 18:18:21
Restore point made on: 2015-01-21 22:32:20
Restore point made on: 2015-01-21 22:33:09
Restore point made on: 2015-01-21 22:37:01
Restore point made on: 2015-01-21 23:00:12
Restore point made on: 2015-01-21 23:00:47
Restore point made on: 2015-01-21 23:01:33
Restore point made on: 2015-01-28 23:30:26
Restore point made on: 2015-01-28 23:31:34

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8040.43 MB
Available physical RAM: 7203.68 MB
Total Pagefile: 8038.63 MB
Available Pagefile: 7201 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.08 GB) (Free:123.86 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:462.34 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:16.64 GB) (Free:8.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (UUI) (Removable) (Total:7.46 GB) (Free:4.65 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F9A53575)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9A5355B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

Disk: 2 (Size: 7.5 GB) (Disk ID: 00073653)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

LastRegBack: 2015-01-28 23:23

==================== End Of Log ============================

  • 0




    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

Do you have another keyboard you could try?  Perhaps something is wrong with it?  Is this a USB or a PS/2 (round connector)?


The activity may be something checking for updates.  There are a lot of scheduled programs that that do that when you boot.  FRST isn't showing anything odd

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

I am using a USB keyboard, but it is the one my wife uses and has no trouble with.  I don't have a PS/2 connector on my computer.  I have disconnected the computer from the internet until I get it working correctly.


Here is what I have done and what it is doing.  I tried booting into Safe Mode with wired USB keyboard and mouse attached.  I was able to select the login icon and I got two characters of my password input before the keyboard and mouse froze.  I wondered if the AVG Rescue Disk might help, so I burned a CD with the iso image on it.  I inserted the CD and turned off the computer.  When I booted, the computer ran CHKDSK and would not boot without completing.  I shut it down in the middle, but when it booted, I had no option, so I let it finish.  It started in Windows normally and I was able to enter my password and it seemed to be working, but it froze soon after the desktop icons finished loading.  I rebooted to the CD drive, but the computer went on and booted to Windows.  I tried it twice, but the virus has apparently prevented the computer from booting from the CD drive.  I have not tried AVG Rescue Disk with a flash drive.


I hope you have more suggestions.  I am considering backing up the hard drives, formatting, and reinstalling the software.

  • 0



    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

You probably need to set the boot order in the BIOS/CMOS setup so that it looks for a CD before it looks at the hard drive.  What make and model is the PC?

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Ron, I have finally gotten back to this.  I got the AVG Rescue CD to work (I had not burned it correctly) and scanned the computer.  I had to turn it off then.  Today, I scanned with FRST then used the Fixlist that you had given me before, then I rescanned.  Then I booted into Safe Mode and the cursor would not move.  I am using wired mouse and keyboard, and the keyboard is a different one.  Below are the log files.  Please let me know if you see anything.  If not, I think I will get the data off the drives and format them.  Please let me know if you have a better idea.  Thanks for your help.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by SYSTEM at 2015-02-17 14:08:10 Run:3
Running from h:\
Boot Mode: Recovery

Content of fixlist:
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\John\...\Run: [iLivid] => "C:\Users\John\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\John\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value not found.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value not found.
HKU\John\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => Value not found.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk not found.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
WPRO_41_1742 => Service not found.
"C:\Users\John\AppData\Local\Temp\1nqibjek.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\AcDeltree.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BJMYRST.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\Bootstrapper.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperARA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperARU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCHS.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCHT.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperCSY.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperDAN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperDEU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperELL.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperENU.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperESN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperESP.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperFIN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperFRA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHEB.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHRV.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperHUN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperITA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperJPN.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperKOR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperLOC.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperNLD.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperNOR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPLK.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPTB.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperPTG.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperRUS.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSKY.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSLV.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperSVE.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperTHA.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperTRK.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\BootstrapperUKR.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZCOPI.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZDMRC.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZFLDR.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZPAGE.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\CNEZRSC.DLL" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\dotnetfx35setup.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp355lrn.dll" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\GarminInstall.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\InstallAX.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\install_flashplayer13x32au_mssd_aaa_aih.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\issdm_rr_en.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\LOGINFO2.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\MSETUP4.EXE" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\MSN93C9.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\safepstbackup_1_00.exe" => File/Directory not found.
C:\Users\John\AppData\Local\Temp\SSUPDATE64.EXE => Moved successfully.
"C:\Users\John\AppData\Local\Temp\sync2_2_01_1131.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp19A7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp3063.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp34D7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp54E3.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp6FB7.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmp7E16.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpA602.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpBF7A.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpDA68.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpEF31.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\tmpF74B.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\wmpfirefoxplugin.exe" => File/Directory not found.
"C:\Users\John\AppData\Local\Temp\_Setupx.dll" => File/Directory not found.

==== End of Fixlog 14:08:13 ====



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 (ATTENTION: ====> FRST version is 20 days old and could be outdated)
Ran by SYSTEM on MININT-68M8LGQ on 17-02-2015 14:08:38
Running from h:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3195248 2014-06-02] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5563760 2014-06-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-15] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\John\...\Run: [] => [X]
HKU\John\...\Run: [Web Video Downloader] => C:\Program Files (x86)\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe [5387608 2010-11-11] (SourceTec Software Co., LTD)
HKU\John\...\Run: [Sync2] => C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe [3769552 2011-02-25] (4Team Corporation)
HKU\John\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2957040 2010-06-29] (SUPERAntiSpyware.com)
HKU\John\...\Run: [Safe PST Backup] => C:\Program Files (x86)\4Team Corporation\Safe PST Backup\SafePSTBackup.exe [4337776 2013-02-22] (4Team Corporation)
HKU\John\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\John\...\Run: [Akamai NetSession Interface] => C:\Users\John\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Liz\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Liz\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Peter\...\RunOnce: [WAB Migrate] => C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-27] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
S2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
S2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
S2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
S2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
S2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
S1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
S2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
S2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
S0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
S2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27200 2011-04-07] (NETGEAR)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2011-05-26] (Leaf Networks)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 00:04 - 2015-02-07 00:04 - 00003224 ____N () C:\bootsqm.dat
2015-01-30 16:46 - 2015-02-17 14:08 - 00000000 ____D () C:\FRST
2015-01-21 21:43 - 2015-01-21 21:43 - 00000000 ____D () C:\Users\John\AppData\Local\Avg2015
2015-01-21 21:40 - 2015-01-21 21:40 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2015-01-21 21:39 - 2015-01-21 21:40 - 04637504 _____ (AVG Technologies) C:\Users\John\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-21 20:41 - 2015-01-23 00:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00001108 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 20:41 - 2015-01-21 20:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 20:41 - 2014-11-21 05:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-21 20:41 - 2014-11-21 05:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 15:41 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 15:41 - 2009-07-13 22:51 - 00092383 _____ () C:\Windows\setupact.log
2015-02-07 00:14 - 2009-07-13 22:45 - 00559936 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-07 00:09 - 2012-01-05 19:45 - 00000000 ____D () C:\Users\John\Documents\Outlook Files
2015-02-07 00:06 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 00:05 - 2012-01-25 20:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 23:34 - 2009-07-13 23:13 - 00956188 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-31 23:42 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:42 - 2009-07-13 22:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:39 - 2011-12-28 18:47 - 01309190 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 23:35 - 2013-06-04 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 23:18 - 2014-07-19 18:54 - 00000000 ____D () C:\users\DefaultAppPool
2015-01-28 23:18 - 2014-04-28 19:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 23:18 - 2014-03-16 13:15 - 00000000 ____D () C:\ProgramData\pdf995
2015-01-28 23:18 - 2013-08-27 20:14 - 00000000 ____D () C:\Users\John\AppData\Local\Akamai
2015-01-28 23:18 - 2012-03-15 21:21 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Peter
2015-01-28 23:18 - 2012-01-02 18:34 - 00000000 ____D () C:\users\Liz
2015-01-28 23:18 - 2012-01-01 13:42 - 00000000 ____D () C:\users\John
2015-01-28 19:36 - 2013-06-04 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 19:35 - 2012-11-02 18:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:35 - 2011-12-28 18:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 19:24 - 2014-07-21 22:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-28 18:57 - 2012-01-03 21:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403377284-3109338177-3723939992-1000UA.job
2015-01-23 00:01 - 2014-04-05 10:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5B40343-B39C-49E7-9992-50D8DFA3F1C1}
2015-01-22 23:10 - 2013-06-01 09:58 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-21 23:01 - 2014-04-28 19:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-21 22:52 - 2006-05-25 18:57 - 00000000 ____D () C:\Users\John\Documents\Computer
2015-01-21 22:25 - 2012-01-03 22:30 - 00000000 ___RD () C:\Users\John\Dropbox
2015-01-21 22:09 - 2012-01-03 21:28 - 00002368 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2015-01-21 22:02 - 2012-01-03 22:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox
2015-01-21 21:57 - 2012-08-11 20:43 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-21 21:57 - 2010-11-20 21:47 - 00374018 _____ () C:\Windows\PFRO.log
2015-01-21 21:45 - 2012-01-03 22:30 - 00001019 _____ () C:\Users\John\Desktop\Dropbox.lnk
2015-01-21 21:32 - 2014-04-29 18:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-21 20:41 - 2014-01-13 21:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-14 16:17:42
Restore point made on: 2014-11-14 18:18:21
Restore point made on: 2015-01-21 22:32:20
Restore point made on: 2015-01-21 22:33:09
Restore point made on: 2015-01-21 22:37:01
Restore point made on: 2015-01-21 23:00:12
Restore point made on: 2015-01-21 23:00:47
Restore point made on: 2015-01-21 23:01:33
Restore point made on: 2015-01-28 23:30:26
Restore point made on: 2015-01-28 23:31:34

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8040.43 MB
Available physical RAM: 7199.84 MB
Total Pagefile: 8038.63 MB
Available Pagefile: 7200.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.08 GB) (Free:123.86 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:462.34 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:16.64 GB) (Free:8.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (UUI) (Removable) (Total:7.46 GB) (Free:7.28 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F9A53575)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9A5355B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

Disk: 2 (Size: 7.5 GB) (Disk ID: 00073653)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

LastRegBack: 2015-01-28 23:23

==================== End Of Log ============================

  • 0



    Malware Expert

  • Expert
  • 24,713 posts
  • MVP

Since you are close to pulling the plug on it let's let FRST remove all the stuff that you don't really need.  Maybe we will get lucky.




Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

Similar Topics

Also tagged with one or more of these keywords: AVG, Windows 7, PUP.Optional

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP