1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer has malware and is slow need help to get it off

Discussion in 'Virus & Other Malware Removal' started by andrew_al, Mar 4, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    Hello,

    This computer is a personal computer and does not have any group policies or defaults set in by a company.

    It is having some issues that general hamper it's overall performance...

    It will take many minutes to open some programs. overall very sluggish performance
    Excel complains about memory even though I don't have much up and the computer has 4 gb of memory.
    So because of this I can only have one or two files open in excel at once.

    It will not wake up from hibernation correctly, after being in hibernation I see a mouse on a black screen and move it around but the screen will never appear with login after hibernation...and just stay black until restart.

    Constantly need to restart, so I am thinking malware is running up the memory in the system.

    Let me know if there is anything you can do to help and identify what might be causing this.

    here are the logs from HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:51:55 PM, on 3/4/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16518)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
    C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
    C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
    C:\Program Files (x86)\VIPRE\SBAMTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\VIPRE\SBAMUI.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
    O3 - Toolbar: Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
    O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    O4 - HKLM\..\Run: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
    O4 - HKLM\..\Run: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
    O4 - HKLM\..\Run: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Users\ADELYN\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Nuance PDF Converter 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
    O8 - Extra context menu item: Open with PDF Professional 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
    O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
    O23 - Service: Backup Utility VSS Service (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: bufssvr - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
    O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
    O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VIPRE Internet Security (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: TurboPC EX FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
    O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe

    --
    End of file - 15976 bytes



    dds.txt from DDS:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/25/2013 9:55:59 AM
    System Uptime: 3/4/2014 11:01:32 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 05GRXT
    Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 465 GiB total, 383.06 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP120: 2/23/2014 7:00:30 PM - Windows Backup
    RP121: 3/3/2014 9:11:35 AM - Windows Backup
    RP122: 3/3/2014 10:51:51 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06)
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE v.6.82
    AuthenTec Fingerprint Software
    Avery Toolbar Updater
    Avery Wizard 4.0
    BioAPI Framework
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    BUFFALO Backup Utility
    BUFFALO SecureLockManagerEasy for HD
    BUFFALO TurboPC EX Series
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Coupon Printer for Windows
    Custom
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Client System Update
    Dell Data Protection | Access
    Dell Edoc Viewer
    Dell Feature Enhancement Pack
    Dell Touchpad
    DellAccess
    DW WLAN Card Utility
    EMBASSY Client Core
    Gemalto
    Google Earth
    Google Update Helper
    HP LaserJet Enterprise 500 color M551
    HP Unified IO
    HP Update
    HPDXP
    HPLaserJetEnterprise500colorM551_HelpLearnCenter
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    iTunes
    Junk Mail filter update
    Lexmark Software Uninstall
    LJDXPHelperUI
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 27.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTRU TCG Software Stack
    Nuance PDF Converter Professional 8
    Nuance PDF Converter Professional 8 Update x64
    O2Micro OZ776 SCR Driver
    PC-CCID
    Photobie -- photo editing software from Photobie Design
    Preboot Manager
    Private Information Manager
    Samsung Universal Print Driver 2
    Scansoft PDF Professional
    Screen+ 1.0
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SPBA 5.9
    ST Microelectronics 3 Axis Digital Accelerometer Solution
    swMSM
    toolkit32for64bit
    Trusted Drive Manager
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Upek Touchchip Fingerprint Reader
    VIPRE Internet Security
    Wave Crypto Runtime 2.0.7.0 x86
    Wave Infrastructure Installer
    Wave Support Software Installer
    WIDCOMM Bluetooth Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/4/2014 7:31:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Capability Licensing Service Interface service to connect.
    3/4/2014 7:31:40 AM, Error: Service Control Manager [7000] - The Intel(R) Capability Licensing Service Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/4/2014 11:02:14 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    3/3/2014 8:39:31 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "9C2A701F4876" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    3/3/2014 5:14:28 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.
    .
    ==== End Of File ===========================







    Attach.txt from DDS:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518
    Run by VSCADM at 14:05:20 on 2014-03-04
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3969.1674 [GMT -7:00]
    .
    AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\ATService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
    C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
    C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
    C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
    C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\LMabcoms.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\o2flash.exe
    C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TC2Service.exe
    C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
    C:\Windows\System32\TC2Tray.exe
    C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
    C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
    C:\Program Files (x86)\VIPRE\SBAMTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\VIPRE\SBAMSvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\VIPRE\SBAMUI.exe
    C:\Program Files (x86)\GFI\LanGuard 11 Agent\Mantle.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    C:\Windows\splwow64.exe
    C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ADELYN\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://dell13-comm.msn.com
    uDefault_Page_URL = hxxp://dell13-comm.msn.com
    uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Gaaiho PDF Conversion Toolbar Helper: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
    TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
    TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
    mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
    mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
    mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
    mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
    IE: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 10.1.10.1
    TCP: Interfaces\{26B02B86-2908-4D07-8FCB-EB09EA50BCFA} : DHCPNameServer = 10.1.10.1
    TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\14D6075646F53525 : DHCPNameServer = 192.168.1.240
    TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\6535340275962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\65353475962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Authentication Packages = msv1_0 wvauth
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [tpcexTray] "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
    x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
    x64-Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2013-1-28 72016]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-7 20464]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-1-19 22128]
    R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-1-25 260816]
    R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2012-2-2 2664264]
    R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
    R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
    R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-11-30 163840]
    R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2013-1-28 95608]
    R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
    R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]
    R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
    R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-19 13632]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-19 165336]
    R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
    R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-5 3937472]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-18 88928]
    R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-5 176016]
    R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
    R2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2013-1-28 134216]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-19 366040]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-19 165688]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-1-19 598808]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-8-7 39976]
    R3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-1-25 41032]
    R3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-7-3 31264]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-8-7 169752]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-7 342528]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-7 358896]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-7 792560]
    R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-1-19 84712]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
    R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
    R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-1-19 68208]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2013-1-28 20608]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-1-19 72808]
    S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-1-19 74984]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
    S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2013-1-25 63184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
    S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-03-04 18:49:48 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\Malwarebytes
    2014-03-04 18:49:38 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-04 18:32:33 -------- d-----w- C:\6bdc1f00a4c8f7bcae604132
    2014-03-03 17:51:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-03-03 17:51:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-03-03 16:26:17 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\HpUpdate
    2014-03-03 16:25:13 591648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp145.DLL
    2014-03-03 16:21:54 316704 ----a-w- C:\Windows\System32\hpbcoins64.dll
    2014-03-03 16:21:47 518432 ----a-w- C:\Windows\SysWow64\hpcdmc32.DLL
    2014-03-03 16:21:47 438560 ----a-w- C:\Windows\System32\hpcpn145.dll
    2014-03-03 16:21:46 436512 ----a-w- C:\Windows\SysWow64\hpcc3145.dll
    2014-03-03 15:48:28 -------- d-----w- C:\Program Files (x86)\HP
    2014-02-26 18:54:05 -------- d-----w- C:\Program Files (x86)\Coupons
    2014-02-12 10:02:04 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-12 10:02:04 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 10:00:59 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-12 10:00:58 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    .
    ==================== Find3M ====================
    .
    2014-02-21 01:59:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-21 01:59:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    .
    ============= FINISH: 14:05:57.86 ===============







    ark.txt from GMER

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-04 14:57:55
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465.76GB
    Running: 7525ki77.exe; Driver: C:\Users\VSCADM\AppData\Local\Temp\ufaiyuob.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff80002dfe08a 12 bytes [80, 09, 00, 00, 48, 2B, C1, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682 fffff80002dfe09a 9 bytes [8B, 44, 24, 60, 48, 89, 84, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007788000c 1 byte [C3]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007790f8ea 5 bytes JMP 00000001778bd5c1
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
    .text ... * 2

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0DFEB824-8F90-43C2-8580-F991E5F323F9}\Connection@Name isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{75C1FD0D-875E-4D72-A10C-6E746947E1D6}"?"{7646AB83-F476-4DC9-B0C1-408B3DF88E11}"?"{0DFEB824-8F90-43C2-8580-F991E5F323F9}"?"{A1A370E5-11FD-41D7-9C39-AC956C6F5553}"?"{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}"?"{BF6C5C0E-1355-4DF9-9674-43465523E5A8}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\TCPIP6TUNNEL_{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\TCPIP6TUNNEL_{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\TCPIP6TUNNEL_{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\TCPIP6TUNNEL_{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\TCPIP6TUNNEL_{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2016d893c004
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@InterfaceName isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 150745
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2016d893c004 (not active ControlSet)
    ---- EOF - GMER 2.1 ----
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please run the following:

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  3. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    Here is the Logs:

    FRST.txt
    -----

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
    Ran by ADELYN (ATTENTION: The logged in user is not administrator) on VSCADM-PC-ADELY on 10-03-2014 12:39:28
    Running from C:\Users\ADELYN\Downloads
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
    (BUFFALO INC.) C:\Windows\System32\TC2Tray.exe
    () C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
    (BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Spotify Ltd) C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.)
    HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
    HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
    HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM\...\Run: [tpcexTray] - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [138312 2011-07-20] (BUFFALO INC.)
    HKLM\...\Run: [TC2Tray] - C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
    HKLM\...\Run: [LMPSSDMON] - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe [753664 2010-09-16] ()
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
    HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
    HKLM-x32\...\Run: [OfficeScanNT Monitor] - "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
    HKLM-x32\...\Run: [PDF8 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFProHook] - C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Backup Utility TaskTray Tool] - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe [3618712 2012-09-18] (BUFFALO INC.)
    HKLM-x32\...\Run: [SBAMTray] - C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] - [X]
    HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    HKU\S-1-5-21-3913833024-2261051122-276496897-1001\...\Run: [Spotify] - C:\Users\ADELYN\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
    Lsa: [Authentication Packages] msv1_0 wvauth
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
    SearchScopes: HKLM - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
    SearchScopes: HKLM-x32 - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
    SearchScopes: HKCU - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL =
    SearchScopes: HKCU - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL =
    SearchScopes: HKCU - {C182FFB9-69B9-4625-A16B-1A862785428D} URL = http://websearch.ask.com/redirect?client=ie&tb=AD2&o=102164&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^JH&apn_dtid=^YYYYYY^SE^US&apn_uid=DC2FECBA-408C-48E3-AE96-18BD29888EDB&apn_sauid=07CFFF10-721A-4339-9E5A-A12AC413BD50
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
    Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
    Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

    FireFox:
    ========
    FF ProfilePath: C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default
    FF SearchEngineOrder.1: Ask.com
    FF SelectedSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Gaaiho Doc) - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Extension: (Google Docs) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-22]
    CHR Extension: (Google Drive) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22]
    CHR Extension: (YouTube) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22]
    CHR Extension: (Google Search) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22]
    CHR Extension: (Gmail) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22]

    ==================== Services (Whitelisted) =================

    R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-08-20] (BUFFALO INC.)
    R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
    R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation)
    R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
    R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
    R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
    R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
    R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
    R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( )
    R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( )
    R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
    R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
    R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
    R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
    R2 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134216 2011-07-20] (BUFFALO INC.)
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
    R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.)
    S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)

    ==================== Drivers (Whitelisted) ====================

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-08-07] (Broadcom Corporation.)
    R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
    R3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-10 12:39 - 2014-03-10 12:40 - 00020100 _____ () C:\Users\ADELYN\Downloads\FRST.txt
    2014-03-10 12:39 - 2014-03-10 12:39 - 00000000 ____D () C:\FRST
    2014-03-10 12:20 - 2014-03-10 12:20 - 02157056 _____ (Farbar) C:\Users\ADELYN\Downloads\FRST64.exe
    2014-03-10 11:14 - 2014-03-10 11:14 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\HpUpdate
    2014-03-04 15:28 - 2014-03-04 15:41 - 00380416 _____ () C:\Users\ADELYN\Downloads\7525ki77.exe
    2014-03-04 15:04 - 2014-03-04 15:04 - 00688992 ____R (Swearware) C:\Users\ADELYN\Desktop\dds.scr
    2014-03-04 14:51 - 2014-03-04 14:52 - 00015978 _____ () C:\Users\ADELYN\Downloads\hijackthis.log
    2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Malwarebytes
    2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-03-04 12:47 - 2014-03-04 12:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADELYN\Downloads\mbam-setup-1.75.0.1300.exe
    2014-03-04 12:32 - 2014-03-04 12:32 - 00002052 _____ () C:\Windows\epplauncher.mif
    2014-03-04 12:21 - 2014-03-04 12:21 - 13670584 _____ (Microsoft Corporation) C:\Users\ADELYN\Downloads\mseinstall.exe
    2014-03-04 08:41 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-03-04 08:41 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-03-03 11:52 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-03-03 11:52 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-03-03 11:52 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-03-03 11:52 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-03-03 11:52 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-03-03 11:52 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-03-03 11:52 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-03-03 11:52 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-03-03 11:52 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-03-03 11:52 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-03-03 11:52 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-03-03 11:52 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-03-03 11:52 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-03-03 11:52 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-03-03 11:52 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-03-03 11:52 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-03-03 11:51 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-03-03 11:51 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-03-03 10:26 - 2014-03-03 10:26 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
    2014-03-03 10:25 - 2014-03-03 10:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
    2014-03-03 10:24 - 2014-03-03 10:24 - 00000237 _____ () C:\Windows\system32\AddPort.ini
    2014-03-03 10:21 - 2013-05-24 07:50 - 00316704 _____ (Hewlett-Packard) C:\Windows\system32\hpbcoins64.dll
    2014-03-03 10:21 - 2013-04-26 10:55 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL
    2014-03-03 10:21 - 2013-04-26 10:53 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn145.dll
    2014-03-03 10:21 - 2013-04-26 10:49 - 00436512 _____ () C:\Windows\SysWOW64\hpcc3145.dll
    2014-03-03 09:48 - 2014-03-03 10:26 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\ProgramData\HP
    2014-03-03 09:06 - 2014-03-03 09:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{80BFBC9E-0DF5-421F-8CD0-F52D403FAF0A}
    2014-02-27 15:16 - 2014-03-10 09:19 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Windows Live
    2014-02-27 15:15 - 2014-02-27 15:16 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{D690D487-EF50-46DF-9B6C-7102064DE197}
    2014-02-27 08:43 - 2014-02-27 08:45 - 00000744 _____ () C:\ProgramData\lmab.log
    2014-02-26 12:54 - 2014-02-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2014-02-26 12:53 - 2014-02-26 12:53 - 02021112 _____ (Coupons.com Incorporated) C:\Users\ADELYN\Downloads\couponprinter.exe
    2014-02-21 16:22 - 2014-02-21 16:21 - 00487456 _____ () C:\Users\ADELYN\Downloads\Pick Up.zip
    2014-02-15 02:08 - 2014-03-03 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-12 17:00 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\ADELYN\Documents\0Contracts
    2014-02-12 11:29 - 2014-02-12 11:29 - 16950239 _____ () C:\Users\ADELYN\Documents\26.wma
    2014-02-12 04:02 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-12 04:02 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-02-12 04:01 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-12 04:01 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-12 04:01 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-02-12 04:01 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-12 04:01 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-02-12 04:01 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-02-12 04:01 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-12 04:01 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-02-12 04:01 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-12 04:01 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-12 04:01 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-02-12 04:01 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-02-12 04:01 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-02-12 04:01 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-02-12 04:01 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-02-12 04:01 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-02-12 04:01 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-02-12 04:01 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-02-12 04:01 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-12 04:01 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-02-12 04:01 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-02-12 04:01 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-12 04:01 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-02-12 04:01 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-02-12 04:01 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-02-12 04:01 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-02-12 04:01 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-12 04:01 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-12 04:01 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-02-12 04:01 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-02-12 04:01 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-02-12 04:01 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-12 04:01 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-02-12 04:01 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-02-12 04:01 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-02-12 04:01 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-02-12 04:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-02-12 04:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-12 04:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-02-12 02:20 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
    2014-02-12 02:20 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
    2014-02-12 02:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-02-12 02:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-02-12 02:20 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-02-12 02:20 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-02-12 02:20 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-02-12 02:20 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-02-12 02:20 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2014-02-12 02:20 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2014-02-12 02:20 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-02-12 02:20 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-02-12 02:20 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-02-12 02:20 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2014-02-12 02:20 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2014-02-12 02:20 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-02-12 02:20 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-02-12 02:20 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2014-02-12 02:20 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2014-02-12 02:20 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2014-02-12 02:20 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2014-02-12 02:20 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2014-02-12 02:20 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2014-02-12 02:20 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2014-02-12 02:20 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2014-02-12 02:20 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-02-12 02:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2014-02-12 02:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

    ==================== One Month Modified Files and Folders =======

    2014-03-10 12:40 - 2014-03-10 12:39 - 00020100 _____ () C:\Users\ADELYN\Downloads\FRST.txt
    2014-03-10 12:39 - 2014-03-10 12:39 - 00000000 ____D () C:\FRST
    2014-03-10 12:36 - 2013-01-19 14:59 - 01364768 _____ () C:\Windows\WindowsUpdate.log
    2014-03-10 12:29 - 2013-03-22 10:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-10 12:20 - 2014-03-10 12:20 - 02157056 _____ (Farbar) C:\Users\ADELYN\Downloads\FRST64.exe
    2014-03-10 11:59 - 2013-01-19 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-10 11:31 - 2013-01-28 17:43 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Spotify
    2014-03-10 11:14 - 2014-03-10 11:14 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\HpUpdate
    2014-03-10 10:24 - 2013-02-01 16:40 - 00000000 ____D () C:\Users\ADELYN\Documents\My Info
    2014-03-10 09:19 - 2014-02-27 15:16 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Windows Live
    2014-03-10 05:45 - 2013-01-28 17:44 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Spotify
    2014-03-09 19:59 - 2013-05-28 16:55 - 00429556 _____ () C:\ProgramData\LMabscan.log
    2014-03-09 18:29 - 2013-03-22 10:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-07 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-07 09:17 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-07 09:17 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-07 09:14 - 2009-07-13 23:13 - 00797354 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-07 09:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-07 09:08 - 2009-07-13 22:51 - 00045091 _____ () C:\Windows\setupact.log
    2014-03-05 17:42 - 2013-01-28 17:07 - 00000000 ____D () C:\Users\ADELYN\Documents\Patrick AFB
    2014-03-05 09:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-03-04 15:41 - 2014-03-04 15:28 - 00380416 _____ () C:\Users\ADELYN\Downloads\7525ki77.exe
    2014-03-04 15:37 - 2013-01-31 09:00 - 481437940 _____ () C:\Windows\MEMORY.DMP
    2014-03-04 15:37 - 2013-01-31 09:00 - 00000000 ____D () C:\Windows\Minidump
    2014-03-04 15:04 - 2014-03-04 15:04 - 00688992 ____R (Swearware) C:\Users\ADELYN\Desktop\dds.scr
    2014-03-04 14:52 - 2014-03-04 14:51 - 00015978 _____ () C:\Users\ADELYN\Downloads\hijackthis.log
    2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Malwarebytes
    2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-03-04 12:47 - 2014-03-04 12:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADELYN\Downloads\mbam-setup-1.75.0.1300.exe
    2014-03-04 12:32 - 2014-03-04 12:32 - 00002052 _____ () C:\Windows\epplauncher.mif
    2014-03-04 12:21 - 2014-03-04 12:21 - 13670584 _____ (Microsoft Corporation) C:\Users\ADELYN\Downloads\mseinstall.exe
    2014-03-04 09:16 - 2013-05-28 13:45 - 00000000 ____D () C:\Users\ADELYN\Documents\IBWC
    2014-03-04 08:30 - 2010-11-20 21:47 - 00288494 _____ () C:\Windows\PFRO.log
    2014-03-03 10:26 - 2014-03-03 10:26 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
    2014-03-03 10:26 - 2014-03-03 09:48 - 00000000 ____D () C:\Program Files (x86)\HP
    2014-03-03 10:25 - 2014-03-03 10:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
    2014-03-03 10:24 - 2014-03-03 10:24 - 00000237 _____ () C:\Windows\system32\AddPort.ini
    2014-03-03 10:19 - 2013-01-25 10:56 - 00000000 ____D () C:\Users\VSCADM
    2014-03-03 10:00 - 2014-02-15 02:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-03 10:00 - 2013-01-25 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\ProgramData\HP
    2014-03-03 09:06 - 2014-03-03 09:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{80BFBC9E-0DF5-421F-8CD0-F52D403FAF0A}
    2014-02-27 15:16 - 2014-02-27 15:15 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{D690D487-EF50-46DF-9B6C-7102064DE197}
    2014-02-27 13:48 - 2013-05-05 08:12 - 00000000 ____D () C:\Windows\Patches
    2014-02-27 13:48 - 2013-01-25 13:38 - 00001077 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-02-27 08:45 - 2014-02-27 08:43 - 00000744 _____ () C:\ProgramData\lmab.log
    2014-02-27 08:44 - 2013-01-28 17:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\VirtualStore
    2014-02-26 12:54 - 2014-02-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Coupons
    2014-02-26 12:53 - 2014-02-26 12:53 - 02021112 _____ (Coupons.com Incorporated) C:\Users\ADELYN\Downloads\couponprinter.exe
    2014-02-26 09:50 - 2013-02-11 16:47 - 00000000 ____D () C:\Users\ADELYN\Documents\VSC
    2014-02-21 16:21 - 2014-02-21 16:22 - 00487456 _____ () C:\Users\ADELYN\Downloads\Pick Up.zip
    2014-02-20 19:59 - 2013-01-19 15:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-20 19:59 - 2013-01-19 15:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-19 14:16 - 2013-12-06 17:29 - 00189971 _____ () C:\Users\ADELYN\Documents\Bible Talk.pptx
    2014-02-19 14:12 - 2013-02-07 12:19 - 00000000 ____D () C:\Users\ADELYN\Documents\Insurance
    2014-02-16 04:03 - 2013-07-12 08:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-16 04:00 - 2013-01-25 11:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-02-14 09:26 - 2013-06-04 16:20 - 00000000 ____D () C:\Users\ADELYN\Documents\VZT Docs
    2014-02-12 17:02 - 2014-02-12 17:00 - 00000000 ____D () C:\Users\ADELYN\Documents\0Contracts
    2014-02-12 17:00 - 2013-02-01 16:34 - 00000000 ____D () C:\Users\ADELYN\Documents\Accounts
    2014-02-12 11:29 - 2014-02-12 11:29 - 16950239 _____ () C:\Users\ADELYN\Documents\26.wma
    2014-02-12 04:09 - 2013-01-28 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-02-12 04:04 - 2011-02-10 08:33 - 00789968 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-02-12 04:03 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini

    Some content of TEMP:
    ====================
    C:\Users\ADELYN\AppData\Local\Temp\AskSLib.dll
    C:\Users\ADELYN\AppData\Local\Temp\US_en_Avery_AW40.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================




    Addition.txt
    -----


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
    Ran by ADELYN at 2014-03-10 12:40:50
    Running from C:\Users\ADELYN\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo Burning Studio 6 FREE v.6.82 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.2 - Ashampoo GmbH & Co. KG)
    AuthenTec Fingerprint Software (Version: 8.4.4.39 - AuthenTec, Inc.) Hidden
    Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
    BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
    BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version: - )
    BUFFALO SecureLockManagerEasy for HD (HKLM-x32\...\UN090430) (Version: - )
    BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version: - )
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
    Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
    Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
    DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)
    EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
    Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    HP LaserJet Enterprise 500 color M551 (HKLM-x32\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 8.0.13144.1328 - Hewlett-Packard)
    HP Unified IO (Version: 2.0.0.477 - HP) Hidden
    HP Unified IO (x32 Version: 2.0.0.477 - HP) Hidden
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
    HPDXP (x32 Version: 3.0.26.9 - HP) Hidden
    HPLaserJetEnterprise500colorM551_HelpLearnCenter (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version: - Lexmark International, Inc.)
    LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
    Nuance PDF Converter Professional 8 (HKLM\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
    Nuance PDF Converter Professional 8 (HKLM-x32\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
    Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
    O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{5F962F59-DCCB-440B-A8E5-3BA4F7F09594}) (Version: 2.1.4.213 - O2Micro)
    O2Micro OZ776 SCR Driver (Version: 2.1.4.213 - O2Micro) Hidden
    Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    PC-CCID (Version: 2.0.0 - Gemalto) Hidden
    Photobie -- photo editing software from Photobie Design (HKLM-x32\...\Photobie) (Version: - )
    Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
    Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
    Scansoft PDF Professional (x32 Version: - ) Hidden
    Screen+ 1.0 (HKLM-x32\...\Screen+_is1) (Version: - AOC)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
    Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
    Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
    Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
    VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
    VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
    Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
    Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================

    Could not list Restore Points. Check "winmgmt" service or repair WMI.


    ==================== Hosts content: ==========================

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

    ==================== Loaded Modules (whitelisted) =============

    2013-05-28 16:55 - 2010-09-16 13:47 - 00753664 _____ () C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
    2013-01-19 16:40 - 2012-03-26 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-09-25 12:32 - 2014-01-15 11:40 - 00603648 _____ () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: SBRegRebootCleaner => "c:\users\vscadm\appdata\local\temp\Downloads\CartSdk\sbrc.exe"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/10/2014 10:24:24 AM) (Source: Microsoft Office 14) (User: )
    Description: Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

    Do you want to start Outlook in safe mode?.
    Rejected Safe Mode action : Microsoft Outlook.

    Error: (03/07/2014 11:41:20 AM) (Source: Application Hang) (User: )
    Description: The program EXCEL.EXE version 14.0.7109.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b78

    Start Time: 01cf3a2bb8063bac

    Termination Time: 18

    Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

    Report Id: a3190a60-a61f-11e3-b801-2016d893c004

    Error: (03/07/2014 09:08:59 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/06/2014 05:59:12 PM) (Source: Application Error) (User: )
    Description: Faulting application name: prevhost.exe, version: 6.1.7601.17562, time stamp: 0x4d5e2495
    Faulting module name: zPreview_x64.dll, version: 8.0.0.18, time stamp: 0x4fed5790
    Exception code: 0xc0000005
    Fault offset: 0x00000000000112c4
    Faulting process id: 0x2a8c
    Faulting application start time: 0xprevhost.exe0
    Faulting application path: prevhost.exe1
    Faulting module path: prevhost.exe2
    Report Id: prevhost.exe3

    Error: (03/06/2014 05:24:48 PM) (Source: Application Error) (User: )
    Description: Faulting application name: CouponPrinterService.exe, version: 6.0.1.0, time stamp: 0x52fd5bb4
    Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdfd0
    Exception code: 0xc0000005
    Fault offset: 0x000007fef5c475f4
    Faulting process id: 0x91c
    Faulting application start time: 0xCouponPrinterService.exe0
    Faulting application path: CouponPrinterService.exe1
    Faulting module path: CouponPrinterService.exe2
    Report Id: CouponPrinterService.exe3

    Error: (03/06/2014 01:17:32 PM) (Source: Application Hang) (User: )
    Description: The program EXCEL.EXE version 14.0.7109.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1b70

    Start Time: 01cf395b1f5ee78d

    Termination Time: 93

    Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

    Report Id: a7be161a-a563-11e3-beac-2016d893c004

    Error: (03/06/2014 11:20:09 AM) (Source: Application Hang) (User: )
    Description: The program GaaihoDoc.exe version 8.0.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2258

    Start Time: 01cf395fedec6ea6

    Termination Time: 32

    Application Path: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe

    Report Id: 89ff26e9-a553-11e3-beac-2016d893c004

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 12168

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 12168

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (03/08/2014 03:40:27 PM) (Source: iaStor) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (03/07/2014 09:08:33 AM) (Source: Service Control Manager) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/06/2014 05:25:00 PM) (Source: Service Control Manager) (User: )
    Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (03/05/2014 01:02:40 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \...\DR1.

    Error: (03/05/2014 09:11:30 AM) (Source: Service Control Manager) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/05/2014 09:11:19 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 8:06:14 AM on &#8206;3/&#8206;5/&#8206;2014 was unexpected.

    Error: (03/04/2014 07:34:08 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.

    Error: (03/04/2014 03:44:40 PM) (Source: iaStor) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (03/04/2014 03:38:25 PM) (Source: Service Control Manager) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

    Error: (03/04/2014 03:37:34 PM) (Source: Service Control Manager) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0


    Microsoft Office Sessions:
    =========================
    Error: (03/10/2014 10:24:24 AM) (Source: Microsoft Office 14)(User: )
    Description: Microsoft OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

    Do you want to start Outlook in safe mode?

    Error: (03/07/2014 11:41:20 AM) (Source: Application Hang)(User: )
    Description: EXCEL.EXE14.0.7109.5000b7801cf3a2bb8063bac18C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEa3190a60-a61f-11e3-b801-2016d893c004

    Error: (03/07/2014 09:08:59 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/06/2014 05:59:12 PM) (Source: Application Error)(User: )
    Description: prevhost.exe6.1.7601.175624d5e2495zPreview_x64.dll8.0.0.184fed5790c000000500000000000112c42a8c01cf399811fd1c9aC:\Windows\system32\prevhost.exeC:\Program Files (x86)\Nuance\PDF Professional 8\Bin\zPreview_x64.dll5053400f-a58b-11e3-beac-2016d893c004

    Error: (03/06/2014 05:24:48 PM) (Source: Application Error)(User: )
    Description: CouponPrinterService.exe6.0.1.052fd5bb4netprofm.dll_unloaded0.0.0.04a5bdfd0c0000005000007fef5c475f491c01cf3885326cdd93C:\Program Files (x86)\Coupons\CouponPrinterService.exenetprofm.dll81f4dff7-a586-11e3-beac-2016d893c004

    Error: (03/06/2014 01:17:32 PM) (Source: Application Hang)(User: )
    Description: EXCEL.EXE14.0.7109.50001b7001cf395b1f5ee78d93C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEa7be161a-a563-11e3-beac-2016d893c004

    Error: (03/06/2014 11:20:09 AM) (Source: Application Hang)(User: )
    Description: GaaihoDoc.exe8.0.0.23225801cf395fedec6ea632C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe89ff26e9-a553-11e3-beac-2016d893c004

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 12168

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 12168

    Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Percentage of memory in use: 75%
    Total physical RAM: 3969.24 MB
    Available physical RAM: 987.77 MB
    Total Pagefile: 7936.66 MB
    Available Pagefile: 3636.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:377.26 GB) NTFS
    Drive d: (Documents Mgt) (CDROM) (Total:2.89 GB) (Free:0 GB) UDF
    Drive e: (HD-PNTU3) (Fixed) (Total:931.48 GB) (Free:409.34 GB) NTFS
    Drive z: (IBWC) (Network) (Total:3696.91 GB) (Free:3690.07 GB) NTFS

    ==================== MBR & Partition Table ==================

    ==================== End Of Log ============================
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please run the following:

    Refer to the ComboFix User's Guide

    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  5. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    When I ran it....

    It seemed ComboFix was stalling. (console windows alternated back and forth for many long minutes).

    Vipre anti-virus was disabled. Do you think it could be something else that could cause it to stall?
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    It's usually a security program or a badly infected computer.

    try it in safe mode

    How to boot to safe mode.
    Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu appears > arrow up to Safe Mode with networking from the list > press enter.
    (On some systems, this may be the F5 key, so try that if F8 doesn't work.)

    Login with your usual account.
     
  7. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    Below is the contents of the ComboFix log file.

    cComboFix 14-03-10.01 - VSCADM 03/11/2014 15:24:23.1.4 - x64 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3969.2888 [GMT -6:00]
    Running from: c:\users\ADELYN\Desktop\ComboFix.exe
    AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
    SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\windows\security\Database\tmp.edb
    .
    ---- Previous Run -------
    .
    c:\users\ADELYN\Documents\~WRL0005.tmp
    c:\users\ADELYN\Documents\~WRL0006.tmp
    c:\users\ADELYN\Documents\~WRL1647.tmp
    c:\users\ADELYN\Documents\~WRL1681.tmp
    c:\users\ADELYN\Documents\~WRL3342.tmp
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
    c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\windows\security\Database\tmp.edb
    E:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-10 18:39 . 2014-03-10 18:41 -------- d-----w- C:\FRST
    2014-03-10 17:14 . 2014-03-10 17:14 -------- d-----w- c:\users\ADELYN\AppData\Roaming\HpUpdate
    2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\users\ADELYN\AppData\Roaming\Malwarebytes
    2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\users\VSCADM\AppData\Roaming\Malwarebytes
    2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-03 17:51 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-03-03 17:51 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-03-03 16:26 . 2014-03-03 16:26 -------- d-----w- c:\users\VSCADM\AppData\Roaming\HpUpdate
    2014-03-03 16:25 . 2014-03-03 16:25 -------- d-----w- c:\programdata\Hewlett-Packard
    2014-03-03 16:25 . 2013-04-26 16:53 591648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp145.DLL
    2014-03-03 16:21 . 2013-05-24 13:50 316704 ----a-w- c:\windows\system32\hpbcoins64.dll
    2014-03-03 16:21 . 2013-04-26 16:55 518432 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL
    2014-03-03 16:21 . 2013-04-26 16:53 438560 ----a-w- c:\windows\system32\hpcpn145.dll
    2014-03-03 16:21 . 2013-04-26 16:49 436512 ----a-w- c:\windows\SysWow64\hpcc3145.dll
    2014-03-03 15:48 . 2014-03-03 16:26 -------- d-----w- c:\program files (x86)\HP
    2014-03-03 15:48 . 2014-03-03 15:48 -------- d-----w- c:\programdata\HP
    2014-02-27 21:16 . 2014-03-10 15:19 -------- d-----w- c:\users\ADELYN\AppData\Local\Windows Live
    2014-02-26 18:54 . 2014-02-26 18:54 -------- d-----w- c:\program files (x86)\Coupons
    2014-02-12 10:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-12 10:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-02-12 10:00 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-02-12 10:00 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-21 01:59 . 2013-01-19 21:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-21 01:59 . 2013-01-19 21:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-16 10:00 . 2013-01-25 17:34 88567024 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-14 134616]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
    "PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-24 178576]
    "PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-10-24 2013072]
    "Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2012-10-11 333712]
    "Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2012-09-18 3618712]
    "SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
    R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
    R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
    R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;c:\windows\system32\drivers\bftpdskc64.sys;c:\windows\SYSNATIVE\drivers\bftpdskc64.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
    S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [x]
    S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [x]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
    S2 bufssvr;bufssvr;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [x]
    S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
    S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
    S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
    S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
    S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
    S2 TC2Service;TurboPC EX FileCopy Service;c:\windows\system32\TC2Service.exe;c:\windows\SYSNATIVE\TC2Service.exe [x]
    S2 tpcexdccs;TurboPC EX DiskCache Control Service;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;c:\windows\system32\drivers\bftpusbx64.sys;c:\windows\SYSNATIVE\drivers\bftpusbx64.sys [x]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
    S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 01:59]
    .
    2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 16:52]
    .
    2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 16:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-18 7469568]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
    "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "tpcexTray"="c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe" [2011-07-20 138312]
    "TC2Tray"="c:\windows\system32\TC2Tray.exe" [2012-07-18 629656]
    "LMPSSDMON"="c:\program files\Lexmark\Monitor\ACB\LMabMON.exe" [2010-09-16 753664]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 399856]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 442352]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-13 1425408]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://dell13-comm.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
    IE: Open with PDF Professional 8 - c:\program files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.13
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
    FF - ProfilePath - c:\users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-OfficeScanNT Monitor - c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
    c:\windows\system32\o2flash.exe
    c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-11 16:09:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-11 22:09
    .
    Pre-Run: 407,220,518,912 bytes free
    Post-Run: 407,093,370,880 bytes free
    .
    - - End Of File - - 03BCBF4C1C5CE396558BEE956537839E
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right-mouse click JRT.exe and select Run as administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message


    NEXT


    Download AdwCleaner from here and save it to your desktop.
    • Run AdwCleaner and select Scan
    • If items are found, please select the Clean button
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply
     
  9. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    JRT.txt
    ------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Professional x64
    Ran by VSCADM on Thu 03/13/2014 at 12:59:56.53
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EFE8937-8FE1-404E-827E-B5D581288CCB}
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\VSCADM\AppData\Roaming\defaulttab"
    Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Users\VSCADM\appdata\locallow\asktoolbar"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\VSCADM\AppData\Roaming\mozilla\firefox\profiles\y71dvp20.default\extensions\[email protected]
    Successfully deleted: [File] C:\Users\VSCADM\AppData\Roaming\mozilla\firefox\profiles\y71dvp20.default\searchplugins\askcom.xml



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/13/2014 at 13:05:09.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    AdwCleaner[S1].txt
    -----

    # AdwCleaner v3.021 - Report created 13/03/2014 at 14:23:07
    # Updated 10/03/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : VSCADM - VSCADM-PC-ADELY
    # Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
    Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]
    Line Deleted : user_pref("extensions.enabledAddons", "nuance%40pdf8:8,%7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e[...]
    Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
    Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites_14_11_ff");
    Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDzytDtDzytByDtGtC0ByBy[...]
    Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
    Line Deleted : user_pref("extensions.mysearchdial.cr", "1799622063");
    Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
    Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
    Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
    Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
    Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
    Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "A5B69E40EB82B3916BB2A140B3405BFC");
    Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
    Line Deleted : user_pref("extensions.mysearchdial.id", "2016D893C004467A");
    Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16142");
    Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
    Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
    Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:11:2");
    Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1Czu[...]
    Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
    Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
    Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1C[...]
    Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
    Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
    Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
    Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:11:2");

    [ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
    AdwCleaner[R1].txt - [5068 octets] - [13/03/2014 14:22:19]
    AdwCleaner[S0].txt - [11502 octets] - [13/03/2014 14:17:20]
    AdwCleaner[S1].txt - [5065 octets] - [13/03/2014 14:23:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5125 octets] ##########


    adwCleaner[s0].txt
    ------

    # AdwCleaner v3.021 - Report created 13/03/2014 at 14:17:20
    # Updated 10/03/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : VSCADM - VSCADM-PC-ADELY
    # Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : 70e6ca8c

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
    Folder Deleted : C:\Program Files (x86)\Mysearchdial
    Folder Deleted : C:\Program Files (x86)\openit
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Users\VSCADM\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mysearchdial
    Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Optimizer Pro
    Folder Deleted : C:\Users\VSCADM\Documents\Optimizer Pro
    Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\Extensions\[email protected]
    File Deleted : C:\Users\Public\Desktop\Open It!.lnk
    File Deleted : C:\Users\VSCADM\Desktop\Optimizer Pro.lnk
    File Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\user.js
    File Deleted : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\user.js
    File Deleted : C:\Windows\Tasks\MySearchDial.job
    File Deleted : C:\Windows\System32\Tasks\MySearchDial

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\FLEXnet
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial
    Key Deleted : HKCU\Software\mysearchdial.com
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
    Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]
    Line Deleted : user_pref("extensions.enabledAddons", "nuance%40pdf8:8,%7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e[...]
    Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
    Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites_14_11_ff");
    Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDzytDtDzytByDtGtC0ByBy[...]
    Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
    Line Deleted : user_pref("extensions.mysearchdial.cr", "1799622063");
    Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
    Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
    Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
    Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
    Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
    Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "A5B69E40EB82B3916BB2A140B3405BFC");
    Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
    Line Deleted : user_pref("extensions.mysearchdial.id", "2016D893C004467A");
    Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16142");
    Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
    Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
    Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:11:2");
    Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1Czu[...]
    Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
    Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
    Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1C[...]
    Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
    Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
    Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
    Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:11:2");

    [ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\prefs.js ]

    Line Deleted : user_pref("browser.search.order.1", "Ask.com");
    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]

    *************************

    AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
    AdwCleaner[S0].txt - [11344 octets] - [13/03/2014 14:17:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11405 octets] ##########
     
  10. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    adwCleaner[S2].txt
    -----

    # AdwCleaner v3.021 - Report created 13/03/2014 at 14:30:21
    # Updated 10/03/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : VSCADM - VSCADM-PC-ADELY
    # Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\prefs.js ]


    [ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
    AdwCleaner[R1].txt - [5068 octets] - [13/03/2014 14:22:19]
    AdwCleaner[R2].txt - [1205 octets] - [13/03/2014 14:29:54]
    AdwCleaner[S0].txt - [11502 octets] - [13/03/2014 14:17:20]
    AdwCleaner[S1].txt - [5205 octets] - [13/03/2014 14:23:07]
    AdwCleaner[S2].txt - [1129 octets] - [13/03/2014 14:30:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1189 octets] ##########
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT

    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish



    NEXT

    Please advise how the computer is running now and if there are any outstanding issues
     
  12. andrew_al

    andrew_al Thread Starter

    Joined:
    Sep 25, 2012
    Messages:
    27
    After running malwarebytes and eset... I can say the computer runs a lot faster and cleaner. Thanks a lot.
    Excel still gives an error that says "Excel cannot complete this task with available resources. Choose less data or close other applications", but I think that is an application issue, I will try reinstalling that or troubleshooting that. It isn't a big issue.

    Things seem to be running better now. below are the logs.



    First Malware bytes log:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.13.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    VSCADM :: VSCADM-PC-ADELY [administrator]

    Protection: Disabled

    3/13/2014 3:20:43 PM
    mbam-log-2014-03-13 (15-20-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 266635
    Time elapsed: 8 minute(s), 4 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe (PUP.Optional.MegaBrowse.A) -> 1476 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 9
    HKLM\SYSTEM\CurrentControlSet\Services\Update Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4e6cd411-ce62-4584-97ff-6afbcf6900af} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{15f672ec-1269-428f-bdb7-db781e772b77} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{158C1B4D-859D-4886-BCA4-4C671693EAA0} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    HKLM\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files (x86)\Mega Browse (PUP.Optional.MegaBrowse.A) -> Delete on reboot.

    Files Detected: 12
    C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe (PUP.Optional.MegaBrowse.A) -> Delete on reboot.
    C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Users\VSCADM\AppData\Local\temp\is166192373\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    C:\Users\VSCADM\AppData\Local\temp\is357113909\166062074_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
    C:\Users\VSCADM\AppData\Local\temp\is357113909\166062325_stp\MegaBrowseSetup.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Users\VSCADM\Downloads\PhotobieInstaller.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\VSCADM\Local Settings\Temporary Internet Files\Content.IE5\L3VWC4A2\Setup[1].exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mega Browse\MegaBrowse.ico (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mega Browse\0 (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mega Browse\7za.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mega Browse\MegaBrowseUninstall.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mega Browse\updateMegaBrowse.InstallState (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.

    (end)

    2nd Log of Malwarebytes
    ----

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.13.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    ADELYN :: VSCADM-PC-ADELY [limited]

    Protection: Disabled

    3/13/2014 3:40:56 PM
    mbam-log-2014-03-13 (15-40-56).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 318548
    Time elapsed: 44 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 9
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
    C:\Qoobox\Quarantine\C\Users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

    (end)

    3rd log of malwarebytes
    ----

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.13.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    ADELYN :: VSCADM-PC-ADELY [limited]

    Protection: Disabled

    3/13/2014 4:38:58 PM
    mbam-log-2014-03-13 (16-38-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 172046
    Time elapsed: 4 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Esetlog
    ------

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
    C:\Users\VSCADM\AppData\Local\temp\{69934956-E5AC-4B42-A654-35981A1CF18B}\setup.exe multiple threats
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:


    Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:


    Now we need to clean up our tools:


    You can delete the DDS, JRT and FRST logs and programs from your desktop.


    NEXT


    Follow these steps to uninstall Combofix

    • Make sure your security programs are totally disabled.
    • Press the WinKey +R to open a run box
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]


    NEXT

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.


    If there are any logs/tools remaining on your desktop > right click and delete them.


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for Chrome, Firefox and IE
    • AdblockPlus
      • AdblockPlus, Surf the web without annoying ads!
      • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
      • Protects your online privacy
      • Two-click installation, It's free!
      • click the icon that corresponds to your browser and download.

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      PC Safety and Security--What Do I Need?.
    • Simple and easy ways to keep your computer safe and secure on the Internet

    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1121240