Jump to content

jrichardson9

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All back to normal now, thank you so much for your assistance, you've been an enormous help! Also thanks for your advice for keeping the computer clean in the future. All the best
  2. # AdwCleaner v3.208 - Report created 17/05/2014 at 21:49:19 # Updated 11/05/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : David - DAVID-DESKTOP # Running from : C:\Users\David\Downloads\adwcleaner_3.208.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files (x86)\AnyProtectEx Folder Deleted : C:\Users\David\AppData\Roaming\Babylon File Deleted : C:\Windows\SysWOW64\SecureAssist.ini ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\5f57d8dcb46ebd47 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\TutoTag Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\Free_soft_today Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\systweak Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Google Chrome v34.0.1847.131 [ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof ************************* AdwCleaner[R0].txt - [3102 octets] - [17/05/2014 21:48:45] AdwCleaner[s0].txt - [2749 octets] - [17/05/2014 21:49:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2809 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by David on 17/05/2014 at 21:59:29.34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4164971623-3206920871-1535522095-1000\Software\sweetim ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/05/2014 at 22:03:18.99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Reader XI Google Chrome 34.0.1847.131 Google Chrome 34.0.1847.137 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9% ````````````````````End of Log`````````````````````` Thanks!
  3. Apologies for the delay but am I am currently unable to complete the above task as rely on both me and the family member effected being around to talk through the repairs or use remote assistance, will try to complete it in the next few days, just don't want the thread to be closed due to inactivity as I appreciate the importance of ensuring the system is totally clean. Thanks, will be in touch as soon as possible.
  4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01 Ran by David at 2014-05-13 20:04:33 Run:2 Running from C:\Users\David\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CMD: netsh winsock reset ***************** ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/05/2014 Scan Time: 20:13:55 Logfile: malwarebytesscan.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.13.12 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: David Scan Type: Threat Scan Result: Completed Objects Scanned: 261853 Time Elapsed: 4 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.ScramblePacker.A, C:\Users\David\AppData\Local\Temp\be2c3475-63d3-4f34-bd40-bef44c5c0add\software\freeven-proxx.exe, Quarantined, [f0107f8142be34cc7b2b8af0d42dc43c], Physical Sectors: 0 (No malicious items detected) (end) ESET LOG C:\Users\David\AppData\Local\Temp\rcpsetup_isppi.exe Win32/Systweak.B potentially unwanted application C:\Users\David\AppData\Local\Temp\be2c3475-63d3-4f34-bd40-bef44c5c0add\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application C:\Users\David\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe Win32/OpenCandy potentially unsafe application C:\Users\David\Downloads\CrystalDiskMark3_0_2fShizuku-en.exe Win32/OpenCandy potentially unsafe application Should the files put in quarantine be permanently removed or left in quarantine? Thanks again for all your advice.
  5. The internet now appears to be working correctly, the LSP chain appears to have been fixed, thank you so much for your assistance. Does anything else need doing or should the computer be completely clean now? Does the InitHelperDll failure mean anything significant? Also what antivirus software would you recommend from experience?! Thanks again for all your help, it's very much appreciated.
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2014 02 Ran by David at 2014-05-10 22:27:13 Run:1 Running from C:\Users\David\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Winsock: Catalog9 01 C:\Windows\system32\SecureAssist.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\SecureAssist.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\SecureAssist.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\SecureAssist.dll File Not found () Winsock: Catalog9 15 C:\Windows\system32\SecureAssist.dll File Not found () Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\David\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {9AC7F219-CC6F-4453-859F-0D9E766908E2} - System32\Tasks\DigitalSite => C:\Users\David\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\David\AppData\Roaming\DIGITA~1 C:\Windows\system32\SecureAssist64.dll 2014-04-30 15:39 - 2014-03-21 12:27 - 00005512 _____ () C:\Windows\system32\SecureAssist.ini 2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini 2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\system32\SecureAssistOff.ini 2014-04-30 15:37 - 2014-04-30 15:37 - 00000532 _____ () C:\end 2014-04-30 15:37 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts 2014-05-03 22:21 - 2014-05-03 22:21 - 00003124 _____ () C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F} 2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\Program Files (x86)\predm 2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\VOPackage 2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-05-03 23:35 - 2014-04-30 15:37 - 00000000 ____D () C:\Program Files\003 2014-05-03 23:35 - 2010-11-21 04:47 - 00159784 _____ () C:\Windows\PFRO.log 2014-05-03 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\DigitalSite 2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\ProgramData\DSearchLink CMD: netsh winsock reset ***************** Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000015 => Deleted successfully. Winsock: Catalog entry 000000000001 => Deleted successfully. Winsock: Catalog entry 000000000002 => Deleted successfully. Winsock: Catalog entry 000000000003 => Deleted successfully. Winsock: Catalog entry 000000000004 => Deleted successfully. Winsock: Catalog entry 000000000015 => Deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => Key deleted successfully. C:\Windows\Tasks\DigitalSite.job => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AC7F219-CC6F-4453-859F-0D9E766908E2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC7F219-CC6F-4453-859F-0D9E766908E2} => Key deleted successfully. C:\Windows\System32\Tasks\DigitalSite => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully. C:\Users\David\AppData\Roaming\DIGITA~1 => Moved successfully. C:\Windows\system32\SecureAssist64.dll => Moved successfully. C:\Windows\system32\SecureAssist.ini => Moved successfully. C:\Windows\SysWOW64\SecureAssistOff.ini => Moved successfully. C:\Windows\system32\SecureAssistOff.ini => Moved successfully. C:\end => Moved successfully. C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts => Moved successfully. C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F} => Moved successfully. C:\Program Files (x86)\predm => Moved successfully. C:\Users\David\AppData\Roaming\VOPackage => Moved successfully. C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully. C:\Program Files\003 => Moved successfully. C:\Windows\PFRO.log => Moved successfully. C:\Windows\PolicyDefinitions => Moved successfully. "C:\Users\David\AppData\Roaming\DigitalSite" => File/Directory not found. C:\ProgramData\DSearchLink => Moved successfully. ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ==== End of Fixlog ====
  7. Here is the "Protection log" incase this helps with the issue: <?xml version="1.0" encoding="UTF-8" ?> <logs> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:27:59.407609+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="d4104c71-c463-44a3-ba77-35266c8b12b4" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:27:59.410610+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="20e0d03a-04e5-4ece-b34a-e461c3e119e8" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:27:59.432611+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="06368db6-29fd-48c6-bf57-3e8a92fa141e" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:01.574733+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="ac239941-13b3-40a8-917e-c19ef4b1c746" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="1" datetime="2014-05-03T23:28:07.902095+01:00" source="Manual" type="Update" username="SYSTEM" systemname="DAVID-DESKTOP" fromVersion="2014.2.20.1" last_modified_tag="3bffae7f-43c4-45a1-9bdc-047d418d8034" name="Rootkit Database" toVersion="2014.3.27.1"></record> <record severity="debug" LoggingEventType="1" datetime="2014-05-03T23:28:16.482586+01:00" source="Manual" type="Update" username="SYSTEM" systemname="DAVID-DESKTOP" fromVersion="2014.3.4.9" last_modified_tag="6ce3d589-cb6b-452c-8b87-e111ae1ab3c9" name="Malware Database" toVersion="2014.5.3.6"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:18.933726+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="6f670b7f-175a-4a1e-a117-13bb21eaa803" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:18.938727+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="070e2f17-8246-464c-8081-bc67bf2b536a" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:19.052733+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="a91b89ec-944c-40fd-a3f3-e671665b569d" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:21.752888+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="b550dfac-6acd-4218-b1e2-5cf221a93b6a" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:21.766888+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="936d99a5-ddd7-45a9-b9ac-4b37098e25d6" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:28:21.969900+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="235d10ef-fb41-4167-ae47-fdc59cbae20f" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:35:38.321619+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="4061a29e-30cc-469f-9778-1622eabce04b" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:35:38.331619+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="f1e19adc-4924-4fdc-bb47-26c8de2821e4" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:35:38.341619+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="8800c038-c2ee-4649-9ebb-2dffe8e92424" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:36:31.438816+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="de773e86-7bc0-4ab3-9140-60a216f4e4d7" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:36:31.448816+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="ce3066a3-d414-4c28-986c-89779221bf26" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:36:31.448816+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="ff48c74f-f5ae-4a25-bbec-b52b86a1339b" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:41:40.688823+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="314cac0d-f313-4a14-bfab-a28336f7c7f2" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:41:40.698823+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="2922e345-f809-4cfe-88ae-e901822b8206" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:41:40.698823+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="c4fa9baa-6a65-4fc0-94e2-99555b861e84" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:48:56.697389+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="cdc0075d-47fd-4c8b-84ae-f46ffd9ee1d2" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:48:56.712989+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="8babeef1-8930-4dac-8500-0b206a8a9408" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:48:56.728589+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="4fc25557-5880-48eb-ad12-1c59910321aa" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:50:14.034815+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="44e2fcf9-993d-483f-903c-3c7bd76dd76b" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:50:14.034815+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="0524c569-e748-4766-9747-ca23960cf5f1" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:50:14.044815+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="b98ddabb-26c0-44a1-9967-1a6ece0753c0" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:55:33.867613+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="1de301fc-fda0-471d-88b8-46b64fb5a72c" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:55:33.877613+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="0bb601e3-e104-4da9-b9cd-54be927b10be" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2014-05-03T23:55:33.877613+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="DAVID-DESKTOP" last_modified_tag="1d154831-a7e5-4807-a303-334cc856dd4d" result="Starting" subtype="Malicious Website Protection"></record> </logs> Thanks for your help.
  8. SecureAssist appears to be part of the "Suprasavings" adware that was removed (maybe only partially removed if still there) by malwarebytes. Could this be what is causing an issue? Here is the log requested: ?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/05/03 23:34:50 +0100</date> <log>mbam-log-2014-05-03 (23-28-13).xml</log> <isadmin>yes</isadmin> </header> <engine> <version>2.00.1.1004</version> <rules-database>v2014.05.03.06</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>David</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>258658</objects> <time>391</time> <processes>3</processes> <modules>0</modules> <keys>63</keys> <values>3</values> <datas>1</datas> <folders>6</folders> <files>38</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <process><path>C:\Program Files\003\buuoujqmrk64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><pid>2072</pid><hash>32d0262792e9cd691da838f418ec3fc1</hash></process> <process><path>C:\Program Files\003\buuoujqmrk64.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><pid>2072</pid><hash>08fa38150d6e3303d407f385a55df808</hash></process> <process><path>C:\Program Files\suprasavings\SecureAssist.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><pid>2592</pid><hash>010167e6611a78be22f98eefd32fc23e</hash></process> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\buuoujqmrk64</path><vendor>Adware.Adpeak</vendor><action>success</action><hash>32d0262792e9cd691da838f418ec3fc1</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>8e7484c993e850e637eb809e9a688a76</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>8e7484c993e850e637eb809e9a688a76</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>13ef0548196215217e3da9abed15e11f</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>13ef0548196215217e3da9abed15e11f</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\buuoujqmrk64</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>08fa38150d6e3303d407f385a55df808</hash></key> <key><path>HKLM\SOFTWARE\Rr Savings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>success</action><hash>cb3706473249be787f9abbbec939a15f</hash></key> <key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>a65cb994ea9177bfc72cc3bc60a27789</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\Freeven pro</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>f012b499a2d98caa9347403ee919a45c</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\Rr Savings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>success</action><hash>f40e50fdd7a447efe435c8b13bc77f81</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\SupraSavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>c14165e8e09b82b45e710f6c62a018e8</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>31d14805a9d251e5f30029569b6724dc</hash></key> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>010167e6611a78be22f98eefd32fc23e</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>f40eee5fee8d66d04a92abd30af829d7</hash></key> <key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus</path><vendor>PUP.Optional.MediaPlayerplus.A</vendor><action>success</action><hash>5ba7e16ce69567cf738b493551b1f10f</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>4cb63815bfbc2f07bf12adf5e41f51af</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar</path><vendor>PUP.Optional.DataMngr.A</vendor><action>success</action><hash>24decb821c5fa98db51bc1e16e95619f</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>eb1796b73942a49228628d2ad52e04fc</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>d1316ae3a0db96a015c7641a35cd0ef2</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>success</action><hash>9b677fce24572313cf511d5c6f937b85</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>b84a91bc760538fed66b3549cc366d93</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>de247ecf205bce688a50f2b17f84659b</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>c93980cdec8fe4520ec3602ca2606997</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>7b8757f6a2d9c96df0081b87f40f24dc</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3ac8e36a03782b0b896b16698082e41c</hash></key> <key><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Freeven</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ad5594b98af13ff70e48e89bb949f10f</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Freeven pro</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></key> <value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>fst_gb_5</valuename><vendor>PUP.Optional.FirstSeenToday.A</vendor><action>success</action><valuedata></valuedata><hash>bf4392bb106b0e28a1f7fc7cfd05a060</hash></value> <value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST</path><valuename>ImagePath</valuename><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><valuedata>C:\Program Files\SupraSavings\SecureAssist.exe</valuedata><hash>010167e6611a78be22f98eefd32fc23e</hash></value> <value><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0L1N1H2O1S</valuedata><hash>7b8757f6a2d9c96df0081b87f40f24dc</hash></value> <data><path>HKU\S-1-5-21-4164971623-3206920871-1535522095-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.StartPage</vendor><action>replaced</action><valuedata>http://www2.delta-search.com/?babsrc=HP_ss&mntrId=4A6560A44C3158D8&affID=119357&tsp=5007</valuedata><baddata>http://www2.delta-search.com/?babsrc=HP_ss&mntrId=4A6560A44C3158D8&affID=119357&tsp=5007</baddata><gooddata>http://www.google.com</gooddata><hash>37cb331a2b50c472a030c177bb492fd1</hash></data> <folder><path>C:\Users\David\AppData\Roaming\DigitalSite\UpdateProc</path><vendor>PUP.Optional.DigitalSite.A</vendor><action>success</action><hash>1de586c7ef8c93a37e1da0efe71b8a76</hash></folder> <folder><path>C:\Users\David\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>48ba0944493268ce5a5bd493a062d22e</hash></folder> <folder><path>C:\Users\David\AppData\Roaming\OpenCandy\83BB820EE7CC498CBCFCDC65AB657972</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>48ba0944493268ce5a5bd493a062d22e</hash></folder> <folder><path>C:\Users\David\AppData\Roaming\OpenCandy\F347A5A550C94EFD8D4FF7D054D70CB0</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>48ba0944493268ce5a5bd493a062d22e</hash></folder> <folder><path>C:\Program Files (x86)\Freeven pro</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></folder> <folder><path>C:\Program Files\suprasavings</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></folder> <file><path>C:\Program Files\003\buuoujqmrk64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><hash>32d0262792e9cd691da838f418ec3fc1</hash></file> <file><path>C:\ProgramData\DSearchLink\DSearchLink.exe</path><vendor>PUP.Optional.Delta.A</vendor><action>success</action><hash>0af8b895562536009d9719ea4db7b34d</hash></file> <file><path>C:\temp\InstallFilter64.msi</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>20e2b49993e8d85e0c6a54e909f706fa</hash></file> <file><path>C:\temp\t.msi</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>b44e57f6067566d0afc874b716ee867a</hash></file> <file><path>C:\Windows\SysWOW64\SecureAssist.dll</path><vendor>PUP.Optional.AdPeak.A</vendor><action>delete-on-reboot</action><hash>07fb51fc582342f47204013ca45cb050</hash></file> <file><path>C:\Users\David\AppData\Local\Temp\be2c3475-63d3-4f34-bd40-bef44c5c0add\software\DesktopWeatherAlertsSetup.exe</path><vendor>PUP.Optional.WeatherAlerts.A</vendor><action>success</action><hash>b54dd4795b2016206caf52100afab24e</hash></file> <file><path>C:\Users\David\AppData\Local\Temp\be2c3475-63d3-4f34-bd40-bef44c5c0add\software\Freesofttoday.exe</path><vendor>Adware.EoRezo</vendor><action>success</action><hash>de24004d5a2187af320e303eaa577a86</hash></file> <file><path>C:\Users\David\AppData\Local\Temp\be2c3475-63d3-4f34-bd40-bef44c5c0add\software\mediaplayerpluuss.exe</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c83a202d9be02610fd55fd4559a7ca36</hash></file> <file><path>C:\Windows\Installer\f4b7c4.msi</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>31d1f5586d0ec07689ed3b022bd560a0</hash></file> <file><path>C:\Program Files\003\buuoujqmrk64.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>08fa38150d6e3303d407f385a55df808</hash></file> <file><path>C:\Windows\Tasks\44607353-2bbc-4ecd-ada9-bc7ad88e768f-1.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9f63212c6a1186b0313d9ee09f63827e</hash></file> <file><path>C:\Windows\Tasks\44607353-2bbc-4ecd-ada9-bc7ad88e768f-3.job</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>15ede06dc0bb95a1a3cb80fe14eedd23</hash></file> <file><path>C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk</path><vendor>PUP.Optional.WeatherAlerts</vendor><action>success</action><hash>d0328ebff883f442721e5f2ce81a23dd</hash></file> <file><path>C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk</path><vendor>PUP.Optional.WeatherAlerts</vendor><action>success</action><hash>b44ebd90671484b2c3ce2e5d5da5cd33</hash></file> <file><path>C:\Users\David\AppData\Roaming\DigitalSite\UpdateProc\config.dat</path><vendor>PUP.Optional.DigitalSite.A</vendor><action>success</action><hash>1de586c7ef8c93a37e1da0efe71b8a76</hash></file> <file><path>C:\Users\David\AppData\Roaming\DigitalSite\UpdateProc\prod.dat</path><vendor>PUP.Optional.DigitalSite.A</vendor><action>success</action><hash>1de586c7ef8c93a37e1da0efe71b8a76</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssist.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>010167e6611a78be22f98eefd32fc23e</hash></file> <file><path>C:\Users\David\AppData\Roaming\OpenCandy\83BB820EE7CC498CBCFCDC65AB657972\TuneUpUtilities2013-2200340_en-GB.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>48ba0944493268ce5a5bd493a062d22e</hash></file> <file><path>C:\Users\David\AppData\Roaming\OpenCandy\F347A5A550C94EFD8D4FF7D054D70CB0\TuneUpUtilities2013-2200340_en-GB.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>48ba0944493268ce5a5bd493a062d22e</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\44607353-2bbc-4ecd-ada9-bc7ad88e768f-3.exe</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\54248.crx</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\54248.xpi</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\Freeven pro-codedownloader.exe</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\Freeven pro.ico</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files (x86)\Freeven pro\Uninstall.exe</path><vendor>PUP.Optional.Feven.A</vendor><action>success</action><hash>e91983ca7dfe42f40e2acca3c939f709</hash></file> <file><path>C:\Program Files\suprasavings\Installbat.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\Installbat64.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\InstallDLL.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\InstallDLL64.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\Microsoft.Deployment.WindowsInstaller.xml</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\PCProxyDLL64.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>delete-on-reboot</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssist.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssist.tlb</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssist64.dll</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssistLSP.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssistLSP.ini</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> <file><path>C:\Program Files\suprasavings\SecureAssistLSP64.exe</path><vendor>PUP.Optional.SupraSavings.A</vendor><action>success</action><hash>30d2bd90cfac66d0f397c9a6659d45bb</hash></file> </items> </mbam-log>
  9. Thank you for your reply.... Basically a family member's computer was infected with malware that spammed the internet browser (chrome) with adverts making it unusable, by remotely assisting them it was clear 5/6 spam programs had been installed on the computer at once a few days previous, task manager listed one of these program running in the background as weatheralerts.exe, a random script error popup / request also kept appearing (from vitruvianleads.com/ ) and chrome kept blocking a phishing attempt by "updatenowpro", I then attempted to find where all these process were coming from a delete manually, i.e. uninstall the added programs and remove the add on in chrome etc. however although this seemed to remove some of the issues / popup, I could not seem to locate them all. I then downloaded malwarebytes and used the free premium trail version to scan the computer, it then located various files (many following the names of software previously seen in earlier manual searches) and then these were all removed by malwarebytes and put in quarantine. The computer was then restarted, and it appears the malware has been removed by the software (as malwarebytes rescan does not find anything else), however as I requested the end user to start a remote assistance so I could ensure it was all sorted myself, it would not operate correctly (could not send the request email - stuck in outbox), then when the browser was loaded it said could not load the webpage and even local network drives could not be connected to, this was all very odd as windows said "connected - internet access". Since then I have had the user over FaceTime check that there was no proxy running, that the host files had not been modified and also had the user reset TCP/IP using the netshell utility. These attempts have failed to fix the problem, and as I am away from the user could do with some guidance for solving the issues as the user is not very technically advanced so it's hard to speak them through every idea or possible solution I find online? Any help or input from anyone with past experience/knowledge of this issue would be incredibly appreciated! It could be that I am missed something very simple to try, but find it hard to tackle the problem without being at the computer. Cheers This is the log requested. Note: the ethernet cable was disconnected at time of running, let me know if it would help to have to log run with it connected. can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02Ran by David (administrator) on DAVID-DESKTOP on 08-05-2014 21:42:30Running from C:\Users\David\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2013-07-29] (Realtek Semiconductor)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2013-07-29] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-19] (Spotify Ltd)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\MountPoints2: {57966547-d7a6-11dd-9e36-806e6f6e6963} - D:\Bin\ASSETUP.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3AD254067F8CCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gbSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4A6560A44C3158D8&affID=119357&tsp=5007BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Winsock: Catalog9 01 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 02 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 03 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 04 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 15 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: CHR RestoreOnStartup: "translate_accepted_count"CHR StartupUrls: "startup_urls_migration_time": "13037965217036144"CHR DefaultSearchKeyword: google.co.ukCHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-07-29] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-07-29] (ASUSTeK Computer Inc.)R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-07-29] (ASUSTeK Computer Inc.)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-29] ()R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-07-29] (MCCI Corporation)R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)S3 cpuz135; \??\C:\Users\David\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 21:42 - 2014-05-08 21:42 - 00011315 _____ () C:\Users\David\Desktop\FRST.txt2014-05-08 21:40 - 2014-05-08 21:42 - 00000000 ____D () C:\FRST2014-05-08 21:40 - 2014-05-08 21:36 - 02063872 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe2014-05-03 23:27 - 2014-05-07 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-03 23:27 - 2014-05-07 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-03 23:27 - 2014-05-07 18:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-03 23:27 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 23:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-03 23:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-03 23:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-03 23:25 - 2014-05-03 23:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 23:11 - 2014-05-03 23:12 - 26747104 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.11.exe2014-05-03 22:21 - 2014-05-03 22:21 - 00003124 _____ () C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F}2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\Program Files (x86)\predm2014-05-03 16:15 - 2014-04-29 15:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-03 16:15 - 2014-04-29 13:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-03 16:15 - 2014-04-29 13:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-03 16:15 - 2014-04-29 13:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-01 10:17 - 2014-05-01 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-30 15:39 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll2014-04-30 15:37 - 2014-05-03 23:35 - 00000000 ____D () C:\Program Files\0032014-04-30 15:37 - 2014-05-02 10:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\VOPackage2014-04-30 15:37 - 2014-05-02 10:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage2014-04-30 15:37 - 2014-05-01 16:06 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx2014-04-30 15:37 - 2014-04-30 15:37 - 00000532 _____ () C:\end2014-04-30 15:37 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-30 11:11 - 2014-04-30 11:11 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iPod2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-30 11:09 - 2014-04-30 11:09 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-04-30 11:08 - 2014-04-30 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-04-30 09:11 - 2014-04-14 03:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-04-30 09:11 - 2014-04-14 03:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 22014-04-21 12:38 - 2014-04-21 12:39 - 30992256 _____ () C:\Users\David\Downloads\TomTomHOME2winlatest.exe2014-04-19 16:43 - 2014-04-19 17:11 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-04-16 20:34 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Oracle2014-04-16 20:19 - 2014-04-16 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-04-16 20:19 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-16 20:19 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-16 20:19 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-16 20:19 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-16 20:18 - 2014-04-16 20:19 - 00005293 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-09 21:41 - 2014-03-13 07:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-09 21:41 - 2014-03-13 07:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-09 21:41 - 2014-03-13 07:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-09 21:41 - 2014-03-13 07:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-09 21:41 - 2014-03-13 07:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-09 21:41 - 2014-03-13 07:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-09 21:41 - 2014-03-13 06:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-09 21:41 - 2014-03-13 06:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-09 21:41 - 2014-03-13 06:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-09 21:41 - 2014-03-13 06:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-09 21:41 - 2014-03-13 06:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-09 21:40 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-09 21:40 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-09 21:40 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 21:40 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-09 21:40 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-09 21:40 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-09 21:40 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-09 21:40 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-09 21:40 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-09 21:40 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-09 21:40 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-09 21:40 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-09 21:40 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-08 21:42 - 2014-05-08 21:42 - 00011315 _____ () C:\Users\David\Desktop\FRST.txt2014-05-08 21:42 - 2014-05-08 21:40 - 00000000 ____D () C:\FRST2014-05-08 21:42 - 2009-01-01 02:52 - 01685487 _____ () C:\Windows\WindowsUpdate.log2014-05-08 21:39 - 2013-07-29 18:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-08 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-08 21:39 - 2009-07-14 05:51 - 00352315 _____ () C:\Windows\setupact.log2014-05-08 21:36 - 2014-05-08 21:40 - 02063872 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe2014-05-07 21:15 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-07 21:15 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-07 21:13 - 2009-07-14 06:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-07 21:09 - 2009-01-01 02:52 - 00000000 ____D () C:\Users\David2014-05-07 21:08 - 2013-07-29 18:11 - 00000000 ____D () C:\Program Files (x86)\AVG2014-05-07 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration2014-05-07 21:08 - 2009-01-01 03:22 - 00000000 ____D () C:\ProgramData\MFAData2014-05-07 20:58 - 2013-10-27 12:58 - 00000000 ____D () C:\Users\David\AppData\Local\Avg20142014-05-07 20:57 - 2013-10-27 12:59 - 00000000 ____D () C:\ProgramData\AVG20142014-05-07 20:52 - 2013-07-29 18:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-07 20:50 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-07 20:50 - 2014-05-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas2014-05-07 18:29 - 2014-05-03 23:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-03 23:35 - 2014-04-30 15:37 - 00000000 ____D () C:\Program Files\0032014-05-03 23:35 - 2010-11-21 04:47 - 00159784 _____ () C:\Windows\PFRO.log2014-05-03 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\DigitalSite2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\ProgramData\DSearchLink2014-05-03 23:34 - 2009-01-01 02:52 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-03 23:27 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 23:26 - 2014-05-03 23:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 23:12 - 2014-05-03 23:11 - 26747104 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.11.exe2014-05-03 22:21 - 2014-05-03 22:21 - 00003124 _____ () C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F}2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\Program Files (x86)\predm2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\VOPackage2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage2014-05-01 16:06 - 2014-04-30 15:37 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx2014-05-01 10:17 - 2014-05-01 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-30 15:39 - 2014-03-21 12:27 - 00005512 _____ () C:\Windows\system32\SecureAssist.ini2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\system32\SecureAssistOff.ini2014-04-30 15:37 - 2014-04-30 15:37 - 00000532 _____ () C:\end2014-04-30 15:37 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-30 11:11 - 2014-04-30 11:11 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iPod2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-30 11:10 - 2013-07-29 19:49 - 00000000 ____D () C:\ProgramData\Apple2014-04-30 11:09 - 2014-04-30 11:09 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-04-30 11:08 - 2014-04-30 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-04-29 15:14 - 2014-05-03 16:15 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-29 13:47 - 2014-05-03 16:15 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-29 13:36 - 2014-05-03 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-29 13:25 - 2014-05-03 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 22014-04-21 12:39 - 2014-04-21 12:38 - 30992256 _____ () C:\Users\David\Downloads\TomTomHOME2winlatest.exe2014-04-19 17:11 - 2014-04-19 16:43 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-04-16 20:34 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Oracle2014-04-16 20:34 - 2013-12-15 17:08 - 00000000 ____D () C:\ProgramData\Oracle2014-04-16 20:19 - 2014-04-16 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-04-16 20:19 - 2014-04-16 20:18 - 00005293 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-16 20:19 - 2013-07-29 18:59 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-14 03:24 - 2014-04-30 09:11 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-04-14 03:19 - 2014-04-30 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-04-10 12:17 - 2013-08-16 08:59 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 12:17 - 2013-07-29 20:15 - 00000000 ____D () C:\ProgramData\Microsoft Help Some content of TEMP:====================C:\Users\David\AppData\Local\Temp\BackupSetup.exeC:\Users\David\AppData\Local\Temp\ose00000.exeC:\Users\David\AppData\Local\Temp\rcpsetup_isppi.exeC:\Users\David\AppData\Local\Temp\SpOrder.dllC:\Users\David\AppData\Local\Temp\vcredist_x64.exeC:\Users\David\AppData\Local\Temp\_isB089.exeC:\Users\David\AppData\Local\Temp\_isC3DA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 17:15 ==================== End Of Log ============================
  10. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2014 02Ran by David at 2014-05-08 21:42:39Running from C:\Users\David\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2014 (Version: 14.0.3931 - AVG Technologies) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CrystalDiskInfo 5.6.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)CrystalDiskMark 3.0.2f Shizuku Edition (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2f - Crystal Dew World)Geekbench 3 (HKLM-x32\...\Geekbench 3) (Version: - Primate Labs Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) HiddenIntel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenMalwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTIONSyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.4.0 - 2BrightSparks)System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) ==================== Restore Points ========================= 01-05-2014 09:17:49 Windows Update02-05-2014 08:03:50 Windows Update03-05-2014 15:15:10 Windows Update07-05-2014 19:48:34 Restore Operation07-05-2014 19:57:03 Removed AVG 201407-05-2014 19:57:40 Removed AVG 201407-05-2014 20:08:13 Restore Operation ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2BE1C50D-0400-4AB8-B329-98E65EF11CB0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)Task: {493EC626-6273-416A-A22F-85639E6A1AAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)Task: {691D76E0-5B3E-4501-8993-FCE1A1054403} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)Task: {7E209355-34C1-4C83-A494-1EEF61CD5A39} - System32\Tasks\2BrightSparks\SyncBackFree\David-Desktop-David\SyncBackFree David => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-08-05] (2BrightSparks Pte Ltd)Task: {84C68EC1-07EE-45A9-838A-C4758919C5BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)Task: {8EC2D069-4E77-4C8B-A9BD-0B45965D9819} - System32\Tasks\2BrightSparks\SyncBackFree\David-Desktop-David\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-08-05] (2BrightSparks Pte Ltd)Task: {9AC7F219-CC6F-4453-859F-0D9E766908E2} - System32\Tasks\DigitalSite => C:\Users\David\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {AAE90790-CCF1-45BD-A067-B155A93D9D76} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F293E511-C3D5-40F1-9A38-F3BF26AC02DA} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\David\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-07-29 18:33 - 2013-07-29 18:33 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe2009-01-01 03:05 - 2012-08-03 02:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-07-29 18:33 - 2014-05-08 21:39 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll2013-07-29 18:33 - 2013-07-29 18:33 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-07-29 18:43 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll2013-07-29 18:43 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll2013-07-29 18:43 - 2012-03-21 12:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll2013-07-29 18:43 - 2012-05-25 10:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll2013-07-29 18:43 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll2013-07-29 18:43 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll2013-07-29 18:43 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll2013-07-29 18:43 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll2013-07-29 18:33 - 2013-07-29 18:33 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll2013-07-29 18:43 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll2013-07-29 18:43 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll2009-01-01 03:11 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/08/2014 09:41:03 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2014 09:39:13 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0xc0000005Fault offset: 0x0004b0c2Faulting process id: 0x780Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (05/07/2014 09:10:49 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 09:08:58 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0xc0000005Fault offset: 0x0004b0c2Faulting process id: 0x774Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (05/07/2014 09:00:16 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 08:58:26 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0xc0000005Fault offset: 0x0004b0c2Faulting process id: 0x774Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (05/07/2014 08:52:36 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/07/2014 08:51:03 PM) (Source: System Restore) (User: ) (EventID: 8210)Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005. Error: (05/07/2014 08:50:48 PM) (Source: Application Error) (User: ) (EventID: 1000)Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0xc0000005Fault offset: 0x0004b0c2Faulting process id: 0x8d8Faulting application start time: 0xmbamservice.exe0Faulting application path: mbamservice.exe1Faulting module path: mbamservice.exe2Report Id: mbamservice.exe3 Error: (05/07/2014 08:46:38 PM) (Source: WinMgmt) (User: ) (EventID: 10)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (05/08/2014 09:39:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/07/2014 09:08:58 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/07/2014 08:58:26 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/07/2014 08:50:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/07/2014 08:44:50 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/07/2014 06:29:24 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s). Error: (05/07/2014 05:31:45 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (05/06/2014 03:53:46 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (05/06/2014 10:26:28 AM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s). Error: (05/06/2014 09:58:17 AM) (Source: Service Control Manager) (User: ) (EventID: 7034)Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions:=========================Error: (05/03/2014 11:38:47 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/28/2013 06:34:52 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 180467 seconds with 1740 seconds of active time. This session ended with a crash. Error: (07/29/2013 10:05:04 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3381 seconds with 1800 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 19%Total physical RAM: 7884.43 MBAvailable physical RAM: 6368.58 MBTotal Pagefile: 15767.05 MBAvailable Pagefile: 14205.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:52.85 GB) NTFSDrive e: (HDD) (Fixed) (Total:465.76 GB) (Free:341.74 GB) NTFSDrive f: (JOEMEMSTICK) (Removable) (Total:1.86 GB) (Free:1.36 GB) FAT ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 433E7936)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0D38412)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 2 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ MAIN LOGScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02Ran by David (administrator) on DAVID-DESKTOP on 08-05-2014 21:42:30Running from C:\Users\David\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2013-07-29] (Realtek Semiconductor)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2013-07-29] (Intel Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-19] (Spotify Ltd)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)HKU\S-1-5-21-4164971623-3206920871-1535522095-1000\...\MountPoints2: {57966547-d7a6-11dd-9e36-806e6f6e6963} - D:\Bin\ASSETUP.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3AD254067F8CCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gbSearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4A6560A44C3158D8&affID=119357&tsp=5007BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Winsock: Catalog9 01 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 02 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 03 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 04 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9 15 C:\Windows\system32\SecureAssist.dll File Not found ()Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: CHR RestoreOnStartup: "translate_accepted_count"CHR StartupUrls: "startup_urls_migration_time": "13037965217036144"CHR DefaultSearchKeyword: google.co.ukCHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29] ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-07-29] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-07-29] (ASUSTeK Computer Inc.)R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-07-29] (ASUSTeK Computer Inc.)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-29] ()R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-07-29] (MCCI Corporation)R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)S3 cpuz135; \??\C:\Users\David\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 21:42 - 2014-05-08 21:42 - 00011315 _____ () C:\Users\David\Desktop\FRST.txt2014-05-08 21:40 - 2014-05-08 21:42 - 00000000 ____D () C:\FRST2014-05-08 21:40 - 2014-05-08 21:36 - 02063872 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe2014-05-03 23:27 - 2014-05-07 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-03 23:27 - 2014-05-07 20:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-03 23:27 - 2014-05-07 18:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-03 23:27 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 23:27 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-03 23:27 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-03 23:27 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-03 23:25 - 2014-05-03 23:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 23:11 - 2014-05-03 23:12 - 26747104 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.11.exe2014-05-03 22:21 - 2014-05-03 22:21 - 00003124 _____ () C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F}2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\Program Files (x86)\predm2014-05-03 16:15 - 2014-04-29 15:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-03 16:15 - 2014-04-29 13:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-03 16:15 - 2014-04-29 13:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-03 16:15 - 2014-04-29 13:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-01 10:17 - 2014-05-01 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-30 15:39 - 2014-03-12 16:00 - 00338120 _____ (SecureAssist) C:\Windows\system32\SecureAssist64.dll2014-04-30 15:37 - 2014-05-03 23:35 - 00000000 ____D () C:\Program Files\0032014-04-30 15:37 - 2014-05-02 10:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\VOPackage2014-04-30 15:37 - 2014-05-02 10:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage2014-04-30 15:37 - 2014-05-01 16:06 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx2014-04-30 15:37 - 2014-04-30 15:37 - 00000532 _____ () C:\end2014-04-30 15:37 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-30 11:11 - 2014-04-30 11:11 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iPod2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-30 11:09 - 2014-04-30 11:09 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-04-30 11:08 - 2014-04-30 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-04-30 09:11 - 2014-04-14 03:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-04-30 09:11 - 2014-04-14 03:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 22014-04-21 12:38 - 2014-04-21 12:39 - 30992256 _____ () C:\Users\David\Downloads\TomTomHOME2winlatest.exe2014-04-19 16:43 - 2014-04-19 17:11 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-04-16 20:34 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Oracle2014-04-16 20:19 - 2014-04-16 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-04-16 20:19 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-16 20:19 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-16 20:19 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-16 20:19 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-16 20:18 - 2014-04-16 20:19 - 00005293 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-09 21:41 - 2014-03-13 07:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-09 21:41 - 2014-03-13 07:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-09 21:41 - 2014-03-13 07:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-09 21:41 - 2014-03-13 07:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-09 21:41 - 2014-03-13 07:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-09 21:41 - 2014-03-13 07:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-09 21:41 - 2014-03-13 07:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-09 21:41 - 2014-03-13 07:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-09 21:41 - 2014-03-13 06:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-09 21:41 - 2014-03-13 06:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-09 21:41 - 2014-03-13 06:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-09 21:41 - 2014-03-13 06:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-09 21:41 - 2014-03-13 06:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-09 21:41 - 2014-03-13 06:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-09 21:40 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-09 21:40 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-09 21:40 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-09 21:40 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 21:40 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-09 21:40 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-09 21:40 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-09 21:40 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-09 21:40 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-09 21:40 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-09 21:40 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-09 21:40 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-09 21:40 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-09 21:40 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-08 21:42 - 2014-05-08 21:42 - 00011315 _____ () C:\Users\David\Desktop\FRST.txt2014-05-08 21:42 - 2014-05-08 21:40 - 00000000 ____D () C:\FRST2014-05-08 21:42 - 2009-01-01 02:52 - 01685487 _____ () C:\Windows\WindowsUpdate.log2014-05-08 21:39 - 2013-07-29 18:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-08 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-08 21:39 - 2009-07-14 05:51 - 00352315 _____ () C:\Windows\setupact.log2014-05-08 21:36 - 2014-05-08 21:40 - 02063872 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe2014-05-07 21:15 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-07 21:15 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-07 21:13 - 2009-07-14 06:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-07 21:09 - 2009-01-01 02:52 - 00000000 ____D () C:\Users\David2014-05-07 21:08 - 2013-07-29 18:11 - 00000000 ____D () C:\Program Files (x86)\AVG2014-05-07 21:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration2014-05-07 21:08 - 2009-01-01 03:22 - 00000000 ____D () C:\ProgramData\MFAData2014-05-07 20:58 - 2013-10-27 12:58 - 00000000 ____D () C:\Users\David\AppData\Local\Avg20142014-05-07 20:57 - 2013-10-27 12:59 - 00000000 ____D () C:\ProgramData\AVG20142014-05-07 20:52 - 2013-07-29 18:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-07 20:50 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-07 20:50 - 2014-05-03 23:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache2014-05-07 20:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\L2Schemas2014-05-07 18:29 - 2014-05-03 23:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-03 23:35 - 2014-04-30 15:37 - 00000000 ____D () C:\Program Files\0032014-05-03 23:35 - 2010-11-21 04:47 - 00159784 _____ () C:\Windows\PFRO.log2014-05-03 23:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\Users\David\AppData\Roaming\DigitalSite2014-05-03 23:34 - 2013-09-16 14:55 - 00000000 ____D () C:\ProgramData\DSearchLink2014-05-03 23:34 - 2009-01-01 02:52 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-03 23:27 - 2014-05-03 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-03 23:26 - 2014-05-03 23:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.1.1004.exe2014-05-03 23:12 - 2014-05-03 23:11 - 26747104 _____ (Microsoft Corporation) C:\Users\David\Downloads\Windows-KB890830-x64-V5.11.exe2014-05-03 22:21 - 2014-05-03 22:21 - 00003124 _____ () C:\Windows\System32\Tasks\{17F3504C-E477-4F02-BAC5-8AFAB147A41F}2014-05-03 22:20 - 2014-05-03 22:20 - 00000000 ____D () C:\Program Files (x86)\predm2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\VOPackage2014-05-02 10:00 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage2014-05-01 16:06 - 2014-04-30 15:37 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx2014-05-01 10:17 - 2014-05-01 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-30 15:39 - 2014-03-21 12:27 - 00005512 _____ () C:\Windows\system32\SecureAssist.ini2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini2014-04-30 15:39 - 2014-03-21 12:27 - 00002464 _____ () C:\Windows\system32\SecureAssistOff.ini2014-04-30 15:37 - 2014-04-30 15:37 - 00000532 _____ () C:\end2014-04-30 15:37 - 2014-04-30 15:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-04-30 11:11 - 2014-04-30 11:11 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iTunes2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files\iPod2014-04-30 11:11 - 2014-04-30 11:11 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-30 11:10 - 2013-07-29 19:49 - 00000000 ____D () C:\ProgramData\Apple2014-04-30 11:09 - 2014-04-30 11:09 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-30 11:09 - 2014-04-30 11:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-04-30 11:08 - 2014-04-30 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-04-29 15:14 - 2014-05-03 16:15 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-29 13:47 - 2014-05-03 16:15 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-29 13:36 - 2014-05-03 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-29 13:25 - 2014-05-03 16:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Users\David\AppData\Local\Downloaded Installations2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V2014-04-21 12:40 - 2014-04-21 12:40 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 22014-04-21 12:39 - 2014-04-21 12:38 - 30992256 _____ () C:\Users\David\Downloads\TomTomHOME2winlatest.exe2014-04-19 17:11 - 2014-04-19 16:43 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar2014-04-16 20:34 - 2014-04-16 20:34 - 00000000 ____D () C:\Users\David\AppData\Roaming\Oracle2014-04-16 20:34 - 2013-12-15 17:08 - 00000000 ____D () C:\ProgramData\Oracle2014-04-16 20:19 - 2014-04-16 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-04-16 20:19 - 2014-04-16 20:18 - 00005293 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log2014-04-16 20:19 - 2013-07-29 18:59 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-14 03:24 - 2014-04-30 09:11 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-04-14 03:19 - 2014-04-30 09:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-04-10 12:17 - 2013-08-16 08:59 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 12:17 - 2013-07-29 20:15 - 00000000 ____D () C:\ProgramData\Microsoft Help Some content of TEMP:====================C:\Users\David\AppData\Local\Temp\BackupSetup.exeC:\Users\David\AppData\Local\Temp\ose00000.exeC:\Users\David\AppData\Local\Temp\rcpsetup_isppi.exeC:\Users\David\AppData\Local\Temp\SpOrder.dllC:\Users\David\AppData\Local\Temp\vcredist_x64.exeC:\Users\David\AppData\Local\Temp\_isB089.exeC:\Users\David\AppData\Local\Temp\_isC3DA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 17:15 ==================== End Of Log ============================
  11. I'm not 100% sure, it was downloaded through remote assistance on saturday night, so would be a relatively recent version. Is there a known issue with a recent version?
  12. A family member's computer was infected with malware that spammed the internet browser (chrome) with adverts making it unusable, by remotely assisting them it was clear 5/6 spam programs had been installed on the computer at once a few days previous, task manager listed one of these program running in the background as weatheralerts.exe (see attachment), a random script popup also kept appearing (see attachment) and chrome kept blocking a phishing attempt by "updatenowpro" (see attachment), I then attempted to find where all these process were coming from a delete manually, i.e. uninstall the added programs and remove the add on in chrome etc. however although this seemed to remove some of the issues / popup, I could not seem to locate them all. I then downloaded malwarebytes and used the free premium trail version to scan the computer, it then located various files (many following the names of software previously seen in earlier manual searches) and then these were all removed by malwarebytes and put in quarantine. The computer was then restarted, and it appears all the malware has been removed by the software, however as I requested the end user to start a remote assistance so I could ensure it was all sorted myself, it would not operate correctly (could not send the request email - stuck in outbox) and then when the browser was loaded it said could not load the webpage, this was odd as windows said "connected - internet access". Since then I have had the user over FaceTime check that there was no proxy running, that the host files had not been modified and also had the user reset TCP/IP using the netshell utility. These attempts have failed to fix the problem, and as I am away from the user could do with some guidance for solving the issues as the user is not very technically advanced so it's hard to speak them through every idea or possible solution I find online? Any help or input from anyone with past experience/knowledge of this issue would be incredibly appreciated! It could be that I am missed something very simple to try, but find it hard to tackle the problem without being at the computer. Cheers
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.