Jump to content

konriar

Members
  • Posts

    41
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey guys, thanks, it does seem to be working a little better now. I'll let you know if issues resume?
  2. Hello, my PC has become very slow recently, to startup, to use, to browse the internet. It used to be fine until the last month or so. This forum helped before so thought I'd try. Uninstalled torrent software and Malwarebytes caught some threats and quarantined them, which makes me think there's an infection. Dell XPS laptop i7 processor FRST.txtAddition.txtMBAMSERVICE.LOG
  3. Hi, I found the boostscan log: CmdLine - quickaswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"CmdLine endSafeBoot: 0CreateKbThreadnew CKbBufferCKbBuffer::InitCKbBuffer::Init endNtCreateEvent(g_hStopEvent)dep_osBeginThread - KbThreadCreateKbThread endNtInitializeRegistryKbThread startReadRegistryDATA=C:\ProgramData\AVAST Software\AvastPROG=C:\Program Files\AVAST Software\AvastBUILD=2021Windows 7 Home PremiumSystemRoot=C:\WindowsTEMP=C:\Windows\TEMPTMP=C:\Windows\TEMPReadRegistry endCreateTempCreateTemp endaswcmnbDllMaincmnbInitaswEnginDllMain(DLL_PROCESS_ATTACH)InitLogInitLog endCmdLine - fullaswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"CmdLine endProgram folder: C:\Program Files\AVAST Software\AvastEngine folder: C:\Program Files\AVAST Software\Avast\defs\14072100Base addr: 76da0000TimeStamp: 53c90e09Unschedule61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,4C,00,3A,00,22,00,31,00,30,00,33,00,33,00,22,00,20,00,2F,00,68,00,65,00,75,00,72,00,3A,00,38,00,30,00,20,00,2F,00,52,00,41,00,3A,00,61,00,73,00,6B,00,20,00,2F,00,70,00,75,00,70,00,20,00,2F,00,61,00,72,00,63,00,68,00,69,00,76,00,65,00,73,00,20,00,2F,00,49,00,41,00,3A,00,30,00,20,00,2F,00,4B,00,42,00,44,00,3A,00,33,00,20,00,2F,00,77,00,6F,00,77,00,20,00,2F,00,64,00,69,00,72,00,3A,00,22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,41,00,56,00,41,00,53,00,54,00,20,00,53,00,6F,00,66,00,74,00,77,00,61,00,72,00,65,00,5C,00,41,00,76,00,61,00,73,00,74,00,22,00,00,00,00,00,Unschedule endLoadResourcesLoadResources endInitReportInitReport endNew global exclusions: NtSetEvent(g_hInitEvent) - 1CPU: Phys(2), Log(4), Aff(4), Feat(100003ff)InitKeyboardg_dwKbdNum: 3FreeMemory: 3679744000avworkInitializes_dwKbdClassCnt: 3InitKeyboard endNtSetEvent(g_hInitEvent) - 2GetKeyFreeMemory: 3651952640CKbBuffer::WaitCKbBuffer::GetCKbBuffer::Get endCKbBuffer::Wait endProcessAreaavfilesScanAdd *MBR0avfilesScanAdd *BOOTC:Loading raw access supportavfilesScanAdd *RAW:C:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanAdd *BOOTVolume{e22f3639-18f2-11e0-a37f-806e6f6e6963}avfilesScanAdd *RAW:Volume{e22f3639-18f2-11e0-a37f-806e6f6e6963}\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanAdd *BOOTVolume{e22f363c-18f2-11e0-a37f-806e6f6e6963}avfilesScanAdd *RAW:Volume{e22f363c-18f2-11e0-a37f-806e6f6e6963}\ [Fs: 00000006, FAT32; Dev: 07, 00000020]avfilesScanAdd *BOOTZ:avfilesScanAdd *RAW:Z:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanRealMulti beginGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextCKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2Key: 0, 3, 1, 0, 0Attaching OS: 0GetErrorTextCKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextKey: 0, 8, 1, 0, 0CKbBuffer::GetKey: 0, 72, 2, 0, 0GetKey end (?/ff)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endCKbBuffer::GetKey: 0, 72, 3, 0, 0Key: 0, 72, 2, 0, 0GetKey end (?/ff)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endCKbBuffer::GetKey: 0, 72, 3, 0, 0Key: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextKey: 0, 6, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextKey: 0, 4, 1, 0, 0CKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1Key: 0, 2, 1, 0, 0GetErrorTextCKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2GetErrorTextKey: 0, 3, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextCKbBuffer::GetKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 4GetErrorTextKey: 0, 5, 1, 0, 0CKbBuffer::GetKey: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextCKbBuffer::GetKey: 0, 6, 1, 0, 0Key: 0, 7, 0, 0, 0GetKey end (6/36)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 6GetErrorTextCKbBuffer::GetKey: 0, 7, 1, 0, 0Key: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextCKbBuffer::GetKey: 0, 8, 1, 0, 0Key: 0, 9, 0, 0, 0GetKey end (8/38)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 8GetErrorTextCKbBuffer::GetKey: 0, 9, 1, 0, 0Key: 0, 10, 0, 0, 0GetKey end (9/39)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 9Key: 0, 10, 1, 0, 0GetErrorTextCKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2GetErrorTextKey: 0, 3, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextKey: 0, 4, 1, 0, 0CKbBuffer::GetKey: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 4GetErrorTextCKbBuffer::GetKey: 0, 5, 1, 0, 0Key: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextKey: 0, 6, 1, 0, 0CKbBuffer::GetKey: 0, 7, 0, 0, 0GetKey end (6/36)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 6GetErrorTextCKbBuffer::GetKey: 0, 7, 1, 0, 0Key: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextKey: 0, 8, 1, 0, 0CKbBuffer::GetKey: 0, 9, 0, 0, 0GetKey end (8/38)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 8GetErrorTextCKbBuffer::GetKey: 0, 9, 1, 0, 0Key: 0, 10, 0, 0, 0GetKey end (9/39)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 9Key: 0, 10, 1, 0, 0Key: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 2, 1, 0, 0Key: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 3, 1, 0, 0Key: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 5, 1, 0, 0Key: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 2, 1, 0, 0Key: 0, 3, 1, 0, 0Key: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 5, 1, 0, 0avfilesScanRealMulti finishedRuntime: 45425548msUnloading attached OSavworkCloseTerminateKbThreadGetKey end (?/00)CloseKeyboardCloseKeyboard endKbThread stopCKbBuffer::~CKbBufferCKbBuffer::~CKbBuffer endaswEnginDllMain(DLL_PROCESS_DETACH)cmnbFreeFreeResourcesCloseReportCloseLog
  4. I'm afraid there is no log, I looked everywhere. I'm not sure where to go from here...
  5. This is all eset gave. It didn't create the log you mentioned as far as I can find. Let me know if I need to rescan to get a more thorough log. I ran avast BootScan again and it again found high-risk infected files it couldn't fix, quarantine, or delete. I don't know where to find the log files to show... let me know if you know how to do this or if it would help. Thanks! eset results: C:\FRST\Quarantine\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\FRST\Quarantine\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted applicationC:\Users\Carly\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Dropbox\! 2013 Fall Classes\Nonprofit Management\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\GDgame.chicken.apk a variant of Android/AdDisplay.Wiyun.E potentially unwanted applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\Total Recall Recorder (1.3.0).apk a variant of Android/Torec.D potentially unsafe application --------Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014Ran by Carly (administrator) on AKAI on 21-07-2014 21:30:07Running from C:\Users\Carly\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(AMD) C:\Windows\System32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03]FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08]FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: =======CHR HomePage: hxxp://www.google.comCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileCHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18]CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17]CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17]CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17]CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17]CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07]CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10]CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24]CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17]CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24]CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24]CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24]CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18]CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24]CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11]CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17]CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17]CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 06:05 - 2014-07-21 06:06 - 00278800 _____ () C:\Windows\Minidump\072114-41231-01.dmp2014-07-21 06:05 - 2014-07-21 06:05 - 659514359 _____ () C:\Windows\MEMORY.DMP2014-07-21 06:00 - 2014-07-21 06:00 - 00000880 _____ () C:\Users\Carly\Desktop\eset.txt2014-07-20 16:13 - 2014-07-20 16:13 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2014-07-20 09:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-20 09:45 - 2014-07-20 09:46 - 01354223 _____ () C:\Users\Carly\Desktop\AdwCleaner.exe2014-07-20 06:47 - 2014-07-20 06:48 - 00036908 _____ () C:\Users\Carly\Desktop\Addition.txt2014-07-20 06:44 - 2014-07-21 21:29 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion2014-07-19 09:10 - 2014-07-21 21:30 - 00025837 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:08 - 2014-07-21 21:29 - 02090496 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:25 - 2014-07-21 18:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-21 21:30 - 2014-07-19 09:10 - 00025837 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-21 21:30 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST2014-07-21 21:29 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion2014-07-21 21:29 - 2014-07-19 09:08 - 02090496 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-21 21:26 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2014-07-21 18:58 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-21 18:58 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-21 18:56 - 2011-01-05 13:06 - 01715476 _____ () C:\Windows\WindowsUpdate.log2014-07-21 18:55 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox2014-07-21 18:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing2014-07-21 18:54 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster2014-07-21 18:54 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox2014-07-21 18:51 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-21 18:50 - 2014-04-14 12:51 - 00002278 _____ () C:\Windows\setupact.log2014-07-21 18:50 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl2014-07-21 18:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-21 06:06 - 2014-07-21 06:05 - 00278800 _____ () C:\Windows\Minidump\072114-41231-01.dmp2014-07-21 06:05 - 2014-07-21 06:05 - 659514359 _____ () C:\Windows\MEMORY.DMP2014-07-21 06:05 - 2011-01-08 20:23 - 00000000 ____D () C:\Windows\Minidump2014-07-21 06:00 - 2014-07-21 06:00 - 00000880 _____ () C:\Users\Carly\Desktop\eset.txt2014-07-20 16:13 - 2014-07-20 16:13 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2014-07-20 15:13 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk2014-07-20 11:20 - 2014-04-14 12:50 - 00350320 _____ () C:\Windows\PFRO.log2014-07-20 11:19 - 2013-09-29 15:02 - 00000000 ____D () C:\AdwCleaner2014-07-20 09:46 - 2014-07-20 09:45 - 01354223 _____ () C:\Users\Carly\Desktop\AdwCleaner.exe2014-07-20 06:48 - 2014-07-20 06:47 - 00036908 _____ () C:\Users\Carly\Desktop\Addition.txt2014-07-20 06:44 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me2014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzoakwx.dllC:\Users\Carly\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 15:49 ==================== End Of Log ============================
  6. OK, I'm going to try another bootscan to see if the problem persists. Copying logfile now: C:\FRST\Quarantine\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\FRST\Quarantine\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted applicationC:\Users\Carly\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Dropbox\! 2013 Fall Classes\Nonprofit Management\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\GDgame.chicken.apk a variant of Android/AdDisplay.Wiyun.E potentially unwanted applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\Total Recall Recorder (1.3.0).apk a variant of Android/Torec.D potentially unsafe application
  7. # AdwCleaner v3.216 - Report created 20/07/2014 at 11:18:57 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Carly - AKAI # Running from : C:\Users\Carly\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Windows\System32\ljkb Folder Deleted : C:\Users\Carly\AppData\Roaming\Nico Mak Computing ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v30.0 (en-ZA) [ File : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18076214484448513&ctid=CT3310511&UM=2 Deleted [search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=& Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj ************************* AdwCleaner[R0].txt - [2379 octets] - [29/09/2013 15:02:35] AdwCleaner[R1].txt - [2439 octets] - [29/09/2013 20:17:01] AdwCleaner[R2].txt - [2499 octets] - [29/09/2013 20:20:18] AdwCleaner[R3].txt - [2555 octets] - [20/10/2013 10:00:43] AdwCleaner[R4].txt - [1165 octets] - [20/10/2013 10:07:36] AdwCleaner[R5].txt - [1230 octets] - [20/10/2013 17:44:13] AdwCleaner[R6].txt - [1507 octets] - [20/07/2014 09:47:10] AdwCleaner[s0].txt - [2662 octets] - [20/10/2013 10:03:07] AdwCleaner[s1].txt - [1291 octets] - [20/10/2013 17:46:50] AdwCleaner[s2].txt - [1818 octets] - [20/07/2014 11:18:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1878 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/20/2014 Scan Time: 11:28:51 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.20.04 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Carly Scan Type: Threat Scan Result: Completed Objects Scanned: 305877 Time Elapsed: 38 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014 Ran by Carly (administrator) on AKAI on 20-07-2014 06:46:19 Running from C:\Users\Carly\Desktop Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03] FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08] FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File CHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18] CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17] CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17] CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17] CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17] CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07] CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10] CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24] CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17] CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24] CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24] CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24] CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18] CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24] CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13] CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17] CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17] CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14] CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.) S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed] S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.) S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.) S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent) R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] () S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.) S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 06:44 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion 2014-07-19 09:10 - 2014-07-20 06:46 - 00026112 _____ () C:\Users\Carly\Desktop\FRST.txt 2014-07-19 09:08 - 2014-07-20 06:44 - 02089984 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe 2014-07-19 08:51 - 2014-07-19 08:54 - 00000000 ____D () C:\a04b450f43ebf62623 2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-07-14 16:25 - 2014-07-20 06:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-20 06:46 - 2014-07-19 09:10 - 00026112 _____ () C:\Users\Carly\Desktop\FRST.txt 2014-07-20 06:46 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST 2014-07-20 06:44 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion 2014-07-20 06:44 - 2014-07-19 09:08 - 02089984 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe 2014-07-20 06:44 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job 2014-07-20 06:43 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job 2014-07-20 06:42 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 09:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing 2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly 2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me 2014-07-19 08:57 - 2011-01-05 13:06 - 01661796 _____ () C:\Windows\WindowsUpdate.log 2014-07-19 08:54 - 2014-07-19 08:51 - 00000000 ____D () C:\a04b450f43ebf62623 2014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server 2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm 2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent 2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-19 08:37 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox 2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log 2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-17 18:33 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster 2014-07-17 18:33 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox 2014-07-17 18:30 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-17 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-17 18:29 - 2014-04-14 12:51 - 00002110 _____ () C:\Windows\setupact.log 2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents 2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly 2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job 2014-07-14 16:52 - 2014-04-14 12:50 - 00350006 _____ () C:\Windows\PFRO.log 2014-07-14 16:38 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk 2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes 2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc 2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA 2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core 2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-21 08:13 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014 Ran by Carly at 2014-07-20 06:47:38 Running from C:\Users\Carly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced WordPerfect Office Password Recovery (HKLM-x32\...\{4A24A2A9-821D-4FBF-8F24-E8F8E17122CE}) (Version: 1.35.0.358 - Elcomsoft Co. Ltd.) AIFF MP3 Converter v3.3 build 1049 (HKLM-x32\...\{5494AFBC-3EC2-463A-BD6C-EAFB62EB6EE9}_is1) (Version: - Hoo Technologies) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}) (Version: 1.2.517.35221 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221 - Alcor Micro Corp.) Hidden Application Profiles (HKLM-x32\...\{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}) (Version: 2.0.4148.33974 - ATI Technologies, Inc.) ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.4.8 - ASUS) ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) AxisTV Desktop (HKLM-x32\...\{A75C8159-B88F-40E2-942D-CEAFB2A53575}) (Version: 7.2.1.1 - Visix, Inc.) Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) calibre 64bit (HKLM\...\{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}) (Version: 0.9.22 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden ccc-core-static (x32 Version: 2010.0621.2137.36973 - ATI) Hidden ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057 - Cisco Systems, Inc.) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DecisionTools Suite 6.1 (HKLM-x32\...\{6E84E73B-E4A8-4489-935D-3C94401205CE}) (Version: 6.1.2 - Palisade Corporation) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft) Digidesign Audio Drivers 8.0.3 (HKLM-x32\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard) HP MediaSmart Webcam (x32 Version: 4.1.3024 - Hewlett-Packard) Hidden HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company) HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) K-Lite Codec Pack (64-bit) v4.1.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.1.0 - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.23 - Motorola Mobility) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility) Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden MOTOROLA MEDIA LINK (x32 Version: 1.8.0021.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden Mozilla Firefox 30.0 (x86 en-ZA) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-ZA)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MT Keys (HKLM-x32\...\MT Keys) (Version: - Trapper Data) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.72.0 - PS3 Media Server) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek) Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation) WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation) WordPerfect Office X6 - Common Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Common Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - IPM (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Lightning Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Lightning Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Oxford (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Presentations Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Presentations Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Setup Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - System Files (x32 Version: 16.1 - Corel Corporation) Hidden WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - WT (x32 Version: 16.1 - Corel Corporation) Hidden WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation) WordPerfect Office X6 (x32 Version: 16.3 - Corel Corporation) Hidden Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Yamaha S90 XS / S70 XS Remote Tools 64bit (HKLM-x32\...\InstallShield_{52DC39B2-EF95-4697-B59F-7AC2A3920CE9}) (Version: 1.1.1 - Yamaha Corporation) Yamaha S90 XS / S70 XS Remote Tools 64bit (Version: 1.1.1 - Yamaha Corporation) Hidden Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{07A177E9-D9DE-4ECF-BE84-DD85F8FD11F8}) (Version: 3.1.1.1 - Yamaha Corporation) Yamaha USB-MIDI Driver (Version: 3.1.1.1 - Yamaha Corporation) Hidden Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team) ==================== Restore Points ========================= 25-11-2013 14:02:24 Windows Update 02-12-2013 13:55:43 Windows Update 18-12-2013 22:29:36 Windows Update 26-12-2013 22:12:41 Windows Update 01-01-2014 02:21:03 Windows Update 14-01-2014 10:45:55 avast! antivirus system restore point 14-01-2014 10:55:01 Windows Update 16-01-2014 12:00:18 Windows Update 21-01-2014 11:01:28 Windows Update 24-01-2014 11:55:53 Windows Update 28-01-2014 11:08:49 Windows Update 31-01-2014 21:17:58 Windows Update 04-02-2014 21:32:47 Windows Update 21-02-2014 17:04:45 Windows Update 21-02-2014 17:06:50 avast! antivirus system restore point 28-02-2014 21:00:22 Windows Update 04-03-2014 19:58:58 Windows Update 04-03-2014 20:25:22 Installed IBM SPSS Statistics 22. 11-03-2014 19:33:04 Windows Update 15-03-2014 20:51:29 Windows Update 19-03-2014 12:23:06 Windows Update 25-03-2014 19:10:51 Windows Update 25-03-2014 19:14:26 Installed Java 7 Update 51 25-03-2014 19:21:16 Removed Java 7 Update 51 25-03-2014 19:22:44 Installed Java 7 Update 51 25-03-2014 19:27:30 avast! antivirus system restore point 29-03-2014 00:36:42 Windows Update 29-03-2014 00:50:04 Removed Plex Media Server 29-03-2014 00:54:21 Installed HP Update. 29-03-2014 00:58:27 Removed Microsoft Xbox 360 Accessories 1.2 29-03-2014 00:59:33 Configured HP 29-03-2014 01:07:21 Removed League of Legends 29-03-2014 01:15:24 Removed Apple Software Update 29-03-2014 01:37:00 Removed HP Update. 10-04-2014 18:56:48 Windows Update 14-04-2014 16:25:21 Windows Update 14-04-2014 16:37:32 Removed Apple Application Support 18-04-2014 13:45:58 Windows Update 22-04-2014 19:25:53 Windows Update 01-05-2014 19:01:26 Windows Update 11-05-2014 17:46:41 Windows Update 04-06-2014 23:47:51 Windows Update 06-06-2014 00:05:42 Windows Update 19-06-2014 00:25:47 Windows Update 19-06-2014 00:55:32 avast! antivirus system restore point 02-07-2014 10:16:56 Windows Update 14-07-2014 20:24:20 avast! antivirus system restore point 14-07-2014 20:24:34 Windows Update 14-07-2014 20:32:19 Device Driver Package Install: Avast Network Service 15-07-2014 18:35:04 Windows Update 19-07-2014 12:46:52 Removed Avernum 6 19-07-2014 12:51:13 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-06-09 21:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {297D30E0-DE50-4FA1-A30A-0D64212449D5} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {39C5AAA4-B22B-4DEC-A52E-BC7374AF91D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {5976E64D-D9A2-4349-98A6-52CF2D006100} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.) Task: {5C2EBF56-10F2-4A20-A3EA-50F161C3F993} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {5C76FA63-7EE1-486B-B0C6-9FECC02B5872} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-20] () Task: {5E7D9DE0-E348-4B59-8B6D-E5A7EA08A0EA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {62CEAD70-7F63-4F05-84F8-F54A1C401F9D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {64A3B522-E0C8-48A9-A818-BD74C00747E5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink) Task: {65A64185-798E-4D3B-AE03-E95154947A21} - System32\Tasks\HPCeeScheduleForCarly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {B74843F8-65BF-4E08-BDCE-B7C468679A97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software) Task: {DB30A3E1-25C9-4E31-A979-9348F61B942A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {F39750D2-B42E-4C9F-B5ED-F4727BEEF8FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.) Task: {FDF76454-27ED-4673-9E4A-8BB6562714B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForCarly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2010-06-10 21:12 - 2010-06-10 21:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-22 01:36 - 2010-06-22 01:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-07-14 16:30 - 2014-07-14 16:30 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-07-17 06:13 - 2014-07-17 06:13 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071700\algo.dll 2014-07-17 18:31 - 2014-07-17 18:31 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071701\algo.dll 2014-07-20 06:44 - 2014-07-20 06:44 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072000\algo.dll 2014-07-14 16:30 - 2014-07-14 16:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-07-17 18:32 - 2014-07-17 18:32 - 00043008 _____ () c:\users\carly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll 2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Carly\AppData\Roaming\Dropbox\bin\libcef.dll 2013-01-10 23:39 - 2013-01-10 23:39 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll 2011-01-05 13:11 - 2010-03-04 00:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 14612296 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll 2014-01-03 02:59 - 2014-02-10 13:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03842308.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03842308.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: DeviceMonitorService => 2 MSCONFIG\Services: DigiRefresh => 2 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MemeoBackgroundService => 2 MSCONFIG\Services: Motorola Device Manager => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PST Service => 2 MSCONFIG\Services: SeagateDashboardService => 2 MSCONFIG\Services: vcsFPService => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Evoluent Mouse Manager.lnk => C:\Windows\pss\Evoluent Mouse Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: chromium => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: Google Update => "C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/20/2014 06:45:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 20.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10f0 Start Time: 01cfa407a03fa2b3 Termination Time: 7 Application Path: C:\Users\Carly\Desktop\FRST64.exe Report Id: f75a7800-0ffa-11e4-ae9c-e02a8204f191 System errors: ============= Microsoft Office Sessions: ========================= Error: (07/20/2014 06:45:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe20.7.2014.010f001cfa407a03fa2b37C:\Users\Carly\Desktop\FRST64.exef75a7800-0ffa-11e4-ae9c-e02a8204f191 CodeIntegrity Errors: =================================== Date: 2013-06-09 21:49:28.573 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:28.144 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:27.735 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:27.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-08 21:55:29.907 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-08 21:55:29.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3893.86 MB Available physical RAM: 1683.3 MB Total Pagefile: 7785.86 MB Available Pagefile: 4295.02 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.79 GB) (Free:95.02 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive z: (RECOVERY) (Fixed) (Total:23.67 GB) (Free:3.46 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 522B6E86) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=24 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  9. Hi, I've been cleaning up my computer, which I think was infected with Sweetpacks. I ran Avast BootScan a couple times but it kept catching files that it could do nothing about (couldn't fix, quarantine, delete, etc.) and just had to leave there. So I'd appreciate some help cleaning up these persistent infections. Thanks! PS- Farbar did not make an addition.txt file. Hope that's not a problem. ----- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by Carly (administrator) on AKAI on 19-07-2014 09:10:28Running from C:\Users\Carly\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(AMD) C:\Windows\System32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03]FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08]FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: =======CHR HomePage: hxxp://www.google.comCHR StartupUrls: ""CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileCHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18]CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17]CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17]CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17]CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17]CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07]CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10]CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24]CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17]CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24]CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24]CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24]CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18]CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24]CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11]CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17]CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17]CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 09:10 - 2014-07-19 09:10 - 00026182 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:08 - 2014-07-19 09:08 - 02086912 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-19 08:51 - 2014-07-19 08:54 - 00000000 ____D () C:\a04b450f43ebf626232014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:25 - 2014-07-19 08:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-19 09:11 - 2014-07-19 09:10 - 00026182 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:10 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me2014-07-19 09:08 - 2014-07-19 09:08 - 02086912 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-19 08:57 - 2011-01-05 13:06 - 01660427 _____ () C:\Windows\WindowsUpdate.log2014-07-19 08:54 - 2014-07-19 08:51 - 00000000 ____D () C:\a04b450f43ebf626232014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-19 08:48 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent2014-07-19 08:38 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-07-19 08:38 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2014-07-19 08:37 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox2014-07-18 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-17 18:33 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster2014-07-17 18:33 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox2014-07-17 18:30 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl2014-07-17 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-17 18:29 - 2014-04-14 12:51 - 00002110 _____ () C:\Windows\setupact.log2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job2014-07-14 16:52 - 2014-04-14 12:50 - 00350006 _____ () C:\Windows\PFRO.log2014-07-14 16:38 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-21 08:13 ==================== End Of Log ============================
  10. JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.3 (09.27.2013:1)OS: Windows 7 Home Premium x64Ran by Carly on Sun 09/29/2013 at 14:12:54.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-842231502-1118220138-2566208259-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnltSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-842231502-1118220138-2566208259-1000\Software\SweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnltSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacks_conduit_942013_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacks_conduit_942013_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sweetpacks_conduit_942013_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sweetpacks_conduit_942013_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8D27771-4B0B-4E5F-916B-7F97C4289609}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit"Successfully deleted: [Folder] "C:\Users\Carly\AppData\Roaming\searchprotect"Successfully deleted: [Folder] "C:\Users\Carly\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Carly\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\Carly\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt" ~~~ FireFox Successfully deleted: [File] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\searchplugins\conduit.xmlSuccessfully deleted: [File] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\searchplugins\mystart search.xmlSuccessfully deleted: [Folder] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}Successfully deleted the following from C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\prefs.js user_pref("CT3310511.smartbar.homepage", "true");user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");user_pref("smartbar.addressBarOwnerCTID", "CT3310511");user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");user_pref("smartbar.homePageOwnerCTID", "CT3310511");user_pref("smartbar.machineId", "QHDQWOCAJAJZ88OX9IGMR5UFXYLHBXPX8OEVPEEUT1UGNQOOPJEZJKLJCT5GVAB0VZJTM55GSL5EXAKUERTWCQ"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 09/29/2013 at 14:29:54.04End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adware # AdwCleaner v3.005 - Report created 29/09/2013 at 20:20:18# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Home Premium (64 bits)# Username : Carly - AKAI# Running from : C:\Users\Carly\Desktop\AdwCleaner (2).exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\searchplugins\Sweetpacks Search.xmlFile Found : C:\Windows\System32\dmwu.exeFile Found : C:\Windows\System32\ImhxxpComm.dll ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjKey Found : [x64] HKLM\SOFTWARE\WNLT ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v22.0 (en-ZA) [ File : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\prefs.js ] Line Found : user_pref("CT3310511.FF19Solved", "true");Line Found : user_pref("CT3310511.UserID", "UN39354158367718426");Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");Line Found : user_pref("CT3310511.fullUserID", "UN39354158367718426.IN.20130918213730");Line Found : user_pref("CT3310511.installDate", "18/09/2013 21:37:44");Line Found : user_pref("CT3310511.installSessionId", "{DD07723D-9B38-4B0E-94EA-F3AF255CBE2B}");Line Found : user_pref("CT3310511.installSp", "TRUE");Line Found : user_pref("CT3310511.installerVersion", "1.7.0.9");Line Found : user_pref("CT3310511.keyword", "true");Line Found : user_pref("CT3310511.originalHomepage", "about:home");Line Found : user_pref("CT3310511.originalSearchAddressUrl", "");Line Found : user_pref("CT3310511.originalSearchEngine", "");Line Found : user_pref("CT3310511.originalSearchEngineName", "");Line Found : user_pref("CT3310511.searchRevert", "false");Line Found : user_pref("CT3310511.searchUserMode", "2");Line Found : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");Line Found : user_pref("CT3310511.xpeMode", "0"); -\\ Google Chrome v [ File : C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage ************************* AdwCleaner[R0].txt - [2379 octets] - [29/09/2013 15:02:35]AdwCleaner[R1].txt - [2439 octets] - [29/09/2013 20:17:01]AdwCleaner[R2].txt - [2355 octets] - [29/09/2013 20:20:18] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2415 octets] ########## ESCAN ----- C:\$RECYCLE.BIN\S-1-5-21-842231502-1118220138-2566208259-1000\$REBBOHE.exe a variant of Win32/InstallIQ.A applicationC:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A applicationC:\Users\Carly\Documents\Downloads torrents\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G application ----------FRST---------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02Ran by Carly (administrator) on AKAI on 01-10-2013 06:30:38Running from C:\Users\Carly\DesktopWindows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(AMD) C:\Windows\system32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Users\Carly\Desktop\AdwCleaner (2).exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [chromium] - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-16] (Google Inc.)HKCU\...\Run: [Google Update] - C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)HKLM-x32\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)HKLM-x32\...\Run: [QuickFinder Scheduler] - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM-x32 - DefaultScope {C8D27771-4B0B-4E5F-916B-7F97C4289609} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF SearchPlugin: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\searchplugins\Sweetpacks Search.xmlFF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.comFF Extension: autofillForms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpiFF Extension: No Name - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\ef31e476840d0876b6438832615c696ec3d95eee5ebf38385fa5a73d856baed6_lp.keyFF Extension: No Name - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo\0.0.1.0_0CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0CHR Extension: ( "name": "Print this page with CleanPrint") - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.7.0_0CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0CHR Extension: (LastPass) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia\1.3.4_0CHR Extension: ( "name": "Eric Hamiter") - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop\1.0_0CHR Extension: (HootSuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Carly\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crxCHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crxCHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-07-17] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 06:30 - 2013-10-01 06:30 - 00000000 ____D C:\FRST2013-09-30 06:46 - 2013-09-30 06:46 - 01953880 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2013-09-30 06:37 - 2013-09-30 06:37 - 00000355 _____ C:\Users\Carly\Desktop\escan.txt2013-09-29 20:22 - 2013-09-29 20:22 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2013-09-29 20:21 - 2013-09-29 20:21 - 00002499 _____ C:\Users\Carly\Desktop\AdwCleaner[R2].txt2013-09-29 20:19 - 2013-09-29 20:20 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner.exe2013-09-29 15:02 - 2013-09-29 20:20 - 00000000 ____D C:\AdwCleaner2013-09-29 15:02 - 2013-09-29 15:02 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (2).exe2013-09-29 14:29 - 2013-09-29 14:29 - 00006914 _____ C:\Users\Carly\Desktop\JRT.txt2013-09-28 21:47 - 2013-09-28 21:48 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (1).exe2013-09-28 21:45 - 2013-09-28 21:46 - 01030305 _____ (Thisisu) C:\Users\Carly\Desktop\JRT.exe2013-09-28 21:29 - 2013-09-28 21:44 - 00000000 ____D C:\Users\Carly\Desktop\mbar2013-09-28 21:29 - 2013-09-28 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-28 21:28 - 2013-09-28 21:29 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Carly\Desktop\mbar-1.07.0.1005.exe2013-09-27 21:17 - 2013-09-27 21:17 - 00002296 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211750.txt2013-09-27 21:14 - 2013-09-27 21:14 - 00000000 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211358.txt2013-09-27 21:10 - 2013-09-27 21:10 - 03812352 _____ C:\Users\Carly\Desktop\RogueKillerX64.exe2013-09-27 21:09 - 2013-09-27 21:09 - 00000905 _____ C:\Users\Carly\Desktop\ERUNT.lnk2013-09-27 21:09 - 2013-09-27 21:09 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-27 21:08 - 2013-09-27 21:08 - 00791393 _____ (Lars Hederer ) C:\Users\Carly\Desktop\erunt-setup.exe2013-09-27 21:05 - 2013-09-27 21:08 - 00002358 _____ C:\Users\Carly\Desktop\Rkill.txt2013-09-27 21:02 - 2013-09-27 21:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Carly\Desktop\rkill.exe2013-09-27 21:00 - 2013-09-27 21:02 - 00000000 ____D C:\13add062afcc81b47d5db7852013-09-25 07:45 - 2013-09-30 06:36 - 00000224 _____ C:\Windows\setupact.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000414 _____ C:\Windows\PFRO.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000000 _____ C:\Windows\setuperr.log2013-09-25 06:32 - 2013-09-25 06:32 - 00054392 _____ C:\Users\Carly\Documents\cc_20130925_063248.reg2013-09-22 19:59 - 2013-09-22 19:59 - 00000000 ____D C:\Windows\system32\ljkb2013-09-18 21:36 - 2013-09-15 08:33 - 01762608 _____ C:\Windows\system32\dmwu.exe2013-09-18 21:36 - 2013-09-15 08:27 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll2013-09-18 21:32 - 2013-09-18 21:37 - 00000183 _____ C:\Windows\awopr.ini2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft2013-09-04 21:51 - 2013-09-04 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache2013-09-04 21:19 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\Documents\Working Files2013-09-04 21:16 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Corel2013-09-04 21:16 - 2013-09-04 21:19 - 00000000 ____D C:\ProgramData\Protexis2013-09-04 21:08 - 2013-09-04 21:08 - 00002378 _____ C:\Users\Public\Desktop\WordPerfect X6.lnk2013-09-04 21:06 - 2013-09-04 21:08 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office2013-09-04 21:05 - 2013-09-04 21:07 - 00000000 ____D C:\ProgramData\Corel2013-09-04 21:05 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Borland2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Program Files (x86)\Corel2013-09-04 21:02 - 2013-09-04 21:12 - 00000000 ____D C:\ProgramData\WordPerfect Office X6 ==================== One Month Modified Files and Folders ======= 2013-10-01 06:31 - 2013-04-12 20:49 - 00000000 ____D C:\Users\Carly\AppData\Roaming\vlc2013-10-01 06:30 - 2013-10-01 06:30 - 00000000 ____D C:\FRST2013-10-01 06:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing2013-10-01 06:06 - 2012-02-17 21:24 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2013-10-01 06:01 - 2013-04-07 07:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-01 05:20 - 2011-01-05 13:06 - 01105971 _____ C:\Windows\WindowsUpdate.log2013-09-30 17:29 - 2011-10-11 23:50 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Dropbox2013-09-30 17:06 - 2012-02-17 21:24 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2013-09-30 06:48 - 2013-04-12 20:49 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-09-30 06:46 - 2013-09-30 06:46 - 01953880 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2013-09-30 06:37 - 2013-09-30 06:37 - 00000355 _____ C:\Users\Carly\Desktop\escan.txt2013-09-30 06:36 - 2013-09-25 07:45 - 00000224 _____ C:\Windows\setupact.log2013-09-29 20:22 - 2013-09-29 20:22 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2013-09-29 20:21 - 2013-09-29 20:21 - 00002499 _____ C:\Users\Carly\Desktop\AdwCleaner[R2].txt2013-09-29 20:20 - 2013-09-29 20:19 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner.exe2013-09-29 20:20 - 2013-09-29 15:02 - 00000000 ____D C:\AdwCleaner2013-09-29 15:02 - 2013-09-29 15:02 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (2).exe2013-09-29 14:29 - 2013-09-29 14:29 - 00006914 _____ C:\Users\Carly\Desktop\JRT.txt2013-09-29 14:28 - 2011-10-11 23:51 - 00000000 ___RD C:\Users\Carly\Dropbox2013-09-28 21:48 - 2013-09-28 21:47 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (1).exe2013-09-28 21:46 - 2013-09-28 21:45 - 01030305 _____ (Thisisu) C:\Users\Carly\Desktop\JRT.exe2013-09-28 21:44 - 2013-09-28 21:29 - 00000000 ____D C:\Users\Carly\Desktop\mbar2013-09-28 21:44 - 2013-09-28 21:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-28 21:29 - 2013-09-28 21:28 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Carly\Desktop\mbar-1.07.0.1005.exe2013-09-27 21:17 - 2013-09-27 21:17 - 00002296 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211750.txt2013-09-27 21:16 - 2013-06-11 07:03 - 00000000 ____D C:\Users\Carly\Desktop\RK_Quarantine2013-09-27 21:14 - 2013-09-27 21:14 - 00000000 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211358.txt2013-09-27 21:14 - 2012-10-09 08:39 - 00000000 ____D C:\Users\Carly\Desktop\Sort Me2013-09-27 21:10 - 2013-09-27 21:10 - 03812352 _____ C:\Users\Carly\Desktop\RogueKillerX64.exe2013-09-27 21:10 - 2013-06-08 21:31 - 00000000 ____D C:\Windows\erdnt2013-09-27 21:09 - 2013-09-27 21:09 - 00000905 _____ C:\Users\Carly\Desktop\ERUNT.lnk2013-09-27 21:09 - 2013-09-27 21:09 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-27 21:08 - 2013-09-27 21:08 - 00791393 _____ (Lars Hederer ) C:\Users\Carly\Desktop\erunt-setup.exe2013-09-27 21:08 - 2013-09-27 21:05 - 00002358 _____ C:\Users\Carly\Desktop\Rkill.txt2013-09-27 21:02 - 2013-09-27 21:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Carly\Desktop\rkill.exe2013-09-27 21:02 - 2013-09-27 21:00 - 00000000 ____D C:\13add062afcc81b47d5db7852013-09-27 06:43 - 2012-07-06 12:46 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-09-25 07:53 - 2009-07-14 00:45 - 00019232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-25 07:53 - 2009-07-14 00:45 - 00019232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-25 07:45 - 2013-09-25 07:45 - 00000414 _____ C:\Windows\PFRO.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000000 _____ C:\Windows\setuperr.log2013-09-25 07:45 - 2012-09-16 11:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl2013-09-25 07:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-25 06:32 - 2013-09-25 06:32 - 00054392 _____ C:\Users\Carly\Documents\cc_20130925_063248.reg2013-09-25 06:23 - 2013-06-11 21:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-09-25 06:23 - 2012-10-09 09:34 - 00000000 ____D C:\Program Files\CCleaner2013-09-25 06:11 - 2013-01-26 16:07 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Skype2013-09-22 19:59 - 2013-09-22 19:59 - 00000000 ____D C:\Windows\system32\ljkb2013-09-22 08:48 - 2009-07-14 00:45 - 00457816 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-20 20:05 - 2011-01-05 11:14 - 00000000 _____ C:\Windows\SysWOW64\config.nt2013-09-20 20:04 - 2012-02-17 21:25 - 00002360 _____ C:\Users\Carly\Desktop\Google Chrome.lnk2013-09-20 19:58 - 2013-05-14 21:02 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-09-20 19:58 - 2013-04-07 07:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-09-20 19:58 - 2012-05-19 10:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-20 19:58 - 2011-05-13 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-19 06:55 - 2013-07-16 16:56 - 00000000 ____D C:\Windows\system32\MRT2013-09-19 06:53 - 2011-01-06 23:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-19 06:53 - 2011-01-05 10:51 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-18 21:37 - 2013-09-18 21:32 - 00000183 _____ C:\Windows\awopr.ini2013-09-18 21:36 - 2011-01-05 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-18 21:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources2013-09-18 21:33 - 2011-07-17 10:21 - 00000000 ____D C:\Users\Carly\Documents\Downloads torrents2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft2013-09-15 08:33 - 2013-09-18 21:36 - 01762608 _____ C:\Windows\system32\dmwu.exe2013-09-15 08:27 - 2013-09-18 21:36 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll2013-09-09 04:54 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll2013-09-09 04:54 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll2013-09-04 21:52 - 2011-01-06 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-09-04 21:51 - 2013-09-04 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache2013-09-04 21:19 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\Documents\Working Files2013-09-04 21:19 - 2013-09-04 21:16 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Corel2013-09-04 21:19 - 2013-09-04 21:16 - 00000000 ____D C:\ProgramData\Protexis2013-09-04 21:16 - 2011-01-05 10:47 - 00133520 _____ C:\Users\Carly\AppData\Local\GDIPFONTCACHEV1.DAT2013-09-04 21:12 - 2013-09-04 21:02 - 00000000 ____D C:\ProgramData\WordPerfect Office X62013-09-04 21:08 - 2013-09-04 21:08 - 00002378 _____ C:\Users\Public\Desktop\WordPerfect X6.lnk2013-09-04 21:08 - 2013-09-04 21:06 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office2013-09-04 21:07 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Corel2013-09-04 21:05 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Borland2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Program Files (x86)\Corel2013-09-02 20:46 - 2011-02-11 22:28 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCarly2013-09-02 20:46 - 2011-02-11 22:28 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCarly.job2013-09-02 20:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\Quarantine.exeC:\Users\Carly\AppData\Local\Temp\tbSwee.dllC:\Users\Carly\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-22 10:30 ==================== End Of Log ============================
  11. MBAR: Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.org Database version: v2013.09.29.01 Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Carly :: AKAI [administrator] 9/28/2013 9:29:50 PMmbar-log-2013-09-28 (21-29-50).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 237526Time elapsed: 12 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) --- ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Z:\ DRIVE_FIXEDCPU speed: 2.666000 GHzMemory total: 4083007488, free: 2158714880 Downloaded database version: v2013.09.29.01Downloaded database version: v2013.09.23.01=======================================Initializing...------------ Kernel report ------------ 09/28/2013 21:29:47------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\Tpkd.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\mcdbus.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\drivers\EvoMouseDriverMini.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\DRIVERS\diginet.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\bcbtums.sys\SystemRoot\system32\drivers\btwampfl.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msvcrt.dll\Windows\System32\msctf.dll\Windows\System32\sechost.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\iertutil.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\imagehlp.dll\Windows\System32\ole32.dll\Windows\System32\oleaut32.dll\Windows\System32\nsi.dll\Windows\System32\advapi32.dll\Windows\System32\difxapi.dll\Windows\System32\user32.dll\Windows\System32\lpk.dll\Windows\System32\ws2_32.dll\Windows\System32\setupapi.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\comdlg32.dll\Windows\System32\shlwapi.dll\Windows\System32\shell32.dll\Windows\System32\normaliz.dll\Windows\System32\urlmon.dll\Windows\System32\usp10.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\devobj.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80052aa060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004fe1050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80052aab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005148b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8004fe1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 522B6E86 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 926502912 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 926912512 Numsec = 49647616 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished
  12. Hi, still here, thanks for responding. Rkill: ----------------- Rkill 2.6.1 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/27/2013 09:05:33 PM in x64 mode.Windows Version: Windows 7 Home Premium Checking for Windows services to stop: * CltMngSvc Stopped. [Win32/Conduit.SearchProtect.B] 1 service stopped! Checking for processes to terminate: * C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe (PID: 3676) [Win32/Conduit.SearchProtect.B] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/27/2013 09:08:10 PMExecution time: 0 hours(s), 2 minute(s), and 36 seconds(s) ----------------- Rogue Killer: ---------------------------- RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Carly [Admin rights]Mode : Scan -- Date : 09/27/2013 21:17:50| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-842231502-1118220138-2566208259-1000\[...]\Run : SearchProtect (C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000BEKT-60KA9T0 +++++--- User ---[MBR] 9bdad52c1874e6b314da49586bab4b93[bSP] b1a760fd9f8733710c7c58d4a82a9c2b : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452394 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926912512 | Size: 24242 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09272013_211750.txt >>RKreport[0]_S_09272013_211358.txt
  13. I have an HP Pavilion dm4 laptop. It's infected with Sweetpacks. Symptoms: slow computer, secunia won't work (scans but no results), browser hijacking returns every time I reopen the browser (even after changing settings), toolbar and some other sweetpacks software found and removed in programs through control panel. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2Run by Carly at 6:19:02 on 2013-09-25Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1148 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Windows\system32\BtwRSupportService.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files (x86)\Secunia\PSI\psi_tray.exeC:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\taskhost.exeC:\Windows\system32\dmwu.exeC:\Windows\SysWOW64\jmdp\stij.exeC:\Windows\System32\ljkb\stij.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [chromium] C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-windowuRun: [Google Update] "C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [searchProtect] C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE"mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exedRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunStartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htmIE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htmIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillformsIE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.htaIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9}\B6377657563747 : DHCPNameServer = 192.168.102.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9}\D4E254E202357594E474 : DHCPNameServer = 192.168.10.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\FF - prefs.js: browser.search.selectedEngine - SweetPacks Customized Web SearchFF - ExtSQL: !HIDDEN! 2013-01-20 19:14; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-3 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-3 204880]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-15 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-5 378944]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-25 89600]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-5 203264]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-5 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-5 80816]R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-1-6 21520]R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-5 39464]R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\System32\drivers\EvoMouseDriverMini.sys [2010-6-23 22584]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-5 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-5 158976]R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-5 10342240]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-5 25928]S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-6-7 107432]S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-25 40448]S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2011-1-6 139792]S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144]S3 iscFlash;iscFlash;C:\SwSetup\sp50824\iscflashx64.sys [2010-9-15 45632]S3 MBX2DFU;MBX2DFU;C:\Windows\System32\drivers\mbx2dfu.sys [2011-1-6 31120]S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2011-1-6 32400]S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2011-12-26 38912]S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 349800]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-5-10 49256]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120].=============== Created Last 30 ================.2013-09-25 10:08:03 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC53A696-6DAB-49BE-8F2A-935369853736}\offreg.dll2013-09-25 10:04:16 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC53A696-6DAB-49BE-8F2A-935369853736}\mpengine.dll2013-09-25 10:04:15 -------- d-----w- C:\5d3c41e13493b3d46c5d789a1fff2013-09-25 10:01:49 -------- d-----w- C:\a60c8e1dbae6f4daf82c69f0db2e072013-09-22 23:59:15 -------- d-----w- C:\Windows\System32\ljkb2013-09-22 23:59:14 -------- d-----w- C:\Windows\SysWow64\jmdp2013-09-19 01:39:56 -------- d-----w- C:\ProgramData\Conduit2013-09-19 01:39:52 -------- d-----w- C:\Users\Carly\AppData\Local\Conduit2013-09-19 01:39:01 -------- d-----w- C:\Users\Carly\AppData\Local\CRE2013-09-19 01:38:59 -------- d-----w- C:\Program Files (x86)\Conduit2013-09-19 01:38:07 -------- d-----w- C:\Program Files (x86)\SearchProtect2013-09-19 01:37:54 -------- d-----w- C:\Users\Carly\AppData\Roaming\SearchProtect2013-09-19 01:36:29 -------- d-----w- C:\Windows\SysWow64\ARFC2013-09-19 01:36:28 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll2013-09-19 01:36:28 1762608 ----a-w- C:\Windows\System32\dmwu.exe2013-09-19 01:36:26 -------- d-----w- C:\Windows\SysWow64\WNLT2013-09-19 01:31:45 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery2013-09-19 01:31:45 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-19 01:31:45 -------- d-----w- C:\Program Files (x86)\Elcomsoft2013-09-05 01:51:23 -------- d-----w- C:\Program Files (x86)\MSECache2013-09-05 01:16:52 -------- d-----w- C:\ProgramData\Protexis2013-09-05 01:07:54 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis2013-09-05 01:06:04 -------- d-----w- C:\Program Files (x86)\Common Files\Corel2013-09-05 01:05:46 -------- d-----w- C:\ProgramData\Corel2013-09-05 01:05:27 -------- d-----w- C:\ProgramData\Borland2013-09-05 01:05:27 -------- d-----w- C:\Program Files (x86)\Common Files\Borland Shared2013-09-05 01:04:45 -------- d-----w- C:\Program Files (x86)\Corel2013-09-05 01:02:15 -------- d-----w- C:\ProgramData\WordPerfect Office X6.==================== Find3M ====================.2013-09-20 23:58:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-20 23:58:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-20 23:58:02 3723656 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-09-09 08:54:22 829264 ----a-w- C:\Windows\System32\msvcr100.dll2013-09-09 08:54:22 608080 ----a-w- C:\Windows\System32\msvcp100.dll2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-10 00:02:14 66264 ----a-w- C:\Windows\System32\btwdi.dll2013-08-10 00:02:14 2232024 ----a-w- C:\Windows\System32\BcmBtRSupport.dll2013-08-10 00:02:14 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys2013-08-10 00:02:14 166104 ----a-w- C:\Windows\System32\drivers\btwampfl.sys2013-08-10 00:02:12 2252504 ----a-w- C:\Windows\System32\BtwRSupportService.exe2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-07-03 08:32:42 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys2013-06-30 17:07:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-30 17:07:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-30 17:07:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll.============= FINISH: 6:24:36.93 =============== -------------------- .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 1/5/2011 9:46:10 AMSystem Uptime: 9/22/2013 8:47:52 AM (70 hours ago).Motherboard: Hewlett-Packard | | 1603Processor: Intel® Core i5 CPU M 580 @ 2.67GHz | CPU | 2667/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 442 GiB total, 87.223 GiB free.E: is CDROM ()G: is CDROM ()Z: is FIXED (NTFS) - 24 GiB total, 3.459 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Device ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64PNP Device ID: ROOT\NET\0000Service: vpnva.==== System Restore Points ===================.RP276: 6/8/2013 12:02:00 PM - Revo Uninstaller's restore point - SteamRP277: 6/8/2013 12:02:29 PM - Removed SteamRP278: 6/8/2013 12:15:26 PM - Revo Uninstaller's restore point - iThink 10.0 TrialRP279: 6/12/2013 8:29:02 PM - Windows UpdateRP280: 6/18/2013 9:43:52 PM - Restore OperationRP281: 6/18/2013 9:54:58 PM - Windows UpdateRP282: 6/18/2013 10:01:21 PM - Removed BonjourRP283: 6/30/2013 12:47:54 PM - Windows UpdateRP284: 6/30/2013 12:52:05 PM - Windows UpdateRP285: 7/9/2013 5:24:55 PM - Windows UpdateRP286: 7/9/2013 5:40:35 PM - Windows UpdateRP287: 7/16/2013 4:54:57 PM - Windows UpdateRP288: 7/22/2013 2:29:47 PM - Windows UpdateRP289: 8/1/2013 10:06:51 AM - Windows UpdateRP290: 8/10/2013 8:44:45 AM - Windows UpdateRP291: 8/18/2013 9:39:28 PM - Windows UpdateRP292: 8/24/2013 11:51:22 AM - Windows UpdateRP293: 8/25/2013 10:37:30 AM - Windows UpdateRP294: 8/27/2013 8:15:35 AM - Windows UpdateRP295: 8/27/2013 8:26:38 AM - Windows UpdateRP296: 9/3/2013 8:37:58 PM - Scheduled CheckpointRP297: 9/4/2013 9:51:25 PM - Installed Compatibility Pack for the 2007 Office systemRP298: 9/16/2013 6:10:47 AM - Windows UpdateRP299: 9/18/2013 9:31:01 PM - Installed Advanced WordPerfect Office Password RecoveryRP300: 9/19/2013 6:51:20 AM - Windows UpdateRP301: 9/25/2013 6:01:19 AM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components InstallerActiveCheck component for HP Active Support LibraryAdobe Acrobat X Pro - English, Français, DeutschAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)Advanced WordPerfect Office Password RecoveryAIFF MP3 Converter v3.3 build 1049AIO_ScanAlcor Micro USB Card ReaderApple Application SupportApple Software UpdateApplication ProfilesASUS RT-N56U Wireless Router UtilitiesATI Catalyst Install Manageravast! Free AntivirusAvernum 6AxisTV DesktopBroadcom 2070 Bluetooth 3.0Broadcom 802.11 Wireless LAN AdapterBufferChmC4200c4200_Helpcalibre 64bitCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility Client Compatibility Pack for the 2007 Office systemCopyD-Fend Reloaded 1.3.1 (deinstall)DecisionTools Suite 6.1Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDestinationsDeviceDiscoveryDigidesign Audio Drivers 8.0.3DocProcDropboxeRegESET Online Scanner v3ESU for Microsoft Windows 7Evoluent Mouse ManagerGoogle ChromeGPBaseService2HP 3D DriveGuardHP Customer Experience EnhancementsHP Imaging Device Functions 13.0HP MediaSmart WebcamHP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1HP Quick LaunchHP Smart Web Printing 4.51HP Software FrameworkHP Solution Center 13.0HP UpdateHP Wireless AssistantHPAsset component for HP Active Support LibraryHPPhotoGadgetHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHPSSupplyIB Updater ServiceIDT AudioIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverInterlok driver setup x64Java 7 Update 25K-Lite Codec Pack (64-bit) v4.1.0Last.fm 1.5.4.27091LastPass (uninstall only)League of LegendsLogitech SetPoint 6.20MagicDisc 2.7.106Malwarebytes Anti-Malware version 1.75.0.1300Media Player Classic - Home Cinema v1.5.0.2827MediaMonkey 4.0Microsoft .NET Framework 4 Client ProfileMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMicrosoft Xbox 360 Accessories 1.2MotoCastMotoHelper MergeModulesMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.9.0Movie Theme Pack for HP MediaSmart VideoMozilla Firefox 22.0 (x86 en-ZA)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MT KeysOCR Software by I.R.I.S. 13.0Plex Media ServerProject64 1.6PS_AIO_Software_minPS3 Media ServerPX Profile UpdateQuickTimeRealtek Ethernet Controller DriverRecovery ManagerScanScrivenerSeagate DashboardSearch Protect by conduitSecunia PSI (3.0.0.7011)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Shop for HP SuppliesSibelius 6Sideload Wonder MachineSkype™ 6.3SmartWebPrintingSolutionCenterSpywareBlaster 5.0StatusSynaptics Pointing Device DriverToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionValidity Sensors DDKVensim PLEVLC media player 2.0.7WebRegWinRAR 5.00 beta 7 (64-bit)WordPerfect Office IFilter 32-bitWordPerfect Office IFilter 64-bitWordPerfect Office X6WordPerfect Office X6 - Common FilesWordPerfect Office X6 - Common Files EnglishWordPerfect Office X6 - IPMWordPerfect Office X6 - Lightning FilesWordPerfect Office X6 - Lightning Files EnglishWordPerfect Office X6 - OxfordWordPerfect Office X6 - Presentations FilesWordPerfect Office X6 - Presentations Files EnglishWordPerfect Office X6 - Quattro Pro FilesWordPerfect Office X6 - Quattro Pro Files EnglishWordPerfect Office X6 - Setup FilesWordPerfect Office X6 - System FilesWordPerfect Office X6 - WordPerfect FilesWordPerfect Office X6 - WordPerfect Files EnglishWordPerfect Office X6 - WTYahoo! DetectYamaha S90 XS / S70 XS Remote Tools 64bitYamaha USB-MIDI DriverZip Motion Block Video codec (Remove Only).==== Event Viewer Messages From Past Week ========.9/25/2013 6:04:34 AM, Error: Service Control Manager [7000] - The Secunia PSI Agent service failed to start due to the following error: The system cannot find the file specified.9/22/2013 8:48:58 AM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified..==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.