Jump to content

konriar

Honorary Members
  • Posts

    41
  • Joined

  • Last visited

Everything posted by konriar

  1. Hey guys, thanks, it does seem to be working a little better now. I'll let you know if issues resume?
  2. Hello, my PC has become very slow recently, to startup, to use, to browse the internet. It used to be fine until the last month or so. This forum helped before so thought I'd try. Uninstalled torrent software and Malwarebytes caught some threats and quarantined them, which makes me think there's an infection. Dell XPS laptop i7 processor FRST.txtAddition.txtMBAMSERVICE.LOG
  3. Hi, I found the boostscan log: CmdLine - quickaswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"CmdLine endSafeBoot: 0CreateKbThreadnew CKbBufferCKbBuffer::InitCKbBuffer::Init endNtCreateEvent(g_hStopEvent)dep_osBeginThread - KbThreadCreateKbThread endNtInitializeRegistryKbThread startReadRegistryDATA=C:\ProgramData\AVAST Software\AvastPROG=C:\Program Files\AVAST Software\AvastBUILD=2021Windows 7 Home PremiumSystemRoot=C:\WindowsTEMP=C:\Windows\TEMPTMP=C:\Windows\TEMPReadRegistry endCreateTempCreateTemp endaswcmnbDllMaincmnbInitaswEnginDllMain(DLL_PROCESS_ATTACH)InitLogInitLog endCmdLine - fullaswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"CmdLine endProgram folder: C:\Program Files\AVAST Software\AvastEngine folder: C:\Program Files\AVAST Software\Avast\defs\14072100Base addr: 76da0000TimeStamp: 53c90e09Unschedule61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,4C,00,3A,00,22,00,31,00,30,00,33,00,33,00,22,00,20,00,2F,00,68,00,65,00,75,00,72,00,3A,00,38,00,30,00,20,00,2F,00,52,00,41,00,3A,00,61,00,73,00,6B,00,20,00,2F,00,70,00,75,00,70,00,20,00,2F,00,61,00,72,00,63,00,68,00,69,00,76,00,65,00,73,00,20,00,2F,00,49,00,41,00,3A,00,30,00,20,00,2F,00,4B,00,42,00,44,00,3A,00,33,00,20,00,2F,00,77,00,6F,00,77,00,20,00,2F,00,64,00,69,00,72,00,3A,00,22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,41,00,56,00,41,00,53,00,54,00,20,00,53,00,6F,00,66,00,74,00,77,00,61,00,72,00,65,00,5C,00,41,00,76,00,61,00,73,00,74,00,22,00,00,00,00,00,Unschedule endLoadResourcesLoadResources endInitReportInitReport endNew global exclusions: NtSetEvent(g_hInitEvent) - 1CPU: Phys(2), Log(4), Aff(4), Feat(100003ff)InitKeyboardg_dwKbdNum: 3FreeMemory: 3679744000avworkInitializes_dwKbdClassCnt: 3InitKeyboard endNtSetEvent(g_hInitEvent) - 2GetKeyFreeMemory: 3651952640CKbBuffer::WaitCKbBuffer::GetCKbBuffer::Get endCKbBuffer::Wait endProcessAreaavfilesScanAdd *MBR0avfilesScanAdd *BOOTC:Loading raw access supportavfilesScanAdd *RAW:C:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanAdd *BOOTVolume{e22f3639-18f2-11e0-a37f-806e6f6e6963}avfilesScanAdd *RAW:Volume{e22f3639-18f2-11e0-a37f-806e6f6e6963}\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanAdd *BOOTVolume{e22f363c-18f2-11e0-a37f-806e6f6e6963}avfilesScanAdd *RAW:Volume{e22f363c-18f2-11e0-a37f-806e6f6e6963}\ [Fs: 00000006, FAT32; Dev: 07, 00000020]avfilesScanAdd *BOOTZ:avfilesScanAdd *RAW:Z:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]avfilesScanRealMulti beginGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextGetErrorTextCKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2Key: 0, 3, 1, 0, 0Attaching OS: 0GetErrorTextCKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextKey: 0, 8, 1, 0, 0CKbBuffer::GetKey: 0, 72, 2, 0, 0GetKey end (?/ff)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endCKbBuffer::GetKey: 0, 72, 3, 0, 0Key: 0, 72, 2, 0, 0GetKey end (?/ff)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endCKbBuffer::GetKey: 0, 72, 3, 0, 0Key: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextKey: 0, 6, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextKey: 0, 4, 1, 0, 0CKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1Key: 0, 2, 1, 0, 0GetErrorTextCKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2GetErrorTextKey: 0, 3, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextCKbBuffer::GetKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 4GetErrorTextKey: 0, 5, 1, 0, 0CKbBuffer::GetKey: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextCKbBuffer::GetKey: 0, 6, 1, 0, 0Key: 0, 7, 0, 0, 0GetKey end (6/36)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 6GetErrorTextCKbBuffer::GetKey: 0, 7, 1, 0, 0Key: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextCKbBuffer::GetKey: 0, 8, 1, 0, 0Key: 0, 9, 0, 0, 0GetKey end (8/38)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 8GetErrorTextCKbBuffer::GetKey: 0, 9, 1, 0, 0Key: 0, 10, 0, 0, 0GetKey end (9/39)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 9Key: 0, 10, 1, 0, 0GetErrorTextCKbBuffer::GetKey: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 1GetErrorTextKey: 0, 2, 1, 0, 0CKbBuffer::GetKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 2GetErrorTextKey: 0, 3, 1, 0, 0CKbBuffer::GetKey: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 3GetErrorTextKey: 0, 4, 1, 0, 0CKbBuffer::GetKey: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 4GetErrorTextCKbBuffer::GetKey: 0, 5, 1, 0, 0Key: 0, 6, 0, 0, 0GetKey end (5/35)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 5GetErrorTextKey: 0, 6, 1, 0, 0CKbBuffer::GetKey: 0, 7, 0, 0, 0GetKey end (6/36)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 6GetErrorTextCKbBuffer::GetKey: 0, 7, 1, 0, 0Key: 0, 8, 0, 0, 0GetKey end (7/37)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 7GetErrorTextKey: 0, 8, 1, 0, 0CKbBuffer::GetKey: 0, 9, 0, 0, 0GetKey end (8/38)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 8GetErrorTextCKbBuffer::GetKey: 0, 9, 1, 0, 0Key: 0, 10, 0, 0, 0GetKey end (9/39)CKbBuffer::PutCKbBuffer::Put endGetKeyCKbBuffer::Get endWaitForKeys (11): 9Key: 0, 10, 1, 0, 0Key: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 2, 1, 0, 0Key: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 3, 1, 0, 0Key: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 5, 1, 0, 0Key: 0, 2, 0, 0, 0GetKey end (1/31)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 3, 0, 0, 0GetKey end (2/32)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 2, 1, 0, 0Key: 0, 3, 1, 0, 0Key: 0, 4, 0, 0, 0GetKey end (3/33)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 4, 1, 0, 0Key: 0, 5, 0, 0, 0GetKey end (4/34)CKbBuffer::PutCKbBuffer::Put endGetKeyKey: 0, 5, 1, 0, 0avfilesScanRealMulti finishedRuntime: 45425548msUnloading attached OSavworkCloseTerminateKbThreadGetKey end (?/00)CloseKeyboardCloseKeyboard endKbThread stopCKbBuffer::~CKbBufferCKbBuffer::~CKbBuffer endaswEnginDllMain(DLL_PROCESS_DETACH)cmnbFreeFreeResourcesCloseReportCloseLog
  4. I'm afraid there is no log, I looked everywhere. I'm not sure where to go from here...
  5. This is all eset gave. It didn't create the log you mentioned as far as I can find. Let me know if I need to rescan to get a more thorough log. I ran avast BootScan again and it again found high-risk infected files it couldn't fix, quarantine, or delete. I don't know where to find the log files to show... let me know if you know how to do this or if it would help. Thanks! eset results: C:\FRST\Quarantine\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\FRST\Quarantine\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted applicationC:\Users\Carly\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Dropbox\! 2013 Fall Classes\Nonprofit Management\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\GDgame.chicken.apk a variant of Android/AdDisplay.Wiyun.E potentially unwanted applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\Total Recall Recorder (1.3.0).apk a variant of Android/Torec.D potentially unsafe application --------Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014Ran by Carly (administrator) on AKAI on 21-07-2014 21:30:07Running from C:\Users\Carly\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(AMD) C:\Windows\System32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM-x32 - DefaultScope value is missing.BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03]FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08]FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: =======CHR HomePage: hxxp://www.google.comCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileCHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18]CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17]CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17]CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17]CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17]CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07]CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10]CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24]CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17]CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24]CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24]CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24]CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18]CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24]CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11]CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17]CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17]CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 06:05 - 2014-07-21 06:06 - 00278800 _____ () C:\Windows\Minidump\072114-41231-01.dmp2014-07-21 06:05 - 2014-07-21 06:05 - 659514359 _____ () C:\Windows\MEMORY.DMP2014-07-21 06:00 - 2014-07-21 06:00 - 00000880 _____ () C:\Users\Carly\Desktop\eset.txt2014-07-20 16:13 - 2014-07-20 16:13 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2014-07-20 09:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-20 09:45 - 2014-07-20 09:46 - 01354223 _____ () C:\Users\Carly\Desktop\AdwCleaner.exe2014-07-20 06:47 - 2014-07-20 06:48 - 00036908 _____ () C:\Users\Carly\Desktop\Addition.txt2014-07-20 06:44 - 2014-07-21 21:29 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion2014-07-19 09:10 - 2014-07-21 21:30 - 00025837 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:08 - 2014-07-21 21:29 - 02090496 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:25 - 2014-07-21 18:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-21 21:30 - 2014-07-19 09:10 - 00025837 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-21 21:30 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST2014-07-21 21:29 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion2014-07-21 21:29 - 2014-07-19 09:08 - 02090496 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-21 21:26 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2014-07-21 18:58 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-21 18:58 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-21 18:56 - 2011-01-05 13:06 - 01715476 _____ () C:\Windows\WindowsUpdate.log2014-07-21 18:55 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox2014-07-21 18:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing2014-07-21 18:54 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster2014-07-21 18:54 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox2014-07-21 18:51 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-21 18:50 - 2014-04-14 12:51 - 00002278 _____ () C:\Windows\setupact.log2014-07-21 18:50 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl2014-07-21 18:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-21 06:06 - 2014-07-21 06:05 - 00278800 _____ () C:\Windows\Minidump\072114-41231-01.dmp2014-07-21 06:05 - 2014-07-21 06:05 - 659514359 _____ () C:\Windows\MEMORY.DMP2014-07-21 06:05 - 2011-01-08 20:23 - 00000000 ____D () C:\Windows\Minidump2014-07-21 06:00 - 2014-07-21 06:00 - 00000880 _____ () C:\Users\Carly\Desktop\eset.txt2014-07-20 16:13 - 2014-07-20 16:13 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2014-07-20 15:13 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk2014-07-20 11:20 - 2014-04-14 12:50 - 00350320 _____ () C:\Windows\PFRO.log2014-07-20 11:19 - 2013-09-29 15:02 - 00000000 ____D () C:\AdwCleaner2014-07-20 09:46 - 2014-07-20 09:45 - 01354223 _____ () C:\Users\Carly\Desktop\AdwCleaner.exe2014-07-20 06:48 - 2014-07-20 06:47 - 00036908 _____ () C:\Users\Carly\Desktop\Addition.txt2014-07-20 06:44 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me2014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzoakwx.dllC:\Users\Carly\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-20 15:49 ==================== End Of Log ============================
  6. OK, I'm going to try another bootscan to see if the problem persists. Copying logfile now: C:\FRST\Quarantine\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\FRST\Quarantine\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted applicationC:\Users\Carly\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Users\Carly\Dropbox\! 2013 Fall Classes\Nonprofit Management\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\GDgame.chicken.apk a variant of Android/AdDisplay.Wiyun.E potentially unwanted applicationC:\Users\Carly\Games\1380_Paid_Android_Apps_Games_Updated\Total Recall Recorder (1.3.0).apk a variant of Android/Torec.D potentially unsafe application
  7. # AdwCleaner v3.216 - Report created 20/07/2014 at 11:18:57 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Carly - AKAI # Running from : C:\Users\Carly\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Windows\System32\ljkb Folder Deleted : C:\Users\Carly\AppData\Roaming\Nico Mak Computing ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v30.0 (en-ZA) [ File : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18076214484448513&ctid=CT3310511&UM=2 Deleted [search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=& Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj ************************* AdwCleaner[R0].txt - [2379 octets] - [29/09/2013 15:02:35] AdwCleaner[R1].txt - [2439 octets] - [29/09/2013 20:17:01] AdwCleaner[R2].txt - [2499 octets] - [29/09/2013 20:20:18] AdwCleaner[R3].txt - [2555 octets] - [20/10/2013 10:00:43] AdwCleaner[R4].txt - [1165 octets] - [20/10/2013 10:07:36] AdwCleaner[R5].txt - [1230 octets] - [20/10/2013 17:44:13] AdwCleaner[R6].txt - [1507 octets] - [20/07/2014 09:47:10] AdwCleaner[s0].txt - [2662 octets] - [20/10/2013 10:03:07] AdwCleaner[s1].txt - [1291 octets] - [20/10/2013 17:46:50] AdwCleaner[s2].txt - [1818 octets] - [20/07/2014 11:18:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1878 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/20/2014 Scan Time: 11:28:51 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.20.04 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Carly Scan Type: Threat Scan Result: Completed Objects Scanned: 305877 Time Elapsed: 38 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014 Ran by Carly (administrator) on AKAI on 20-07-2014 06:46:19 Running from C:\Users\Carly\Desktop Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.) HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03] FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08] FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File CHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18] CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17] CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17] CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17] CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17] CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07] CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10] CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24] CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17] CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24] CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24] CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24] CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18] CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24] CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13] CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17] CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17] CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14] CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.) S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed] S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] () S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.) S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.) S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent) R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] () S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.) S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.) S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 06:44 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion 2014-07-19 09:10 - 2014-07-20 06:46 - 00026112 _____ () C:\Users\Carly\Desktop\FRST.txt 2014-07-19 09:08 - 2014-07-20 06:44 - 02089984 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe 2014-07-19 08:51 - 2014-07-19 08:54 - 00000000 ____D () C:\a04b450f43ebf62623 2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-07-14 16:25 - 2014-07-20 06:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-20 06:46 - 2014-07-19 09:10 - 00026112 _____ () C:\Users\Carly\Desktop\FRST.txt 2014-07-20 06:46 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST 2014-07-20 06:44 - 2014-07-20 06:44 - 00000000 ____D () C:\Users\Carly\Desktop\FRST-OlderVersion 2014-07-20 06:44 - 2014-07-19 09:08 - 02089984 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe 2014-07-20 06:44 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job 2014-07-20 06:43 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job 2014-07-20 06:42 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 09:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing 2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly 2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me 2014-07-19 08:57 - 2011-01-05 13:06 - 01661796 _____ () C:\Windows\WindowsUpdate.log 2014-07-19 08:54 - 2014-07-19 08:51 - 00000000 ____D () C:\a04b450f43ebf62623 2014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server 2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm 2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent 2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-19 08:37 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox 2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log 2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-17 18:33 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster 2014-07-17 18:33 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox 2014-07-17 18:30 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-17 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-17 18:29 - 2014-04-14 12:51 - 00002110 _____ () C:\Windows\setupact.log 2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents 2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly 2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job 2014-07-14 16:52 - 2014-04-14 12:50 - 00350006 _____ () C:\Windows\PFRO.log 2014-07-14 16:38 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk 2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes 2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc 2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA 2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core 2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-21 08:13 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014 Ran by Carly at 2014-07-20 06:47:38 Running from C:\Users\Carly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced WordPerfect Office Password Recovery (HKLM-x32\...\{4A24A2A9-821D-4FBF-8F24-E8F8E17122CE}) (Version: 1.35.0.358 - Elcomsoft Co. Ltd.) AIFF MP3 Converter v3.3 build 1049 (HKLM-x32\...\{5494AFBC-3EC2-463A-BD6C-EAFB62EB6EE9}_is1) (Version: - Hoo Technologies) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{33C7BB7A-4C65-4605-A0CD-76C38F59B0A3}) (Version: 1.2.517.35221 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221 - Alcor Micro Corp.) Hidden Application Profiles (HKLM-x32\...\{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}) (Version: 2.0.4148.33974 - ATI Technologies, Inc.) ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.4.8 - ASUS) ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) AxisTV Desktop (HKLM-x32\...\{A75C8159-B88F-40E2-942D-CEAFB2A53575}) (Version: 7.2.1.1 - Visix, Inc.) Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) calibre 64bit (HKLM\...\{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}) (Version: 0.9.22 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden ccc-core-static (x32 Version: 2010.0621.2137.36973 - ATI) Hidden ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057 - Cisco Systems, Inc.) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DecisionTools Suite 6.1 (HKLM-x32\...\{6E84E73B-E4A8-4489-935D-3C94401205CE}) (Version: 6.1.2 - Palisade Corporation) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft) Digidesign Audio Drivers 8.0.3 (HKLM-x32\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard) HP MediaSmart Webcam (x32 Version: 4.1.3024 - Hewlett-Packard) Hidden HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company) HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) K-Lite Codec Pack (64-bit) v4.1.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.1.0 - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.23 - Motorola Mobility) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility) Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden MOTOROLA MEDIA LINK (x32 Version: 1.8.0021.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden Mozilla Firefox 30.0 (x86 en-ZA) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-ZA)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MT Keys (HKLM-x32\...\MT Keys) (Version: - Trapper Data) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.72.0 - PS3 Media Server) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek) Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Sibelius 6 (HKLM-x32\...\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}) (Version: 6.0.0 - Sibelius Software) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation) WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation) WordPerfect Office X6 - Common Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Common Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - IPM (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Lightning Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Lightning Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Oxford (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Presentations Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Presentations Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - Setup Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - System Files (x32 Version: 16.1 - Corel Corporation) Hidden WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.3 - Corel Corporation) Hidden WordPerfect Office X6 - WT (x32 Version: 16.1 - Corel Corporation) Hidden WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation) WordPerfect Office X6 (x32 Version: 16.3 - Corel Corporation) Hidden Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Yamaha S90 XS / S70 XS Remote Tools 64bit (HKLM-x32\...\InstallShield_{52DC39B2-EF95-4697-B59F-7AC2A3920CE9}) (Version: 1.1.1 - Yamaha Corporation) Yamaha S90 XS / S70 XS Remote Tools 64bit (Version: 1.1.1 - Yamaha Corporation) Hidden Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{07A177E9-D9DE-4ECF-BE84-DD85F8FD11F8}) (Version: 3.1.1.1 - Yamaha Corporation) Yamaha USB-MIDI Driver (Version: 3.1.1.1 - Yamaha Corporation) Hidden Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team) ==================== Restore Points ========================= 25-11-2013 14:02:24 Windows Update 02-12-2013 13:55:43 Windows Update 18-12-2013 22:29:36 Windows Update 26-12-2013 22:12:41 Windows Update 01-01-2014 02:21:03 Windows Update 14-01-2014 10:45:55 avast! antivirus system restore point 14-01-2014 10:55:01 Windows Update 16-01-2014 12:00:18 Windows Update 21-01-2014 11:01:28 Windows Update 24-01-2014 11:55:53 Windows Update 28-01-2014 11:08:49 Windows Update 31-01-2014 21:17:58 Windows Update 04-02-2014 21:32:47 Windows Update 21-02-2014 17:04:45 Windows Update 21-02-2014 17:06:50 avast! antivirus system restore point 28-02-2014 21:00:22 Windows Update 04-03-2014 19:58:58 Windows Update 04-03-2014 20:25:22 Installed IBM SPSS Statistics 22. 11-03-2014 19:33:04 Windows Update 15-03-2014 20:51:29 Windows Update 19-03-2014 12:23:06 Windows Update 25-03-2014 19:10:51 Windows Update 25-03-2014 19:14:26 Installed Java 7 Update 51 25-03-2014 19:21:16 Removed Java 7 Update 51 25-03-2014 19:22:44 Installed Java 7 Update 51 25-03-2014 19:27:30 avast! antivirus system restore point 29-03-2014 00:36:42 Windows Update 29-03-2014 00:50:04 Removed Plex Media Server 29-03-2014 00:54:21 Installed HP Update. 29-03-2014 00:58:27 Removed Microsoft Xbox 360 Accessories 1.2 29-03-2014 00:59:33 Configured HP 29-03-2014 01:07:21 Removed League of Legends 29-03-2014 01:15:24 Removed Apple Software Update 29-03-2014 01:37:00 Removed HP Update. 10-04-2014 18:56:48 Windows Update 14-04-2014 16:25:21 Windows Update 14-04-2014 16:37:32 Removed Apple Application Support 18-04-2014 13:45:58 Windows Update 22-04-2014 19:25:53 Windows Update 01-05-2014 19:01:26 Windows Update 11-05-2014 17:46:41 Windows Update 04-06-2014 23:47:51 Windows Update 06-06-2014 00:05:42 Windows Update 19-06-2014 00:25:47 Windows Update 19-06-2014 00:55:32 avast! antivirus system restore point 02-07-2014 10:16:56 Windows Update 14-07-2014 20:24:20 avast! antivirus system restore point 14-07-2014 20:24:34 Windows Update 14-07-2014 20:32:19 Device Driver Package Install: Avast Network Service 15-07-2014 18:35:04 Windows Update 19-07-2014 12:46:52 Removed Avernum 6 19-07-2014 12:51:13 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-06-09 21:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {297D30E0-DE50-4FA1-A30A-0D64212449D5} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {39C5AAA4-B22B-4DEC-A52E-BC7374AF91D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {5976E64D-D9A2-4349-98A6-52CF2D006100} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.) Task: {5C2EBF56-10F2-4A20-A3EA-50F161C3F993} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {5C76FA63-7EE1-486B-B0C6-9FECC02B5872} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-20] () Task: {5E7D9DE0-E348-4B59-8B6D-E5A7EA08A0EA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {62CEAD70-7F63-4F05-84F8-F54A1C401F9D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {64A3B522-E0C8-48A9-A818-BD74C00747E5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink) Task: {65A64185-798E-4D3B-AE03-E95154947A21} - System32\Tasks\HPCeeScheduleForCarly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {B74843F8-65BF-4E08-BDCE-B7C468679A97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software) Task: {DB30A3E1-25C9-4E31-A979-9348F61B942A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] () Task: {F39750D2-B42E-4C9F-B5ED-F4727BEEF8FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17] (Google Inc.) Task: {FDF76454-27ED-4673-9E4A-8BB6562714B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForCarly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2010-06-10 21:12 - 2010-06-10 21:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-22 01:36 - 2010-06-22 01:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-07-14 16:30 - 2014-07-14 16:30 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-07-17 06:13 - 2014-07-17 06:13 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071700\algo.dll 2014-07-17 18:31 - 2014-07-17 18:31 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071701\algo.dll 2014-07-20 06:44 - 2014-07-20 06:44 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072000\algo.dll 2014-07-14 16:30 - 2014-07-14 16:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-07-17 18:32 - 2014-07-17 18:32 - 00043008 _____ () c:\users\carly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll 2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Carly\AppData\Roaming\Dropbox\bin\libcef.dll 2013-01-10 23:39 - 2013-01-10 23:39 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll 2011-01-05 13:11 - 2010-03-04 00:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-07-14 16:37 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-07-14 16:38 - 2014-06-05 09:58 - 14612296 _____ () C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll 2014-01-03 02:59 - 2014-02-10 13:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03842308.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03842308.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: DeviceMonitorService => 2 MSCONFIG\Services: DigiRefresh => 2 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MemeoBackgroundService => 2 MSCONFIG\Services: Motorola Device Manager => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PST Service => 2 MSCONFIG\Services: SeagateDashboardService => 2 MSCONFIG\Services: vcsFPService => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Evoluent Mouse Manager.lnk => C:\Windows\pss\Evoluent Mouse Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: chromium => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: Google Update => "C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: googletalk => C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/20/2014 06:45:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 20.7.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10f0 Start Time: 01cfa407a03fa2b3 Termination Time: 7 Application Path: C:\Users\Carly\Desktop\FRST64.exe Report Id: f75a7800-0ffa-11e4-ae9c-e02a8204f191 System errors: ============= Microsoft Office Sessions: ========================= Error: (07/20/2014 06:45:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe20.7.2014.010f001cfa407a03fa2b37C:\Users\Carly\Desktop\FRST64.exef75a7800-0ffa-11e4-ae9c-e02a8204f191 CodeIntegrity Errors: =================================== Date: 2013-06-09 21:49:28.573 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:28.144 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:27.735 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-09 21:49:27.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-08 21:55:29.907 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-08 21:55:29.590 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3893.86 MB Available physical RAM: 1683.3 MB Total Pagefile: 7785.86 MB Available Pagefile: 4295.02 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:441.79 GB) (Free:95.02 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive z: (RECOVERY) (Fixed) (Total:23.67 GB) (Free:3.46 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 522B6E86) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=24 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  9. Hi, I've been cleaning up my computer, which I think was infected with Sweetpacks. I ran Avast BootScan a couple times but it kept catching files that it could do nothing about (couldn't fix, quarantine, delete, etc.) and just had to leave there. So I'd appreciate some help cleaning up these persistent infections. Thanks! PS- Farbar did not make an addition.txt file. Hope that's not a problem. ----- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01Ran by Carly (administrator) on AKAI on 19-07-2014 09:10:28Running from C:\Users\Carly\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(AMD) C:\Windows\System32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\.DEFAULT\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [chromium] => C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)HKU\S-1-5-21-842231502-1118220138-2566208259-1000\...\Run: [Google Update] => C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.com [2014-05-03]FF Extension: Autofill Forms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpi [2011-07-08]FF Extension: Adblock Plus - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-13]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-01-08]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18] Chrome: =======CHR HomePage: hxxp://www.google.comCHR StartupUrls: ""CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Carly\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Talk Plugin) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No FileCHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-02-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-18]CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-17]CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-02-17]CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-17]CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2012-02-17]CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2012-06-07]CHR Extension: (Print this page with CleanPrint) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-01-10]CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2012-05-24]CHR Extension: (avast! Online Security) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-18]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17]CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia [2012-02-24]CHR Extension: (Eric Hamiter) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop [2012-05-24]CHR Extension: (Hootsuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2012-02-24]CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2012-10-18]CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2012-02-24]CHR Extension: (Google Wallet) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2012-06-11]CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2012-02-17]CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-17]CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]CHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-14] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-14] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-14] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-14] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-14] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 09:10 - 2014-07-19 09:10 - 00026182 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:08 - 2014-07-19 09:08 - 02086912 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-19 08:51 - 2014-07-19 08:54 - 00000000 ____D () C:\a04b450f43ebf626232014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-14 16:33 - 2014-07-17 06:17 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-07-14 16:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:30 - 2014-06-30 21:56 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-14 16:30 - 2014-06-30 21:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:25 - 2014-07-19 08:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= 2014-07-19 09:11 - 2014-07-19 09:10 - 00026182 _____ () C:\Users\Carly\Desktop\FRST.txt2014-07-19 09:10 - 2013-10-01 06:30 - 00000000 ____D () C:\FRST2014-07-19 09:10 - 2011-01-05 10:46 - 00000000 ____D () C:\Users\Carly2014-07-19 09:09 - 2012-10-09 08:39 - 00000000 ____D () C:\Users\Carly\Desktop\Sort Me2014-07-19 09:08 - 2014-07-19 09:08 - 02086912 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2014-07-19 08:57 - 2011-01-05 13:06 - 01660427 _____ () C:\Windows\WindowsUpdate.log2014-07-19 08:54 - 2014-07-19 08:51 - 00000000 ____D () C:\a04b450f43ebf626232014-07-19 08:50 - 2013-09-27 21:09 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-07-19 08:48 - 2012-02-17 21:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2014-07-19 08:45 - 2014-06-18 20:36 - 00000000 ____D () C:\Program Files (x86)\Max Remote Server2014-07-19 08:45 - 2012-02-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Last.fm2014-07-19 08:45 - 2011-01-06 23:33 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\uTorrent2014-07-19 08:38 - 2014-07-14 16:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-19 08:38 - 2014-06-18 20:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-07-19 08:38 - 2012-02-17 21:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2014-07-19 08:37 - 2011-10-11 23:50 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Dropbox2014-07-18 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing2014-07-17 18:44 - 2014-07-17 18:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-17 18:44 - 2014-07-17 18:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-17 18:44 - 2014-07-17 18:44 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-17 18:44 - 2014-06-18 20:49 - 00003271 _____ () C:\Windows\SecuniaPackage.log2014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-17 18:37 - 2009-07-14 00:45 - 00019232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-17 18:33 - 2014-03-25 15:07 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\DropboxMaster2014-07-17 18:33 - 2011-10-11 23:51 - 00000000 ___RD () C:\Users\Carly\Dropbox2014-07-17 18:30 - 2012-09-16 11:23 - 00065536 _____ () C:\Windows\system32\Ikeext.etl2014-07-17 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-17 18:29 - 2014-04-14 12:51 - 00002110 _____ () C:\Windows\setupact.log2014-07-17 06:20 - 2011-01-05 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-17 06:17 - 2014-07-14 16:33 - 00002222 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk2014-07-15 17:01 - 2011-07-17 10:21 - 00000000 ____D () C:\Users\Carly\Documents\Downloads torrents2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-15 14:46 - 2013-07-16 16:56 - 00000000 ____D () C:\Windows\system32\MRT2014-07-15 14:37 - 2011-01-06 23:26 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-15 14:37 - 2011-01-05 10:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-15 14:34 - 2011-02-11 22:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarly2014-07-15 14:34 - 2011-02-11 22:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarly.job2014-07-14 16:52 - 2014-04-14 12:50 - 00350006 _____ () C:\Windows\PFRO.log2014-07-14 16:38 - 2012-02-17 21:25 - 00002360 _____ () C:\Users\Carly\Desktop\Google Chrome.lnk2014-07-14 16:33 - 2014-06-18 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-14 16:32 - 2014-06-18 20:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-14 16:31 - 2014-07-14 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-14 16:31 - 2014-06-18 20:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-14 16:31 - 2014-06-18 20:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-14 16:31 - 2014-06-18 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-14 16:30 - 2014-07-14 16:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys2014-07-14 16:28 - 2014-07-14 16:28 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys2014-07-14 16:24 - 2014-07-14 16:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\Malwarebytes2014-07-14 16:24 - 2011-01-05 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-11 06:57 - 2014-07-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-11 06:57 - 2014-07-11 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-11 06:55 - 2014-03-11 14:55 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-07-02 06:24 - 2013-04-12 20:49 - 00000000 ____D () C:\Users\Carly\AppData\Roaming\vlc2014-07-02 06:21 - 2012-02-17 21:24 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA2014-07-02 06:21 - 2012-02-17 21:24 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core2014-06-30 21:56 - 2014-07-14 16:30 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-06-30 21:50 - 2014-07-14 16:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynh231.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-01-21 08:13 ==================== End Of Log ============================
  10. JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.3 (09.27.2013:1)OS: Windows 7 Home Premium x64Ran by Carly on Sun 09/29/2013 at 14:12:54.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-842231502-1118220138-2566208259-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnltSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-842231502-1118220138-2566208259-1000\Software\SweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnltSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacks_conduit_942013_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacks_conduit_942013_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sweetpacks_conduit_942013_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\sweetpacks_conduit_942013_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8D27771-4B0B-4E5F-916B-7F97C4289609}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit"Successfully deleted: [Folder] "C:\Users\Carly\AppData\Roaming\searchprotect"Successfully deleted: [Folder] "C:\Users\Carly\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Carly\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\Carly\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt" ~~~ FireFox Successfully deleted: [File] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\searchplugins\conduit.xmlSuccessfully deleted: [File] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\searchplugins\mystart search.xmlSuccessfully deleted: [Folder] C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}Successfully deleted the following from C:\Users\Carly\AppData\Roaming\mozilla\firefox\profiles\n32yrfor.default\prefs.js user_pref("CT3310511.smartbar.homepage", "true");user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");user_pref("smartbar.addressBarOwnerCTID", "CT3310511");user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");user_pref("smartbar.homePageOwnerCTID", "CT3310511");user_pref("smartbar.machineId", "QHDQWOCAJAJZ88OX9IGMR5UFXYLHBXPX8OEVPEEUT1UGNQOOPJEZJKLJCT5GVAB0VZJTM55GSL5EXAKUERTWCQ"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 09/29/2013 at 14:29:54.04End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adware # AdwCleaner v3.005 - Report created 29/09/2013 at 20:20:18# Updated 22/09/2013 by Xplode# Operating System : Windows 7 Home Premium (64 bits)# Username : Carly - AKAI# Running from : C:\Users\Carly\Desktop\AdwCleaner (2).exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\searchplugins\Sweetpacks Search.xmlFile Found : C:\Windows\System32\dmwu.exeFile Found : C:\Windows\System32\ImhxxpComm.dll ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjKey Found : [x64] HKLM\SOFTWARE\WNLT ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v22.0 (en-ZA) [ File : C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\prefs.js ] Line Found : user_pref("CT3310511.FF19Solved", "true");Line Found : user_pref("CT3310511.UserID", "UN39354158367718426");Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");Line Found : user_pref("CT3310511.fullUserID", "UN39354158367718426.IN.20130918213730");Line Found : user_pref("CT3310511.installDate", "18/09/2013 21:37:44");Line Found : user_pref("CT3310511.installSessionId", "{DD07723D-9B38-4B0E-94EA-F3AF255CBE2B}");Line Found : user_pref("CT3310511.installSp", "TRUE");Line Found : user_pref("CT3310511.installerVersion", "1.7.0.9");Line Found : user_pref("CT3310511.keyword", "true");Line Found : user_pref("CT3310511.originalHomepage", "about:home");Line Found : user_pref("CT3310511.originalSearchAddressUrl", "");Line Found : user_pref("CT3310511.originalSearchEngine", "");Line Found : user_pref("CT3310511.originalSearchEngineName", "");Line Found : user_pref("CT3310511.searchRevert", "false");Line Found : user_pref("CT3310511.searchUserMode", "2");Line Found : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");Line Found : user_pref("CT3310511.xpeMode", "0"); -\\ Google Chrome v [ File : C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage ************************* AdwCleaner[R0].txt - [2379 octets] - [29/09/2013 15:02:35]AdwCleaner[R1].txt - [2439 octets] - [29/09/2013 20:17:01]AdwCleaner[R2].txt - [2355 octets] - [29/09/2013 20:20:18] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2415 octets] ########## ESCAN ----- C:\$RECYCLE.BIN\S-1-5-21-842231502-1118220138-2566208259-1000\$REBBOHE.exe a variant of Win32/InstallIQ.A applicationC:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A applicationC:\Users\Carly\Documents\Downloads torrents\advancedwordperfectofficepasswordrecovery-setup.exe Win32/DownloadAdmin.G application ----------FRST---------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02Ran by Carly (administrator) on AKAI on 01-10-2013 06:30:38Running from C:\Users\Carly\DesktopWindows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(AMD) C:\Windows\system32\atieclxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Dropbox, Inc.) C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Users\Carly\Desktop\AdwCleaner (2).exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe(Google Inc.) C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-01-25] (IDT, Inc.)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [chromium] - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-16] (Google Inc.)HKCU\...\Run: [Google Update] - C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-17] (Google Inc.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)HKLM-x32\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)HKLM-x32\...\Run: [QuickFinder Scheduler] - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [156032 2013-02-13] (Corel Corporation)Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F9614C05255CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM-x32 - DefaultScope {C8D27771-4B0B-4E5F-916B-7F97C4289609} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)BHO-x32: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Carly\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF SearchPlugin: C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\searchplugins\Sweetpacks Search.xmlFF Extension: LastPass - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\support@lastpass.comFF Extension: autofillForms - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\autofillForms@blueimp.net.xpiFF Extension: No Name - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\ef31e476840d0876b6438832615c696ec3d95eee5ebf38385fa5a73d856baed6_lp.keyFF Extension: No Name - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR Extension: (Google Drive) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0CHR Extension: (Google Search) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Aviary Image Editor) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo\0.0.1.0_0CHR Extension: (Read Later Fast) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0CHR Extension: ( "name": "Print this page with CleanPrint") - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.7.0_0CHR Extension: (Print Selection) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0CHR Extension: (LastPass) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0CHR Extension: (Readability Redux) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia\1.3.4_0CHR Extension: ( "name": "Eric Hamiter") - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop\1.0_0CHR Extension: (HootSuite) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0CHR Extension: (Autofill) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (Print Friendly & PDF) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0CHR Extension: (Gmail) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR Extension: (RSS Feed Reader) - C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Carly\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crxCHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crxCHR StartMenuInternet: Google Chrome - C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)S4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-07-17] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-19] (Avid, Inc. All rights reserved.)S3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)S3 iscFlash; C:\SwSetup\sp50824\iscflashx64.sys [45632 2010-09-15] (Insyde Software)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-19] (Avid, Inc. All rights reserved.)S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-19] (Avid, Inc. All rights reserved.)S3 PcaSp60; C:\Windows\SysWow64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 06:30 - 2013-10-01 06:30 - 00000000 ____D C:\FRST2013-09-30 06:46 - 2013-09-30 06:46 - 01953880 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2013-09-30 06:37 - 2013-09-30 06:37 - 00000355 _____ C:\Users\Carly\Desktop\escan.txt2013-09-29 20:22 - 2013-09-29 20:22 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2013-09-29 20:21 - 2013-09-29 20:21 - 00002499 _____ C:\Users\Carly\Desktop\AdwCleaner[R2].txt2013-09-29 20:19 - 2013-09-29 20:20 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner.exe2013-09-29 15:02 - 2013-09-29 20:20 - 00000000 ____D C:\AdwCleaner2013-09-29 15:02 - 2013-09-29 15:02 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (2).exe2013-09-29 14:29 - 2013-09-29 14:29 - 00006914 _____ C:\Users\Carly\Desktop\JRT.txt2013-09-28 21:47 - 2013-09-28 21:48 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (1).exe2013-09-28 21:45 - 2013-09-28 21:46 - 01030305 _____ (Thisisu) C:\Users\Carly\Desktop\JRT.exe2013-09-28 21:29 - 2013-09-28 21:44 - 00000000 ____D C:\Users\Carly\Desktop\mbar2013-09-28 21:29 - 2013-09-28 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-28 21:28 - 2013-09-28 21:29 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Carly\Desktop\mbar-1.07.0.1005.exe2013-09-27 21:17 - 2013-09-27 21:17 - 00002296 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211750.txt2013-09-27 21:14 - 2013-09-27 21:14 - 00000000 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211358.txt2013-09-27 21:10 - 2013-09-27 21:10 - 03812352 _____ C:\Users\Carly\Desktop\RogueKillerX64.exe2013-09-27 21:09 - 2013-09-27 21:09 - 00000905 _____ C:\Users\Carly\Desktop\ERUNT.lnk2013-09-27 21:09 - 2013-09-27 21:09 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-27 21:08 - 2013-09-27 21:08 - 00791393 _____ (Lars Hederer ) C:\Users\Carly\Desktop\erunt-setup.exe2013-09-27 21:05 - 2013-09-27 21:08 - 00002358 _____ C:\Users\Carly\Desktop\Rkill.txt2013-09-27 21:02 - 2013-09-27 21:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Carly\Desktop\rkill.exe2013-09-27 21:00 - 2013-09-27 21:02 - 00000000 ____D C:\13add062afcc81b47d5db7852013-09-25 07:45 - 2013-09-30 06:36 - 00000224 _____ C:\Windows\setupact.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000414 _____ C:\Windows\PFRO.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000000 _____ C:\Windows\setuperr.log2013-09-25 06:32 - 2013-09-25 06:32 - 00054392 _____ C:\Users\Carly\Documents\cc_20130925_063248.reg2013-09-22 19:59 - 2013-09-22 19:59 - 00000000 ____D C:\Windows\system32\ljkb2013-09-18 21:36 - 2013-09-15 08:33 - 01762608 _____ C:\Windows\system32\dmwu.exe2013-09-18 21:36 - 2013-09-15 08:27 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll2013-09-18 21:32 - 2013-09-18 21:37 - 00000183 _____ C:\Windows\awopr.ini2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft2013-09-04 21:51 - 2013-09-04 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache2013-09-04 21:19 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\Documents\Working Files2013-09-04 21:16 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Corel2013-09-04 21:16 - 2013-09-04 21:19 - 00000000 ____D C:\ProgramData\Protexis2013-09-04 21:08 - 2013-09-04 21:08 - 00002378 _____ C:\Users\Public\Desktop\WordPerfect X6.lnk2013-09-04 21:06 - 2013-09-04 21:08 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office2013-09-04 21:05 - 2013-09-04 21:07 - 00000000 ____D C:\ProgramData\Corel2013-09-04 21:05 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Borland2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Program Files (x86)\Corel2013-09-04 21:02 - 2013-09-04 21:12 - 00000000 ____D C:\ProgramData\WordPerfect Office X6 ==================== One Month Modified Files and Folders ======= 2013-10-01 06:31 - 2013-04-12 20:49 - 00000000 ____D C:\Users\Carly\AppData\Roaming\vlc2013-10-01 06:30 - 2013-10-01 06:30 - 00000000 ____D C:\FRST2013-10-01 06:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing2013-10-01 06:06 - 2012-02-17 21:24 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job2013-10-01 06:01 - 2013-04-07 07:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-01 05:20 - 2011-01-05 13:06 - 01105971 _____ C:\Windows\WindowsUpdate.log2013-09-30 17:29 - 2011-10-11 23:50 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Dropbox2013-09-30 17:06 - 2012-02-17 21:24 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job2013-09-30 06:48 - 2013-04-12 20:49 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-09-30 06:46 - 2013-09-30 06:46 - 01953880 _____ (Farbar) C:\Users\Carly\Desktop\FRST64.exe2013-09-30 06:37 - 2013-09-30 06:37 - 00000355 _____ C:\Users\Carly\Desktop\escan.txt2013-09-30 06:36 - 2013-09-25 07:45 - 00000224 _____ C:\Windows\setupact.log2013-09-29 20:22 - 2013-09-29 20:22 - 02347384 _____ (ESET) C:\Users\Carly\Desktop\esetsmartinstaller_enu.exe2013-09-29 20:21 - 2013-09-29 20:21 - 00002499 _____ C:\Users\Carly\Desktop\AdwCleaner[R2].txt2013-09-29 20:20 - 2013-09-29 20:19 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner.exe2013-09-29 20:20 - 2013-09-29 15:02 - 00000000 ____D C:\AdwCleaner2013-09-29 15:02 - 2013-09-29 15:02 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (2).exe2013-09-29 14:29 - 2013-09-29 14:29 - 00006914 _____ C:\Users\Carly\Desktop\JRT.txt2013-09-29 14:28 - 2011-10-11 23:51 - 00000000 ___RD C:\Users\Carly\Dropbox2013-09-28 21:48 - 2013-09-28 21:47 - 01042066 _____ C:\Users\Carly\Desktop\AdwCleaner (1).exe2013-09-28 21:46 - 2013-09-28 21:45 - 01030305 _____ (Thisisu) C:\Users\Carly\Desktop\JRT.exe2013-09-28 21:44 - 2013-09-28 21:29 - 00000000 ____D C:\Users\Carly\Desktop\mbar2013-09-28 21:44 - 2013-09-28 21:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-28 21:29 - 2013-09-28 21:28 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Carly\Desktop\mbar-1.07.0.1005.exe2013-09-27 21:17 - 2013-09-27 21:17 - 00002296 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211750.txt2013-09-27 21:16 - 2013-06-11 07:03 - 00000000 ____D C:\Users\Carly\Desktop\RK_Quarantine2013-09-27 21:14 - 2013-09-27 21:14 - 00000000 _____ C:\Users\Carly\Desktop\RKreport[0]_S_09272013_211358.txt2013-09-27 21:14 - 2012-10-09 08:39 - 00000000 ____D C:\Users\Carly\Desktop\Sort Me2013-09-27 21:10 - 2013-09-27 21:10 - 03812352 _____ C:\Users\Carly\Desktop\RogueKillerX64.exe2013-09-27 21:10 - 2013-06-08 21:31 - 00000000 ____D C:\Windows\erdnt2013-09-27 21:09 - 2013-09-27 21:09 - 00000905 _____ C:\Users\Carly\Desktop\ERUNT.lnk2013-09-27 21:09 - 2013-09-27 21:09 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-27 21:08 - 2013-09-27 21:08 - 00791393 _____ (Lars Hederer ) C:\Users\Carly\Desktop\erunt-setup.exe2013-09-27 21:08 - 2013-09-27 21:05 - 00002358 _____ C:\Users\Carly\Desktop\Rkill.txt2013-09-27 21:02 - 2013-09-27 21:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Carly\Desktop\rkill.exe2013-09-27 21:02 - 2013-09-27 21:00 - 00000000 ____D C:\13add062afcc81b47d5db7852013-09-27 06:43 - 2012-07-06 12:46 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update2013-09-25 07:53 - 2009-07-14 00:45 - 00019232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-25 07:53 - 2009-07-14 00:45 - 00019232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-25 07:45 - 2013-09-25 07:45 - 00000414 _____ C:\Windows\PFRO.log2013-09-25 07:45 - 2013-09-25 07:45 - 00000000 _____ C:\Windows\setuperr.log2013-09-25 07:45 - 2012-09-16 11:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl2013-09-25 07:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-25 06:32 - 2013-09-25 06:32 - 00054392 _____ C:\Users\Carly\Documents\cc_20130925_063248.reg2013-09-25 06:23 - 2013-06-11 21:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-09-25 06:23 - 2012-10-09 09:34 - 00000000 ____D C:\Program Files\CCleaner2013-09-25 06:11 - 2013-01-26 16:07 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Skype2013-09-22 19:59 - 2013-09-22 19:59 - 00000000 ____D C:\Windows\system32\ljkb2013-09-22 08:48 - 2009-07-14 00:45 - 00457816 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-20 20:05 - 2011-01-05 11:14 - 00000000 _____ C:\Windows\SysWOW64\config.nt2013-09-20 20:04 - 2012-02-17 21:25 - 00002360 _____ C:\Users\Carly\Desktop\Google Chrome.lnk2013-09-20 19:58 - 2013-05-14 21:02 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-09-20 19:58 - 2013-04-07 07:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-09-20 19:58 - 2012-05-19 10:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-20 19:58 - 2011-05-13 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-19 06:55 - 2013-07-16 16:56 - 00000000 ____D C:\Windows\system32\MRT2013-09-19 06:53 - 2011-01-06 23:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-19 06:53 - 2011-01-05 10:51 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-18 21:37 - 2013-09-18 21:32 - 00000183 _____ C:\Windows\awopr.ini2013-09-18 21:36 - 2011-01-05 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-18 21:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources2013-09-18 21:33 - 2011-07-17 10:21 - 00000000 ____D C:\Users\Carly\Documents\Downloads torrents2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-18 21:31 - 2013-09-18 21:31 - 00000000 ____D C:\Program Files (x86)\Elcomsoft2013-09-15 08:33 - 2013-09-18 21:36 - 01762608 _____ C:\Windows\system32\dmwu.exe2013-09-15 08:27 - 2013-09-18 21:36 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll2013-09-09 04:54 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll2013-09-09 04:54 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll2013-09-04 21:52 - 2011-01-06 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-09-04 21:51 - 2013-09-04 21:51 - 00000000 ____D C:\Program Files (x86)\MSECache2013-09-04 21:19 - 2013-09-04 21:19 - 00000000 ____D C:\Users\Carly\Documents\Working Files2013-09-04 21:19 - 2013-09-04 21:16 - 00000000 ____D C:\Users\Carly\AppData\Roaming\Corel2013-09-04 21:19 - 2013-09-04 21:16 - 00000000 ____D C:\ProgramData\Protexis2013-09-04 21:16 - 2011-01-05 10:47 - 00133520 _____ C:\Users\Carly\AppData\Local\GDIPFONTCACHEV1.DAT2013-09-04 21:12 - 2013-09-04 21:02 - 00000000 ____D C:\ProgramData\WordPerfect Office X62013-09-04 21:08 - 2013-09-04 21:08 - 00002378 _____ C:\Users\Public\Desktop\WordPerfect X6.lnk2013-09-04 21:08 - 2013-09-04 21:06 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office2013-09-04 21:07 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Corel2013-09-04 21:05 - 2013-09-04 21:05 - 00000000 ____D C:\ProgramData\Borland2013-09-04 21:04 - 2013-09-04 21:04 - 00000000 ____D C:\Program Files (x86)\Corel2013-09-02 20:46 - 2011-02-11 22:28 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCarly2013-09-02 20:46 - 2011-02-11 22:28 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCarly.job2013-09-02 20:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF Some content of TEMP:====================C:\Users\Carly\AppData\Local\Temp\Quarantine.exeC:\Users\Carly\AppData\Local\Temp\tbSwee.dllC:\Users\Carly\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-22 10:30 ==================== End Of Log ============================
  11. MBAR: Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.org Database version: v2013.09.29.01 Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Carly :: AKAI [administrator] 9/28/2013 9:29:50 PMmbar-log-2013-09-28 (21-29-50).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 237526Time elapsed: 12 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) --- ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Z:\ DRIVE_FIXEDCPU speed: 2.666000 GHzMemory total: 4083007488, free: 2158714880 Downloaded database version: v2013.09.29.01Downloaded database version: v2013.09.23.01=======================================Initializing...------------ Kernel report ------------ 09/28/2013 21:29:47------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\Tpkd.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\system32\DRIVERS\igdpmd64.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\mcdbus.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\drivers\EvoMouseDriverMini.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtiHdmi.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\DRIVERS\diginet.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\bcbtums.sys\SystemRoot\system32\drivers\btwampfl.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msvcrt.dll\Windows\System32\msctf.dll\Windows\System32\sechost.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\iertutil.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\imagehlp.dll\Windows\System32\ole32.dll\Windows\System32\oleaut32.dll\Windows\System32\nsi.dll\Windows\System32\advapi32.dll\Windows\System32\difxapi.dll\Windows\System32\user32.dll\Windows\System32\lpk.dll\Windows\System32\ws2_32.dll\Windows\System32\setupapi.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\comdlg32.dll\Windows\System32\shlwapi.dll\Windows\System32\shell32.dll\Windows\System32\normaliz.dll\Windows\System32\urlmon.dll\Windows\System32\usp10.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\devobj.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80052aa060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004fe1050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80052aab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005148b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8004fe1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 522B6E86 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 926502912 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 926912512 Numsec = 49647616 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished
  12. Hi, still here, thanks for responding. Rkill: ----------------- Rkill 2.6.1 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/27/2013 09:05:33 PM in x64 mode.Windows Version: Windows 7 Home Premium Checking for Windows services to stop: * CltMngSvc Stopped. [Win32/Conduit.SearchProtect.B] 1 service stopped! Checking for processes to terminate: * C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe (PID: 3676) [Win32/Conduit.SearchProtect.B] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/27/2013 09:08:10 PMExecution time: 0 hours(s), 2 minute(s), and 36 seconds(s) ----------------- Rogue Killer: ---------------------------- RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Carly [Admin rights]Mode : Scan -- Date : 09/27/2013 21:17:50| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-842231502-1118220138-2566208259-1000\[...]\Run : SearchProtect (C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000BEKT-60KA9T0 +++++--- User ---[MBR] 9bdad52c1874e6b314da49586bab4b93[bSP] b1a760fd9f8733710c7c58d4a82a9c2b : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452394 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926912512 | Size: 24242 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09272013_211750.txt >>RKreport[0]_S_09272013_211358.txt
  13. I have an HP Pavilion dm4 laptop. It's infected with Sweetpacks. Symptoms: slow computer, secunia won't work (scans but no results), browser hijacking returns every time I reopen the browser (even after changing settings), toolbar and some other sweetpacks software found and removed in programs through control panel. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.25.2Run by Carly at 6:19:02 on 2013-09-25Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1148 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Windows\system32\BtwRSupportService.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files (x86)\Secunia\PSI\psi_tray.exeC:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exec:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\taskhost.exeC:\Windows\system32\dmwu.exeC:\Windows\SysWOW64\jmdp\stij.exeC:\Windows\System32\ljkb\stij.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [chromium] C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-windowuRun: [Google Update] "C:\Users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [searchProtect] C:\Users\Carly\AppData\Roaming\SearchProtect\bin\cltmng.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE"mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exedRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunStartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htmIE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htmIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillformsIE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.htaIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9}\B6377657563747 : DHCPNameServer = 192.168.102.1TCP: Interfaces\{F46D50B8-B71F-4899-89DD-3316C259A8D9}\D4E254E202357594E474 : DHCPNameServer = 192.168.10.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\FF - prefs.js: browser.search.selectedEngine - SweetPacks Customized Web SearchFF - ExtSQL: !HIDDEN! 2013-01-20 19:14; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-3 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-3 204880]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-15 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-5 378944]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-25 89600]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-5 203264]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-5 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-5 80816]R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-1-6 21520]R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-5 39464]R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\System32\drivers\EvoMouseDriverMini.sys [2010-6-23 22584]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-5 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-5 158976]R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-5 10342240]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-1-5 25928]S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-6-7 107432]S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-25 40448]S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2011-1-6 139792]S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144]S3 iscFlash;iscFlash;C:\SwSetup\sp50824\iscflashx64.sys [2010-9-15 45632]S3 MBX2DFU;MBX2DFU;C:\Windows\System32\drivers\mbx2dfu.sys [2011-1-6 31120]S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2011-1-6 32400]S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2011-12-26 38912]S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-5 349800]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-5-10 49256]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120].=============== Created Last 30 ================.2013-09-25 10:08:03 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC53A696-6DAB-49BE-8F2A-935369853736}\offreg.dll2013-09-25 10:04:16 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC53A696-6DAB-49BE-8F2A-935369853736}\mpengine.dll2013-09-25 10:04:15 -------- d-----w- C:\5d3c41e13493b3d46c5d789a1fff2013-09-25 10:01:49 -------- d-----w- C:\a60c8e1dbae6f4daf82c69f0db2e072013-09-22 23:59:15 -------- d-----w- C:\Windows\System32\ljkb2013-09-22 23:59:14 -------- d-----w- C:\Windows\SysWow64\jmdp2013-09-19 01:39:56 -------- d-----w- C:\ProgramData\Conduit2013-09-19 01:39:52 -------- d-----w- C:\Users\Carly\AppData\Local\Conduit2013-09-19 01:39:01 -------- d-----w- C:\Users\Carly\AppData\Local\CRE2013-09-19 01:38:59 -------- d-----w- C:\Program Files (x86)\Conduit2013-09-19 01:38:07 -------- d-----w- C:\Program Files (x86)\SearchProtect2013-09-19 01:37:54 -------- d-----w- C:\Users\Carly\AppData\Roaming\SearchProtect2013-09-19 01:36:29 -------- d-----w- C:\Windows\SysWow64\ARFC2013-09-19 01:36:28 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll2013-09-19 01:36:28 1762608 ----a-w- C:\Windows\System32\dmwu.exe2013-09-19 01:36:26 -------- d-----w- C:\Windows\SysWow64\WNLT2013-09-19 01:31:45 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery2013-09-19 01:31:45 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery2013-09-19 01:31:45 -------- d-----w- C:\Program Files (x86)\Elcomsoft2013-09-05 01:51:23 -------- d-----w- C:\Program Files (x86)\MSECache2013-09-05 01:16:52 -------- d-----w- C:\ProgramData\Protexis2013-09-05 01:07:54 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis2013-09-05 01:06:04 -------- d-----w- C:\Program Files (x86)\Common Files\Corel2013-09-05 01:05:46 -------- d-----w- C:\ProgramData\Corel2013-09-05 01:05:27 -------- d-----w- C:\ProgramData\Borland2013-09-05 01:05:27 -------- d-----w- C:\Program Files (x86)\Common Files\Borland Shared2013-09-05 01:04:45 -------- d-----w- C:\Program Files (x86)\Corel2013-09-05 01:02:15 -------- d-----w- C:\ProgramData\WordPerfect Office X6.==================== Find3M ====================.2013-09-20 23:58:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-20 23:58:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-20 23:58:02 3723656 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-09-09 08:54:22 829264 ----a-w- C:\Windows\System32\msvcr100.dll2013-09-09 08:54:22 608080 ----a-w- C:\Windows\System32\msvcp100.dll2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-10 00:02:14 66264 ----a-w- C:\Windows\System32\btwdi.dll2013-08-10 00:02:14 2232024 ----a-w- C:\Windows\System32\BcmBtRSupport.dll2013-08-10 00:02:14 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys2013-08-10 00:02:14 166104 ----a-w- C:\Windows\System32\drivers\btwampfl.sys2013-08-10 00:02:12 2252504 ----a-w- C:\Windows\System32\BtwRSupportService.exe2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-07-03 08:32:42 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys2013-06-30 17:07:55 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-30 17:07:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-30 17:07:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll.============= FINISH: 6:24:36.93 =============== -------------------- .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 1/5/2011 9:46:10 AMSystem Uptime: 9/22/2013 8:47:52 AM (70 hours ago).Motherboard: Hewlett-Packard | | 1603Processor: Intel® Core i5 CPU M 580 @ 2.67GHz | CPU | 2667/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 442 GiB total, 87.223 GiB free.E: is CDROM ()G: is CDROM ()Z: is FIXED (NTFS) - 24 GiB total, 3.459 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Device ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64PNP Device ID: ROOT\NET\0000Service: vpnva.==== System Restore Points ===================.RP276: 6/8/2013 12:02:00 PM - Revo Uninstaller's restore point - SteamRP277: 6/8/2013 12:02:29 PM - Removed SteamRP278: 6/8/2013 12:15:26 PM - Revo Uninstaller's restore point - iThink 10.0 TrialRP279: 6/12/2013 8:29:02 PM - Windows UpdateRP280: 6/18/2013 9:43:52 PM - Restore OperationRP281: 6/18/2013 9:54:58 PM - Windows UpdateRP282: 6/18/2013 10:01:21 PM - Removed BonjourRP283: 6/30/2013 12:47:54 PM - Windows UpdateRP284: 6/30/2013 12:52:05 PM - Windows UpdateRP285: 7/9/2013 5:24:55 PM - Windows UpdateRP286: 7/9/2013 5:40:35 PM - Windows UpdateRP287: 7/16/2013 4:54:57 PM - Windows UpdateRP288: 7/22/2013 2:29:47 PM - Windows UpdateRP289: 8/1/2013 10:06:51 AM - Windows UpdateRP290: 8/10/2013 8:44:45 AM - Windows UpdateRP291: 8/18/2013 9:39:28 PM - Windows UpdateRP292: 8/24/2013 11:51:22 AM - Windows UpdateRP293: 8/25/2013 10:37:30 AM - Windows UpdateRP294: 8/27/2013 8:15:35 AM - Windows UpdateRP295: 8/27/2013 8:26:38 AM - Windows UpdateRP296: 9/3/2013 8:37:58 PM - Scheduled CheckpointRP297: 9/4/2013 9:51:25 PM - Installed Compatibility Pack for the 2007 Office systemRP298: 9/16/2013 6:10:47 AM - Windows UpdateRP299: 9/18/2013 9:31:01 PM - Installed Advanced WordPerfect Office Password RecoveryRP300: 9/19/2013 6:51:20 AM - Windows UpdateRP301: 9/25/2013 6:01:19 AM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components InstallerActiveCheck component for HP Active Support LibraryAdobe Acrobat X Pro - English, Français, DeutschAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)Advanced WordPerfect Office Password RecoveryAIFF MP3 Converter v3.3 build 1049AIO_ScanAlcor Micro USB Card ReaderApple Application SupportApple Software UpdateApplication ProfilesASUS RT-N56U Wireless Router UtilitiesATI Catalyst Install Manageravast! Free AntivirusAvernum 6AxisTV DesktopBroadcom 2070 Bluetooth 3.0Broadcom 802.11 Wireless LAN AdapterBufferChmC4200c4200_Helpcalibre 64bitCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility Client Compatibility Pack for the 2007 Office systemCopyD-Fend Reloaded 1.3.1 (deinstall)DecisionTools Suite 6.1Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDestinationsDeviceDiscoveryDigidesign Audio Drivers 8.0.3DocProcDropboxeRegESET Online Scanner v3ESU for Microsoft Windows 7Evoluent Mouse ManagerGoogle ChromeGPBaseService2HP 3D DriveGuardHP Customer Experience EnhancementsHP Imaging Device Functions 13.0HP MediaSmart WebcamHP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1HP Quick LaunchHP Smart Web Printing 4.51HP Software FrameworkHP Solution Center 13.0HP UpdateHP Wireless AssistantHPAsset component for HP Active Support LibraryHPPhotoGadgetHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHPSSupplyIB Updater ServiceIDT AudioIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverInterlok driver setup x64Java 7 Update 25K-Lite Codec Pack (64-bit) v4.1.0Last.fm 1.5.4.27091LastPass (uninstall only)League of LegendsLogitech SetPoint 6.20MagicDisc 2.7.106Malwarebytes Anti-Malware version 1.75.0.1300Media Player Classic - Home Cinema v1.5.0.2827MediaMonkey 4.0Microsoft .NET Framework 4 Client ProfileMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMicrosoft Xbox 360 Accessories 1.2MotoCastMotoHelper MergeModulesMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.9.0Movie Theme Pack for HP MediaSmart VideoMozilla Firefox 22.0 (x86 en-ZA)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MT KeysOCR Software by I.R.I.S. 13.0Plex Media ServerProject64 1.6PS_AIO_Software_minPS3 Media ServerPX Profile UpdateQuickTimeRealtek Ethernet Controller DriverRecovery ManagerScanScrivenerSeagate DashboardSearch Protect by conduitSecunia PSI (3.0.0.7011)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Shop for HP SuppliesSibelius 6Sideload Wonder MachineSkype™ 6.3SmartWebPrintingSolutionCenterSpywareBlaster 5.0StatusSynaptics Pointing Device DriverToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionValidity Sensors DDKVensim PLEVLC media player 2.0.7WebRegWinRAR 5.00 beta 7 (64-bit)WordPerfect Office IFilter 32-bitWordPerfect Office IFilter 64-bitWordPerfect Office X6WordPerfect Office X6 - Common FilesWordPerfect Office X6 - Common Files EnglishWordPerfect Office X6 - IPMWordPerfect Office X6 - Lightning FilesWordPerfect Office X6 - Lightning Files EnglishWordPerfect Office X6 - OxfordWordPerfect Office X6 - Presentations FilesWordPerfect Office X6 - Presentations Files EnglishWordPerfect Office X6 - Quattro Pro FilesWordPerfect Office X6 - Quattro Pro Files EnglishWordPerfect Office X6 - Setup FilesWordPerfect Office X6 - System FilesWordPerfect Office X6 - WordPerfect FilesWordPerfect Office X6 - WordPerfect Files EnglishWordPerfect Office X6 - WTYahoo! DetectYamaha S90 XS / S70 XS Remote Tools 64bitYamaha USB-MIDI DriverZip Motion Block Video codec (Remove Only).==== Event Viewer Messages From Past Week ========.9/25/2013 6:04:34 AM, Error: Service Control Manager [7000] - The Secunia PSI Agent service failed to start due to the following error: The system cannot find the file specified.9/22/2013 8:48:58 AM, Error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified..==== End Of File ===========================
  14. No problems running the software. The only weird thing I've noticed is that in Explorer, when browsing my computer or trying to save a file, when I hit the little dropdown carrot to the right of the navigation bar and left of the refresh button (it has the hover text "previous locations") it gives a blank menu instead of the usual options (like desktop, locations on the computer, etc). See attached pic. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:54:36 PM, on 6/11/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Carly\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [chromium] C:\Users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window O4 - HKUS\S-1-5-18\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: Dropbox.lnk = Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13962 bytes
  15. Here's mb's report: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.11.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Carly :: AKAI [administrator] 6/11/2013 9:49:40 PM mbam-log-2013-06-11 (21-49-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213305 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  16. And the third: ActiveCheck component for HP Active Support Library Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) AIFF MP3 Converter v3.3 build 1049 AIO_Scan Alcor Micro USB Card Reader Apple Application Support Apple Software Update Application Profiles ASUS RT-N56U Wireless Router Utilities avast! Free Antivirus Avernum 6 AxisTV Desktop BufferChm C4200 c4200_Help Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Copy D-Fend Reloaded 1.3.1 (deinstall) Destinations DeviceDiscovery Digidesign Audio Drivers 8.0.3 DocProc Dropbox eReg ESET Online Scanner v3 ESU for Microsoft Windows 7 Google Chrome GPBaseService2 HP Customer Experience Enhancements HP MediaSmart Webcam HP Quick Launch HP Software Framework HP Update HPAsset component for HP Active Support Library HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Java 7 Update 21 Java Auto Updater Java 6 Update 45 Last.fm 1.5.4.27091 LastPass (uninstall only) League of Legends MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.75.0.1300 Media Player Classic - Home Cinema v1.5.0.2827 MediaMonkey 4.0 Memeo Instant Backup Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime MotoCast MotoHelper MergeModules Motorola Device Manager Motorola Device Software Update MOTOROLA MEDIA LINK Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MT Keys Plex Media Server Project64 1.6 PS_AIO_Software_min PS3 Media Server PX Profile Update QuickTime Realtek Ethernet Controller Driver Recovery Manager Scan Scrivener Seagate Dashboard Secunia PSI (3.0.0.7009) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Sibelius 6 Sideload Wonder Machine Skype™ 6.3 SmartWebPrinting SolutionCenter SpywareBlaster 5.0 Status Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Vensim PLE VLC media player 2.0.6 WebReg Yahoo! Detect Yamaha S90 XS / S70 XS Remote Tools 64bit Yamaha USB-MIDI Driver Zip Motion Block Video codec (Remove Only)
  17. Here's the second: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Carly [Admin rights] Mode : Remove -- Date : 06/11/2013 07:33:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEKT-60KA9T0 +++++ --- User --- [MBR] 9bdad52c1874e6b314da49586bab4b93 [bSP] b1a760fd9f8733710c7c58d4a82a9c2b : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452394 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926912512 | Size: 24242 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_06112013_02d0733.txt >> RKreport[1]_S_06112013_02d0706.txt ; RKreport[2]_D_06112013_02d0733.txt
  18. Hi, I’m getting signs of infection on my work computer, a Dell Optiplex 790 running Windows 7 x64. - Windows update can’t get 2 important .NET framework 4 updates. It gets Windows Update Error 80244019 - Java resisted updating, giving errors (I got it to update eventually) - Malwarebytes reports blocking IP connection requests I didn’t initiate, logs show that it stopped ip protection at times I didn't initiatie - The computer's Explorer had several strange problems (photo icons disappeared, couldn't access My Computer or any drives). These seemed to resolve on reboot. Any help would be appreciated, thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2 Run by ceh98 at 11:18:01 on 2013-06-11 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.10197.6592 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k regsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe C:\Program Files (x86)\Identity Finder 6\idfEndpoint.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe C:\Users\ceh98\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Windows\helppane.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\prevhost.exe C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE C:\Windows\splwow64.exe C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE C:\Users\ceh98\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ProtectionUtilSurrogate.exe C:\Windows\system32\LogonUI.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080325 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080325 mWinlogon: Userinit = userinit.exe BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [AdobeBridge] <no file> mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\ceh98\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ceh98\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVOLUE~1.LNK - C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoInplaceSharing = dword:0 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Windows\System: UserPolicyMode = dword:2 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: Interfaces\{AE8A816C-06C4-412B-A6F6-AB4FC4FD1ACD} : NameServer = 132.236.56.250,128.253.180.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\ceh98\AppData\Roaming\Mozilla\Firefox\Profiles\68hclxh8.default\ FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\ceh98\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys [2012-6-27 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys [2012-6-27 928888] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130521.011\BHDrvx64.sys [2013-5-28 1390680] R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130608.011\IDSviA64.sys [2013-6-11 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys [2012-6-27 170104] R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x64\symnets.sys [2012-6-27 386168] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-16 13336] R2 IDFEndpointService;Identity Finder Endpoint Service;C:\Program Files (x86)\Identity Finder 6\idfEndpoint.exe [2013-3-27 9296896] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-10 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-10 701512] R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2012-6-27 137224] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-13 138912] R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144] R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\System32\drivers\EvoMouseDriverMini.sys [2010-6-23 22584] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-10 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2012-6-27 29664] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-06-11 14:45:27 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-10 19:49:37 -------- d-----w- C:\Users\ceh98\AppData\Roaming\Malwarebytes 2013-06-10 19:49:30 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-10 19:49:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-10 19:49:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-10 19:49:20 -------- d-----w- C:\Users\ceh98\AppData\Local\Programs 2013-06-08 14:42:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-06-08 14:42:14 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-06-08 14:42:14 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-06-08 14:41:23 111448 ----a-w- C:\Windows\System32\consent.exe 2013-06-08 14:41:20 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-06-08 14:41:19 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-06-08 14:41:19 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-06-08 14:41:10 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-06-08 14:41:10 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-08 14:40:45 3153920 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-05-15 11:14:07 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-15 11:14:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 05:51:43 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-04-10 05:08:12 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe . ============= FINISH: 11:18:16.13 ===============
  19. Hi, here's the first (attached) TDSSKiller.2.8.16.0_10.06.2013_21.32.28_log.txt
  20. Hi, The first time I tried, Avast had turned back on, and interrupted in the middle. I retried after disabling Avast. The scan took awhile, and didn't produce a restart. The programs I've tried since (Chrome and Word) run at a reasonable speed and I haven't seen any popups. Startup and wake times are still slow. Did Combofix catch something? ComboFix 13-06-08.02 - Carly 06/09/2013 21:28:07.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2602 [GMT -4:00] Running from: c:\users\Carly\Desktop\ComboFix.exe Command switches used :: c:\users\Carly\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20130608215955.125599 c:\programdata\boost_interprocess\20130608215955.125599\9334581e-7251-4ef7-a8ec-5bfe8e89ff68 c:\programdata\boost_interprocess\20130608215955.125599\plex_frame_mutex . . ((((((((((((((((((((((((( Files Created from 2013-05-10 to 2013-06-10 ))))))))))))))))))))))))))))))) . . 2013-06-10 01:50 . 2013-06-10 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-08 20:32 . 2013-06-10 01:49 -------- d-----w- c:\programdata\boost_interprocess 2013-06-08 16:04 . 2013-06-08 16:04 -------- d-----w- c:\users\Carly\AppData\Roaming\QuickScan 2013-06-08 16:00 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-06-08 16:00 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-06-08 15:00 . 2013-06-08 15:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-06-08 14:53 . 2013-06-08 14:53 -------- d-----w- c:\program files (x86)\QuickTime 2013-06-08 14:53 . 2013-06-08 14:53 -------- d-----w- c:\programdata\Apple Computer 2013-06-08 14:51 . 2013-06-08 14:51 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-06-08 14:51 . 2013-06-08 14:51 -------- d-----r- c:\program files (x86)\Skype 2013-06-08 14:12 . 2013-06-08 14:12 -------- d-----w- c:\users\Carly\AppData\Local\Secunia PSI 2013-06-08 14:12 . 2013-06-08 14:12 -------- d-----w- c:\program files (x86)\Secunia 2013-06-08 14:00 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5F98BB-B368-4A15-9618-5F13DC552F40}\mpengine.dll 2013-06-08 13:59 . 2013-06-08 13:59 -------- d-----w- c:\programdata\Licenses 2013-06-08 13:59 . 2013-06-08 14:04 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-06-08 13:59 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-05-20 12:09 . 2013-05-20 12:09 -------- d-----w- c:\program files (x86)\ESET 2013-05-15 01:21 . 2013-05-15 01:21 -------- d-----w- c:\users\Carly\AppData\Local\Scrivener 2013-05-15 01:15 . 2013-05-15 01:16 -------- d-----w- c:\program files (x86)\Scrivener 2013-05-15 01:03 . 2013-05-15 01:03 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-05-15 01:02 . 2013-05-15 01:02 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-05-15 00:39 . 2013-05-15 00:39 -------- d-----w- c:\users\Carly\AppData\Roaming\dvdcss 2013-05-12 02:10 . 2013-05-12 02:10 -------- d-----w- c:\users\Carly\AppData\Local\Programs 2013-05-12 01:48 . 2013-05-12 01:48 -------- d-----w- c:\windows\ERUNT 2013-05-12 01:48 . 2013-06-08 20:38 -------- d-----w- C:\JRT 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-08 15:00 . 2013-04-01 22:55 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-08 15:00 . 2011-03-31 18:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-27 01:40 . 2011-01-05 14:51 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 01:02 . 2012-05-19 14:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 01:02 . 2011-05-14 02:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll 2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll 2013-05-09 08:59 . 2013-04-03 14:12 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-04-03 14:12 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2012-04-16 01:43 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2011-03-15 16:13 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2011-01-05 15:14 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2011-01-05 15:14 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2011-01-05 15:14 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2011-01-05 15:14 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2011-01-05 15:14 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2011-01-05 15:19 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 06:06 . 2011-01-05 14:54 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys 2013-04-12 14:36 . 2013-04-24 00:58 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 18:50 . 2011-01-05 16:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 06:19 . 2013-04-10 00:51 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:54 . 2013-04-10 00:51 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:06 . 2013-04-10 00:51 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 05:06 . 2013-04-10 00:51 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 04:53 . 2013-04-10 00:51 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:19 . 2013-04-10 00:51 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chromium"="c:\users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-29 825808] "Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-03-13 3991720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] . c:\users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968] . c:\users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-1-6 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "wave3"=Digi32.dll "midi5"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys;c:\windows\SYSNATIVE\drivers\dalwdm.sys [x] R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys;c:\windows\SYSNATIVE\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x] R3 iscFlash;iscFlash;c:\swsetup\sp50824\iscflashx64.sys;c:\swsetup\sp50824\iscflashx64.sys [x] R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MBX2DFU.sys [x] R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys;c:\windows\SYSNATIVE\drivers\mbx2midk.sys [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x] R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x] R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys;c:\windows\SYSNATIVE\drivers\EvoMouseDriverMini.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 00:28] . 2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job - c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 01:24] . 2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job - c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 01:24] . 2013-05-19 c:\windows\Tasks\HPCeeScheduleForCarly.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-26 489472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\ FF - ExtSQL: !HIDDEN! 2013-01-20 19:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-09 21:58:20 ComboFix-quarantined-files.txt 2013-06-10 01:58 ComboFix2.txt 2013-06-09 02:09 . Pre-Run: 109,196,640,256 bytes free Post-Run: 108,886,310,912 bytes free . - - End Of File - - DD48C39EEDAAFB0ACD2447C68C963248 D41D8CD98F00B204E9800998ECF8427E
  21. Ok. Everything still works pretty slowly, includng the internet. No popups so far. ComboFix 13-06-08.02 - Carly 06/08/2013 21:35:09.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1879 [GMT -4:00] Running from: c:\users\Carly\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess\20130608163124.125599 c:\programdata\boost_interprocess\20130608163124.125599\9334581e-7251-4ef7-a8ec-5bfe8e89ff68 c:\programdata\boost_interprocess\20130608163124.125599\plex_frame_mutex . . ((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))) . . 2013-06-09 01:57 . 2013-06-09 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-08 20:32 . 2013-06-09 02:01 -------- d-----w- c:\programdata\boost_interprocess 2013-06-08 16:04 . 2013-06-08 16:04 -------- d-----w- c:\users\Carly\AppData\Roaming\QuickScan 2013-06-08 16:00 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-06-08 16:00 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-06-08 15:00 . 2013-06-08 15:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2013-06-08 14:54 . 2013-06-08 14:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2013-06-08 14:54 . 2013-06-08 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-06-08 14:53 . 2013-06-08 14:53 -------- d-----w- c:\program files (x86)\QuickTime 2013-06-08 14:53 . 2013-06-08 14:53 -------- d-----w- c:\programdata\Apple Computer 2013-06-08 14:51 . 2013-06-08 14:51 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-06-08 14:51 . 2013-06-08 14:51 -------- d-----r- c:\program files (x86)\Skype 2013-06-08 14:12 . 2013-06-08 14:12 -------- d-----w- c:\users\Carly\AppData\Local\Secunia PSI 2013-06-08 14:12 . 2013-06-08 14:12 -------- d-----w- c:\program files (x86)\Secunia 2013-06-08 14:00 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D5F98BB-B368-4A15-9618-5F13DC552F40}\mpengine.dll 2013-06-08 13:59 . 2013-06-08 13:59 -------- d-----w- c:\programdata\Licenses 2013-06-08 13:59 . 2013-06-08 14:04 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-06-08 13:59 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-05-20 12:09 . 2013-05-20 12:09 -------- d-----w- c:\program files (x86)\ESET 2013-05-15 01:21 . 2013-05-15 01:21 -------- d-----w- c:\users\Carly\AppData\Local\Scrivener 2013-05-15 01:15 . 2013-05-15 01:16 -------- d-----w- c:\program files (x86)\Scrivener 2013-05-15 01:03 . 2013-05-15 01:03 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-05-15 01:02 . 2013-05-15 01:02 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-05-15 00:39 . 2013-05-15 00:39 -------- d-----w- c:\users\Carly\AppData\Roaming\dvdcss 2013-05-12 02:10 . 2013-05-12 02:10 -------- d-----w- c:\users\Carly\AppData\Local\Programs 2013-05-12 01:48 . 2013-05-12 01:48 -------- d-----w- c:\windows\ERUNT 2013-05-12 01:48 . 2013-06-08 20:38 -------- d-----w- C:\JRT 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll 2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-08 15:00 . 2013-04-01 22:55 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-08 15:00 . 2011-03-31 18:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-27 01:40 . 2011-01-05 14:51 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 01:02 . 2012-05-19 14:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 01:02 . 2011-05-14 02:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-09 08:59 . 2013-04-03 14:12 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-04-03 14:12 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2012-04-16 01:43 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2011-03-15 16:13 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2011-01-05 15:14 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2011-01-05 15:14 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2011-01-05 15:14 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2011-01-05 15:14 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2011-01-05 15:14 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2011-01-05 15:19 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 06:06 . 2011-01-05 14:54 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys 2013-04-12 14:36 . 2013-04-24 00:58 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 18:50 . 2011-01-05 16:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 06:19 . 2013-04-10 00:51 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:54 . 2013-04-10 00:51 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:06 . 2013-04-10 00:51 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 05:06 . 2013-04-10 00:51 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 04:53 . 2013-04-10 00:51 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:19 . 2013-04-10 00:51 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 130736 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chromium"="c:\users\Carly\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-29 825808] "Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-03-13 3991720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] . c:\users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968] . c:\users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-1-6 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "wave3"=Digi32.dll "midi5"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys;c:\windows\SYSNATIVE\drivers\dalwdm.sys [x] R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys;c:\windows\SYSNATIVE\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x] R3 iscFlash;iscFlash;c:\swsetup\sp50824\iscflashx64.sys;c:\swsetup\sp50824\iscflashx64.sys [x] R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MBX2DFU.sys [x] R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys;c:\windows\SYSNATIVE\drivers\mbx2midk.sys [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys;c:\windows\SYSNATIVE\drivers\ymidusbx64.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x] R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x] R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x] R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys;c:\windows\SYSNATIVE\drivers\EvoMouseDriverMini.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 00:28] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000Core.job - c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 01:24] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842231502-1118220138-2566208259-1000UA.job - c:\users\Carly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 01:24] . 2013-05-19 c:\windows\Tasks\HPCeeScheduleForCarly.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-17 14:45 164016 ----a-w- c:\users\Carly\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-26 489472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Carly\AppData\Roaming\Mozilla\Firefox\Profiles\n32yrfor.default\ FF - ExtSQL: !HIDDEN! 2013-01-20 19:14; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-06-08 22:09:56 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-09 02:09 . Pre-Run: 109,587,210,240 bytes free Post-Run: 109,740,728,320 bytes free . - - End Of File - - EC046F4D0C73C8CD134A02646E8B04DF D41D8CD98F00B204E9800998ECF8427E
  22. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Carly on Sat 06/08/2013 at 16:38:34.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/08/2013 at 16:42:19.62 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.