Jump to content

PennsylvaniaMercury

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by PennsylvaniaMercury

  1. nope. error is gone. and i asked my girl about that program, she knows nothing about it. its nothing she installed.
  2. got it to boot in last known good, still getting that error on boot. here is MBAM Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.15.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16518becca :: BECCA-HP [administrator] 2/15/2014 6:41:27 PMmbam-log-2014-02-15 (18-41-27).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 213346Time elapsed: 5 minute(s), 53 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  3. i would.. but now the computer won't boot. been trying 2 days. loads up to saying configuring windows, please do not turn off computer and sticks there... :/
  4. ComboFix 14-02-12.01 - becca 02/12/2014 20:31:38.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.516 [GMT -5:00] Running from: c:\users\becca\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\becca\AppData\Local\common_functions.dll . . ((((((((((((((((((((((((( Files Created from 2014-01-13 to 2014-02-13 ))))))))))))))))))))))))))))))) . . 2014-02-13 01:38 . 2014-02-13 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-02-13 01:38 . 2014-02-13 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-11 18:37 . 2014-02-11 18:37 -------- d-----w- C:\Nancy Drew 2014-02-11 18:37 . 2014-02-11 18:37 -------- d-----w- c:\program files (x86)\directx 2014-02-11 14:57 . 2014-02-13 00:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{332DB334-F520-4D8E-9B88-E7B80546187D}\offreg.dll 2014-02-11 14:39 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{332DB334-F520-4D8E-9B88-E7B80546187D}\mpengine.dll 2014-02-11 03:13 . 2014-02-11 03:14 -------- d-----w- c:\program files (x86)\GUMA8F1.tmp 2014-02-10 21:16 . 2014-02-10 21:16 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-02-10 16:34 . 2014-02-10 16:35 -------- d-----w- c:\program files (x86)\ERUNT 2014-02-10 00:34 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2014-02-10 00:34 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll 2014-02-10 00:34 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll 2014-02-10 00:34 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll 2014-02-10 00:23 . 2014-02-10 00:33 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2014-02-10 00:23 . 2014-02-10 17:11 -------- d-----w- c:\users\becca\AppData\Roaming\DAEMON Tools Lite 2014-02-10 00:23 . 2014-02-10 00:23 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2014-02-10 00:22 . 2014-02-10 00:34 -------- d-----w- c:\programdata\DAEMON Tools Lite 2014-02-08 05:10 . 2014-02-09 23:56 -------- d-----w- c:\program files (x86)\Games 2014-02-07 19:29 . 2014-02-07 19:29 -------- d-----w- c:\windows\ND 28 Ghost of Thornton Hall 2014-01-26 15:32 . 2014-01-26 15:32 -------- d-----w- c:\program files (x86)\Common Files\Desura 2014-01-26 15:31 . 2014-01-26 15:31 -------- d-----w- c:\programdata\Desura 2014-01-26 15:31 . 2014-01-26 15:55 -------- d-----w- c:\program files (x86)\Desura 2014-01-24 22:52 . 2014-02-11 19:10 -------- d-----w- c:\users\becca\AppData\Roaming\uTorrent 2014-01-24 21:56 . 2014-01-24 21:56 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center 2014-01-22 04:42 . 2014-02-10 00:12 -------- d-----w- c:\users\becca\AppData\Local\Diagnostics 2014-01-15 04:07 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-01-15 04:07 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-01-15 04:07 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-01-15 04:07 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-01-15 04:07 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-01-15 04:07 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-01-15 04:07 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-01-15 04:07 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-01-15 04:07 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-16 08:01 . 2013-07-30 12:39 86054176 ----a-w- c:\windows\system32\MRT.exe 2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-11 15:54 . 2013-12-11 15:54 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-11 15:54 . 2013-12-11 15:54 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-11 15:54 . 2013-12-11 15:54 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-11 15:54 . 2013-12-11 15:54 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-11 15:54 . 2013-12-11 15:54 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-11 15:54 . 2013-12-11 15:54 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-11 15:54 . 2013-12-11 15:54 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-11 15:54 . 2013-12-11 15:54 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-11 15:54 . 2013-12-11 15:54 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-11 15:54 . 2013-12-11 15:54 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-12-11 15:54 . 2013-12-11 15:54 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-11 15:54 . 2013-12-11 15:54 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-11 15:54 . 2013-12-11 15:54 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-11 15:54 . 2013-12-11 15:54 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-11 15:54 . 2013-12-11 15:54 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-11 15:54 . 2013-12-11 15:54 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-12-11 15:54 . 2013-12-11 15:54 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-12-11 15:54 . 2013-12-11 15:54 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-11 15:54 . 2013-12-11 15:54 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-11 15:54 . 2013-12-11 15:54 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-12-11 15:54 . 2013-12-11 15:54 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-11 15:54 . 2013-12-11 15:54 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-11 15:54 . 2013-12-11 15:54 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-11 15:54 . 2013-12-11 15:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-11 15:54 . 2013-12-11 15:54 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-11 15:54 . 2013-12-11 15:54 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-11 15:54 . 2013-12-11 15:54 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-11 15:54 . 2013-12-11 15:54 195584 ----a-w- c:\windows\system32\msrating.dll 2013-12-11 15:54 . 2013-12-11 15:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-11 15:54 . 2013-12-11 15:54 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-11 15:54 . 2013-12-11 15:54 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-11 15:54 . 2013-12-11 15:54 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-11 15:54 . 2013-12-11 15:54 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-11 15:54 . 2013-12-11 15:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-11 15:54 . 2013-12-11 15:54 413696 ----a-w- c:\windows\system32\html.iec 2013-12-11 15:54 . 2013-12-11 15:54 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-11 15:54 . 2013-12-11 15:54 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-11 15:54 . 2013-12-11 15:54 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-11 15:54 . 2013-12-11 15:54 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-11 15:54 . 2013-12-11 15:54 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-11 15:54 . 2013-12-11 15:54 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-11 15:54 . 2013-12-11 15:54 235520 ----a-w- c:\windows\system32\url.dll 2013-12-11 15:54 . 2013-12-11 15:54 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-11 15:54 . 2013-12-11 15:54 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-11 15:54 . 2013-12-11 15:54 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-11 15:54 . 2013-12-11 15:54 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-11 15:54 . 2013-12-11 15:54 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-11 15:54 . 2013-12-11 15:54 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-11 15:54 . 2013-12-11 15:54 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-12-11 15:54 . 2013-12-11 15:54 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-11 15:54 . 2013-12-11 15:54 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-12-11 15:54 . 2013-12-11 15:54 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-11 15:54 . 2013-12-11 15:54 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-11 15:54 . 2013-12-11 15:54 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-11 15:54 . 2013-12-11 15:54 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-11 15:54 . 2013-12-11 15:54 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-11 15:54 . 2013-12-11 15:54 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-11 15:54 . 2013-12-11 15:54 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-11 15:54 . 2013-12-11 15:54 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-26 11:54 . 2013-12-13 18:35 23183360 ----a-w- c:\windows\system32\mshtml.dll 2013-11-26 10:19 . 2013-12-13 18:35 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 10:18 . 2013-12-13 18:35 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 09:48 . 2013-12-13 18:35 66048 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 09:46 . 2013-12-13 18:35 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 09:41 . 2013-12-13 18:35 2764288 ----a-w- c:\windows\system32\iertutil.dll 2013-11-26 09:29 . 2013-12-13 18:35 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-26 09:27 . 2013-12-13 18:35 33792 ----a-w- c:\windows\system32\iernonce.dll 2013-11-26 09:23 . 2013-12-13 18:35 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-11-26 09:21 . 2013-12-13 18:35 574976 ----a-w- c:\windows\system32\ieui.dll 2013-11-26 09:18 . 2013-12-13 18:35 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 09:18 . 2013-12-13 18:35 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 09:16 . 2013-12-13 18:35 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:57 . 2013-12-13 18:35 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2013-11-26 08:35 . 2013-12-13 18:35 5769216 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 08:28 . 2013-12-13 18:35 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16 . 2013-12-13 18:35 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-11-26 08:02 . 2013-12-13 18:35 1995264 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 07:48 . 2013-12-13 18:35 12996608 ----a-w- c:\windows\system32\ieframe.dll 2013-11-26 07:32 . 2013-12-13 18:35 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07 . 2013-12-13 18:35 2334208 ----a-w- c:\windows\system32\wininet.dll 2013-11-26 06:40 . 2013-12-13 18:35 1395200 ----a-w- c:\windows\system32\urlmon.dll 2013-11-26 06:34 . 2013-12-13 18:35 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2013-11-26 06:33 . 2013-12-13 18:35 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2013-11-23 18:26 . 2013-12-12 13:43 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-12 13:43 465920 ----a-w- c:\windows\system32\WMPhoto.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-10-07 83232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0464.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-04 18:47 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 15:20] . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 15:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1157660980-3504564827-1891706756-1000_Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1157660980-3504564827-1891706756-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}] @DACL=(02 0000) @="SynTPCpl0" "LocalizedString"="Synaptics TouchPad V7.5" "System.ApplicationName"="Synaptics.SynTPCpl0" "System.ControlPanel.Category"="2" "System.Software.TasksFileUrl"="c:\\ProgramData\\Synaptics\\SynTP\\SynTPCpl0.xml" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2014-02-12 20:44:45 - machine was rebooted ComboFix-quarantined-files.txt 2014-02-13 01:44 ComboFix2.txt 2013-10-10 15:42 . Pre-Run: 232,875,110,400 bytes free Post-Run: 232,801,529,856 bytes free . - - End Of File - - 0881DD9464E79DD9C05C187DAC50CF79
  5. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01 Ran by becca (administrator) on BECCA-HP on 12-02-2014 19:40:09 Running from C:\Users\becca\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated) HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1157660980-3504564827-1891706756-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori) Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori) Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori) Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori) Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (Google Wallet) - C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] ==================== Services (Whitelisted) ================= R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-08-27] (WildTangent) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.) U2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori) R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori) S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-10-10] (AVG Technologies) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd) S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-12 19:40 - 2014-02-12 19:40 - 00000000 ____D () C:\Users\becca\Desktop\FRST-OlderVersion 2014-02-12 00:41 - 2014-02-12 00:41 - 00001123 _____ () C:\Users\becca\Desktop\AdwCleaner[s2].txt 2014-02-11 17:37 - 2014-02-11 17:37 - 00000949 _____ () C:\Users\Public\Desktop\Secret of the Scarlet Hand.lnk 2014-02-11 17:33 - 2014-02-11 14:13 - 643422528 ____R () C:\Users\becca\Desktop\Nancy Drew - Secret of the Scarlet Hand.iso 2014-02-11 13:40 - 2014-02-11 13:40 - 00000000 _____ () C:\Windows\Game.INI 2014-02-11 13:37 - 2014-02-11 13:37 - 00000000 ____D () C:\Program Files (x86)\directx 2014-02-11 13:37 - 2014-02-11 13:37 - 00000000 ____D () C:\Nancy Drew 2014-02-11 13:34 - 2014-02-10 21:25 - 568394789 ____R () C:\Users\becca\Desktop\Nancy Drew And The Final Scene.zip 2014-02-11 13:27 - 2014-02-11 13:27 - 00000862 _____ () C:\Users\becca\Desktop\checkup.txt 2014-02-11 13:24 - 2014-02-11 13:21 - 00987425 _____ () C:\Users\becca\Desktop\SecurityCheck.exe 2014-02-10 22:13 - 2014-02-10 22:14 - 00000000 ____D () C:\Program Files (x86)\GUMA8F1.tmp 2014-02-10 20:14 - 2014-02-10 20:14 - 00448512 _____ (OldTimer Tools) C:\Users\becca\Downloads\TFC (1).exe 2014-02-10 20:11 - 2014-02-10 20:12 - 00000000 ____D () C:\Users\becca\Desktop\remove 2014-02-10 20:10 - 2014-02-10 20:10 - 00165483 _____ () C:\Users\becca\Downloads\JavaRa-1.16-28-5-13.zip 2014-02-10 18:50 - 2014-02-12 19:40 - 02152448 _____ (Farbar) C:\Users\becca\Desktop\FRST64.exe 2014-02-10 18:50 - 2014-02-12 19:40 - 00008655 _____ () C:\Users\becca\Desktop\FRST.txt 2014-02-10 18:46 - 2014-02-10 18:46 - 00002202 _____ () C:\Users\becca\Desktop\eset.txt 2014-02-10 16:51 - 2014-02-10 16:48 - 01166132 _____ () C:\Users\becca\Desktop\AdwCleaner.exe 2014-02-10 16:48 - 2014-02-10 16:48 - 00006214 _____ () C:\Users\becca\Desktop\JRT.txt 2014-02-10 16:39 - 2014-02-10 16:37 - 01037530 _____ (Thisisu) C:\Users\becca\Desktop\JRT.exe 2014-02-10 16:16 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\becca\Desktop\mbar 2014-02-10 16:16 - 2014-02-10 16:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-10 16:15 - 2014-02-10 16:12 - 12589848 _____ (Malwarebytes Corp.) C:\Users\becca\Desktop\mbar-1.07.0.1009.exe 2014-02-10 11:39 - 2014-02-10 11:39 - 00002815 _____ () C:\Users\becca\Desktop\RKreport[0]_S_02102014_113912.txt 2014-02-10 11:36 - 2014-02-10 11:39 - 00000000 ____D () C:\Users\becca\Desktop\RK_Quarantine 2014-02-10 11:34 - 2014-02-10 11:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-10 11:34 - 2014-02-10 11:34 - 00000928 _____ () C:\Users\becca\Desktop\NTREGOPT.lnk 2014-02-10 11:34 - 2014-02-10 11:34 - 00000909 _____ () C:\Users\becca\Desktop\ERUNT.lnk 2014-02-10 11:34 - 2014-02-10 11:31 - 00791393 _____ (Lars Hederer ) C:\Users\becca\Desktop\erunt-setup.exe 2014-02-10 11:32 - 2014-02-10 11:32 - 00004485 _____ () C:\Users\becca\Desktop\iExplore - Shortcut.lnk 2014-02-10 11:30 - 2014-02-10 11:32 - 00000002 _____ () C:\Users\becca\Desktop\Rkill.txt 2014-02-09 19:23 - 2014-02-10 12:11 - 00000000 ____D () C:\Users\becca\AppData\Roaming\DAEMON Tools Lite 2014-02-09 19:23 - 2014-02-09 19:33 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-02-09 19:23 - 2014-02-09 19:23 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-02-09 19:22 - 2014-02-09 19:34 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{EDB7B79D-22B5-4870-8A48-6EBA9D77895C} 2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{C2C74585-4E1C-411C-BEC1-2357B8BB083A} 2014-02-08 00:13 - 2014-02-09 18:03 - 00000000 ____D () C:\Users\becca\Documents\The Silent Spy 2014-02-08 00:10 - 2014-02-09 18:56 - 00000000 ____D () C:\Program Files (x86)\Games 2014-02-07 14:52 - 2014-02-07 21:09 - 00000000 ____D () C:\Users\becca\Documents\Ghost of Thornton Hall 2014-02-07 14:29 - 2014-02-07 14:29 - 00000000 ____D () C:\Windows\ND 28 Ghost of Thornton Hall 2014-01-26 20:31 - 2014-01-26 20:32 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).scr 2014-01-26 11:15 - 2014-01-26 11:09 - 531572487 _____ () C:\Users\becca\Desktop\witch_hunter_120114_13468.zip 2014-01-26 10:31 - 2014-01-26 10:55 - 00000000 ____D () C:\Program Files (x86)\Desura 2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D () C:\ProgramData\Desura 2014-01-26 10:30 - 2014-01-26 10:31 - 01252424 _____ () C:\Users\becca\Downloads\DesuraInstaller.exe 2014-01-24 17:57 - 2014-01-24 18:09 - 00000000 ____D () C:\Users\becca\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69} 2014-01-24 17:52 - 2014-02-11 14:10 - 00000000 ____D () C:\Users\becca\AppData\Roaming\uTorrent 2014-01-24 17:51 - 2014-01-24 17:52 - 01307736 _____ (BitTorrent Inc.) C:\Users\becca\Downloads\utorrent.exe 2014-01-24 17:50 - 2014-01-24 17:50 - 00003344 _____ () C:\Windows\System32\Tasks\{6B1FC949-516B-43A4-AA40-31BC47521ADC} 2014-01-24 17:09 - 2014-01-24 17:09 - 18496195 _____ () C:\Users\becca\Downloads\l4d1_rochelle_remplace_zoey_060114_27670.zip 2014-01-24 16:56 - 2014-01-24 16:56 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-22 19:26 - 2014-01-22 19:26 - 00001588 _____ () C:\Users\becca\Desktop\Play Left4Dead.lnk 2014-01-22 19:16 - 2014-01-22 19:17 - 02841532 _____ (Saitek ) C:\Users\becca\Downloads\Saitek_Cyborg_Evo_SD6_64.exe 2014-01-17 17:52 - 2014-02-06 22:54 - 00000000 ____D () C:\Users\becca\Documents\The Deadly Device 2014-01-16 02:53 - 2014-01-16 23:17 - 00000000 ____D () C:\Users\becca\Documents\Tomb of the Lost Queen 2014-01-15 14:23 - 2014-01-16 00:29 - 00000000 ____D () C:\Users\becca\Documents\Alibi in Ashes 2014-01-14 23:07 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-14 23:07 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-14 23:07 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-14 23:07 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-13 20:57 - 2014-01-15 00:09 - 00000000 ____D () C:\Users\becca\Documents\The Captive Curse ==================== One Month Modified Files and Folders ======= 2014-02-12 19:40 - 2014-02-12 19:40 - 00000000 ____D () C:\Users\becca\Desktop\FRST-OlderVersion 2014-02-12 19:40 - 2014-02-10 18:50 - 02152448 _____ (Farbar) C:\Users\becca\Desktop\FRST64.exe 2014-02-12 19:40 - 2014-02-10 18:50 - 00008655 _____ () C:\Users\becca\Desktop\FRST.txt 2014-02-12 19:40 - 2013-10-10 22:35 - 00000000 ____D () C:\FRST 2014-02-12 19:39 - 2013-10-12 04:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-12 16:48 - 2012-03-15 22:08 - 01713021 _____ () C:\Windows\WindowsUpdate.log 2014-02-12 11:53 - 2013-07-08 03:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FA883F4-6E4F-41C1-8534-91BE246FE0CC} 2014-02-12 10:29 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-12 10:29 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-12 10:22 - 2013-10-12 04:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-12 10:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-12 10:22 - 2009-07-13 23:51 - 00052962 _____ () C:\Windows\setupact.log 2014-02-12 00:41 - 2014-02-12 00:41 - 00001123 _____ () C:\Users\becca\Desktop\AdwCleaner[s2].txt 2014-02-12 00:39 - 2013-10-09 21:31 - 00000000 ____D () C:\AdwCleaner 2014-02-11 17:37 - 2014-02-11 17:37 - 00000949 _____ () C:\Users\Public\Desktop\Secret of the Scarlet Hand.lnk 2014-02-11 17:37 - 2013-11-14 23:27 - 00000000 ____D () C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-02-11 17:36 - 2014-01-07 01:27 - 00000000 ____D () C:\Program Files\Nancy Drew 2014-02-11 14:13 - 2014-02-11 17:33 - 643422528 ____R () C:\Users\becca\Desktop\Nancy Drew - Secret of the Scarlet Hand.iso 2014-02-11 14:10 - 2014-01-24 17:52 - 00000000 ____D () C:\Users\becca\AppData\Roaming\uTorrent 2014-02-11 13:40 - 2014-02-11 13:40 - 00000000 _____ () C:\Windows\Game.INI 2014-02-11 13:37 - 2014-02-11 13:37 - 00000000 ____D () C:\Program Files (x86)\directx 2014-02-11 13:37 - 2014-02-11 13:37 - 00000000 ____D () C:\Nancy Drew 2014-02-11 13:37 - 2011-07-12 22:34 - 00042650 _____ () C:\Windows\DirectX.log 2014-02-11 13:27 - 2014-02-11 13:27 - 00000862 _____ () C:\Users\becca\Desktop\checkup.txt 2014-02-11 13:21 - 2014-02-11 13:24 - 00987425 _____ () C:\Users\becca\Desktop\SecurityCheck.exe 2014-02-10 22:14 - 2014-02-10 22:13 - 00000000 ____D () C:\Program Files (x86)\GUMA8F1.tmp 2014-02-10 22:14 - 2013-10-12 04:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-10 22:14 - 2013-08-02 10:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-10 21:25 - 2014-02-11 13:34 - 568394789 ____R () C:\Users\becca\Desktop\Nancy Drew And The Final Scene.zip 2014-02-10 20:14 - 2014-02-10 20:14 - 00448512 _____ (OldTimer Tools) C:\Users\becca\Downloads\TFC (1).exe 2014-02-10 20:12 - 2014-02-10 20:11 - 00000000 ____D () C:\Users\becca\Desktop\remove 2014-02-10 20:11 - 2013-07-08 02:56 - 00000000 ____D () C:\Users\becca\AppData\Local\VirtualStore 2014-02-10 20:10 - 2014-02-10 20:10 - 00165483 _____ () C:\Users\becca\Downloads\JavaRa-1.16-28-5-13.zip 2014-02-10 18:46 - 2014-02-10 18:46 - 00002202 _____ () C:\Users\becca\Desktop\eset.txt 2014-02-10 17:07 - 2010-11-20 22:47 - 00986786 _____ () C:\Windows\PFRO.log 2014-02-10 16:48 - 2014-02-10 16:51 - 01166132 _____ () C:\Users\becca\Desktop\AdwCleaner.exe 2014-02-10 16:48 - 2014-02-10 16:48 - 00006214 _____ () C:\Users\becca\Desktop\JRT.txt 2014-02-10 16:37 - 2014-02-10 16:39 - 01037530 _____ (Thisisu) C:\Users\becca\Desktop\JRT.exe 2014-02-10 16:37 - 2014-02-10 16:16 - 00000000 ____D () C:\Users\becca\Desktop\mbar 2014-02-10 16:37 - 2013-10-10 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-10 16:16 - 2014-02-10 16:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-10 16:13 - 2013-07-08 03:00 - 00000000 ___RD () C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-10 16:12 - 2014-02-10 16:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\becca\Desktop\mbar-1.07.0.1009.exe 2014-02-10 12:11 - 2014-02-09 19:23 - 00000000 ____D () C:\Users\becca\AppData\Roaming\DAEMON Tools Lite 2014-02-10 11:39 - 2014-02-10 11:39 - 00002815 _____ () C:\Users\becca\Desktop\RKreport[0]_S_02102014_113912.txt 2014-02-10 11:39 - 2014-02-10 11:36 - 00000000 ____D () C:\Users\becca\Desktop\RK_Quarantine 2014-02-10 11:35 - 2014-02-10 11:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-02-10 11:34 - 2014-02-10 11:34 - 00000928 _____ () C:\Users\becca\Desktop\NTREGOPT.lnk 2014-02-10 11:34 - 2014-02-10 11:34 - 00000909 _____ () C:\Users\becca\Desktop\ERUNT.lnk 2014-02-10 11:32 - 2014-02-10 11:32 - 00004485 _____ () C:\Users\becca\Desktop\iExplore - Shortcut.lnk 2014-02-10 11:32 - 2014-02-10 11:30 - 00000002 _____ () C:\Users\becca\Desktop\Rkill.txt 2014-02-10 11:31 - 2014-02-10 11:34 - 00791393 _____ (Lars Hederer ) C:\Users\becca\Desktop\erunt-setup.exe 2014-02-09 20:21 - 2009-07-14 00:13 - 00796484 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-09 19:34 - 2014-02-09 19:22 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-02-09 19:33 - 2014-02-09 19:23 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys 2014-02-09 19:23 - 2014-02-09 19:23 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{EDB7B79D-22B5-4870-8A48-6EBA9D77895C} 2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{C2C74585-4E1C-411C-BEC1-2357B8BB083A} 2014-02-09 18:56 - 2014-02-08 00:10 - 00000000 ____D () C:\Program Files (x86)\Games 2014-02-09 18:03 - 2014-02-08 00:13 - 00000000 ____D () C:\Users\becca\Documents\The Silent Spy 2014-02-07 21:09 - 2014-02-07 14:52 - 00000000 ____D () C:\Users\becca\Documents\Ghost of Thornton Hall 2014-02-07 14:29 - 2014-02-07 14:29 - 00000000 ____D () C:\Windows\ND 28 Ghost of Thornton Hall 2014-02-06 22:54 - 2014-01-17 17:52 - 00000000 ____D () C:\Users\becca\Documents\The Deadly Device 2014-02-04 13:51 - 2013-08-02 10:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-26 20:32 - 2014-01-26 20:31 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).scr 2014-01-26 17:19 - 2013-07-08 02:59 - 00058408 _____ () C:\Users\becca\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-26 17:19 - 2009-07-13 23:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-26 11:09 - 2014-01-26 11:15 - 531572487 _____ () C:\Users\becca\Desktop\witch_hunter_120114_13468.zip 2014-01-26 10:55 - 2014-01-26 10:31 - 00000000 ____D () C:\Program Files (x86)\Desura 2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D () C:\ProgramData\Desura 2014-01-26 10:31 - 2014-01-26 10:30 - 01252424 _____ () C:\Users\becca\Downloads\DesuraInstaller.exe 2014-01-25 00:03 - 2011-07-12 22:20 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-01-24 20:39 - 2013-07-22 16:17 - 00000000 ____D () C:\games 2014-01-24 18:56 - 2013-10-10 19:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox 2014-01-24 18:47 - 2014-01-05 16:50 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-01-24 18:09 - 2014-01-24 17:57 - 00000000 ____D () C:\Users\becca\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69} 2014-01-24 17:52 - 2014-01-24 17:51 - 01307736 _____ (BitTorrent Inc.) C:\Users\becca\Downloads\utorrent.exe 2014-01-24 17:50 - 2014-01-24 17:50 - 00003344 _____ () C:\Windows\System32\Tasks\{6B1FC949-516B-43A4-AA40-31BC47521ADC} 2014-01-24 17:09 - 2014-01-24 17:09 - 18496195 _____ () C:\Users\becca\Downloads\l4d1_rochelle_remplace_zoey_060114_27670.zip 2014-01-24 16:56 - 2014-01-24 16:56 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf 2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2014-01-24 16:36 - 2013-07-08 12:35 - 00000000 ____D () C:\Users\becca\AppData\Local\CrashDumps 2014-01-22 19:26 - 2014-01-22 19:26 - 00001588 _____ () C:\Users\becca\Desktop\Play Left4Dead.lnk 2014-01-22 19:17 - 2014-01-22 19:16 - 02841532 _____ (Saitek ) C:\Users\becca\Downloads\Saitek_Cyborg_Evo_SD6_64.exe 2014-01-21 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-16 23:17 - 2014-01-16 02:53 - 00000000 ____D () C:\Users\becca\Documents\Tomb of the Lost Queen 2014-01-16 03:04 - 2013-08-15 08:50 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 03:01 - 2013-07-30 07:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-16 00:29 - 2014-01-15 14:23 - 00000000 ____D () C:\Users\becca\Documents\Alibi in Ashes 2014-01-15 00:09 - 2014-01-13 20:57 - 00000000 ____D () C:\Users\becca\Documents\The Captive Curse Some content of TEMP: ==================== C:\Users\becca\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 22:45 ==================== End Of Log ============================
  6. Still getting a Conduit error on startup AdWCleaner. # AdwCleaner v3.018 - Report created 12/02/2014 at 00:39:05# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : becca - BECCA-HP# Running from : C:\Users\becca\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7569 octets] - [09/10/2013 21:31:39]AdwCleaner[R1].txt - [4307 octets] - [10/10/2013 19:50:09]AdwCleaner[R2].txt - [3745 octets] - [10/02/2014 16:51:23]AdwCleaner[R3].txt - [1061 octets] - [12/02/2014 00:37:54]AdwCleaner[s0].txt - [3830 octets] - [10/10/2013 19:52:13]AdwCleaner[s1].txt - [3682 octets] - [10/02/2014 16:53:51]AdwCleaner[s2].txt - [984 octets] - [12/02/2014 00:39:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1043 octets] ########## MBAM Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.12.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476becca :: BECCA-HP [administrator] 2/12/2014 12:42:52 AMmbam-log-2014-02-12 (00-42-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 212376Time elapsed: 5 minute(s), 38 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  7. I'm getting an error on boot relating to something called conduit? MBAM Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.10.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476becca :: BECCA-HP [administrator] 2/10/2014 4:59:27 PMmbam-log-2014-02-11 (16-59-27).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 215282Time elapsed: 6 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) CHECKUP.TXT Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Nancy Drew The Silent Spy 1.00 Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  8. Java Ra kept erroring out. unable to create log. here is fixlist log. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01Ran by becca at 2014-02-10 20:17:08 Run:2Running from C:\Users\becca\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************C:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A53MIZ2L\TBUpdaterLogic[1].dllC:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBZ63TTQ\TBUpdaterLogic[1].dllC:\Users\becca\AppData\Local\Temp\nsh1A86.tmpC:\Users\becca\AppData\Local\Temp\nsp45E8.tmpC:\Users\becca\Downloads\ArcadeFrontierGames (1).exeC:\Users\becca\Downloads\ArcadeFrontierGames (2).exeC:\Users\becca\Downloads\ArcadeFrontierGames.exeC:\Users\becca\Downloads\cbsidlm-cbsi134-AdwCleaner-SEO-75851221.exeC:\Users\becca\Downloads\Shockwave_Installer_Slim.exeC:\Users\becca\Downloads\TinyMediaPlayer_RocketFuelInstaller.exeC:\Users\becca\Downloads\VideoConverterSetup (1).exeC:\Users\becca\Downloads\VideoConverterSetup (2).exeC:\Users\becca\Downloads\VideoConverterSetup.exeHKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No FileCHR HKCU\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-08-21]U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)C:\Users\becca\AppData\Local\Temp\criminalminds-510006264-setup.s510006264.c110268333.len.u.dl.exeC:\Users\becca\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\becca\AppData\Local\Temp\ntdll_dump.dllC:\Users\becca\AppData\Local\Temp\Quarantine.exeC:\Users\becca\AppData\Local\Temp\_is8E3B.exe ***************** "C:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A53MIZ2L\TBUpdaterLogic[1].dll" => File/Directory not found."C:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBZ63TTQ\TBUpdaterLogic[1].dll" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\nsh1A86.tmp" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\nsp45E8.tmp" => File/Directory not found.C:\Users\becca\Downloads\ArcadeFrontierGames (1).exe => Moved successfully.C:\Users\becca\Downloads\ArcadeFrontierGames (2).exe => Moved successfully.C:\Users\becca\Downloads\ArcadeFrontierGames.exe => Moved successfully.C:\Users\becca\Downloads\cbsidlm-cbsi134-AdwCleaner-SEO-75851221.exe => Moved successfully.C:\Users\becca\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.C:\Users\becca\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe => Moved successfully.C:\Users\becca\Downloads\VideoConverterSetup (1).exe => Moved successfully.C:\Users\becca\Downloads\VideoConverterSetup (2).exe => Moved successfully.C:\Users\becca\Downloads\VideoConverterSetup.exe => Moved successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.HKCR\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key not found.HKCU\SOFTWARE\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx" => File/Directory not found.HKCU\SOFTWARE\Google\Chrome\Extensions\fibbpolejomdcpiahkgcmdmaliooeien => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx" => File/Directory not found.HKCU\SOFTWARE\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx" => File/Directory not found.HKCU\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.HKCU\SOFTWARE\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fibbpolejomdcpiahkgcmdmaliooeien => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oopdmcnionefjjnmchkiimificckpkif => Key deleted successfully."C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx" => File/Directory not found.AppMgmt => Service deleted successfully."C:\Users\becca\AppData\Local\Temp\criminalminds-510006264-setup.s510006264.c110268333.len.u.dl.exe" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\Quarantine.exe" => File/Directory not found."C:\Users\becca\AppData\Local\Temp\_is8E3B.exe" => File/Directory not found. ==== End of Fixlog ====
  9. mbar.txt Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.02.10.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476becca :: BECCA-HP [administrator] 2/10/2014 4:17:00 PMmbar-log-2014-02-10 (16-17-00).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 236311Time elapsed: 19 minute(s), 43 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) System Log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 1.496000 GHzMemory total: 1992146944, free: 1216274432 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 1.496000 GHzMemory total: 1992146944, free: 1229660160 Downloaded database version: v2014.02.10.06Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 02/10/2014 16:16:53------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx64.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\rtl8192Ce.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\RtsPStor.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\cdfs.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\user32.dll\Windows\System32\Wldap32.dll\Windows\System32\ws2_32.dll\Windows\System32\gdi32.dll\Windows\System32\setupapi.dll\Windows\System32\msctf.dll\Windows\System32\shell32.dll\Windows\System32\comdlg32.dll\Windows\System32\kernel32.dll\Windows\System32\shlwapi.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\imagehlp.dll\Windows\System32\ole32.dll\Windows\System32\msvcrt.dll\Windows\System32\imm32.dll\Windows\System32\urlmon.dll\Windows\System32\lpk.dll\Windows\System32\nsi.dll\Windows\System32\psapi.dll\Windows\System32\normaliz.dll\Windows\System32\oleaut32.dll\Windows\System32\difxapi.dll\Windows\System32\rpcrt4.dll\Windows\System32\sechost.dll\Windows\System32\clbcatq.dll\Windows\System32\iertutil.dll\Windows\System32\usp10.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8003fd3060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8003e8e050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8003fd3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8003fd3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8003fd3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003e8e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E9B0A126 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 586092544 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 586502144 Numsec = 30316544 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 616818688 Numsec = 8321712 Disk Size: 320072933376 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Home Premium x64Ran by becca on Mon 02/10/2014 at 16:39:57.85~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3318151Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62C401AA-E0AC-462F-A322-17BE10188466}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f2e99efd-72dc-4c5d-9f7c-219133ff8e40} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit"Successfully deleted: [Folder] "C:\Users\becca\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\becca\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\becca\appdata\local\searchprotect"Successfully deleted: [Folder] "C:\Users\becca\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\becca\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\ai_recyclebin"Successfully deleted: [Empty Folder] C:\Users\becca\appdata\local\{C6CE8354-B17A-438F-86C7-5E91F4D7A351} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/10/2014 at 16:48:28.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner # AdwCleaner v3.018 - Report created 10/02/2014 at 16:53:51# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : becca - BECCA-HP# Running from : C:\Users\becca\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\SearchFlyBar2Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Windows\SysWOW64\SearchprotectFolder Deleted : C:\Users\becca\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\becca\AppData\LocalLow\IMVU_Inc_CFolder Deleted : C:\Users\becca\AppData\LocalLow\SearchFlyBar2File Deleted : C:\Users\becca\AppData\Local\Temp\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2580209-EBD1-477B-A9A9-4171D6E8958C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2580209-EBD1-477B-A9A9-4171D6E8958C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{657848CE-3D09-46D0-B497-45A918A635B8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDD44727-CFEC-488F-A7C1-5630A05ADC1D}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DD418BD-817C-4016-87B6-400DBCA95B47}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA1A23D2-913D-4AC3-8CC2-5D76BBA914CE}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F2E99EFD-72DC-4C5D-9F7C-219133FF8E40}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc_CKey Deleted : HKCU\Software\AppDataLow\Software\SearchFlyBar2Key Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\IMVU_Inc_CKey Deleted : HKLM\Software\SearchFlyBar2 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [7569 octets] - [09/10/2013 21:31:39]AdwCleaner[R1].txt - [4307 octets] - [10/10/2013 19:50:09]AdwCleaner[R2].txt - [3745 octets] - [10/02/2014 16:51:23]AdwCleaner[s0].txt - [3830 octets] - [10/10/2013 19:52:13]AdwCleaner[s1].txt - [3534 octets] - [10/02/2014 16:53:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3594 octets] ########## MBAM Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.10.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476becca :: BECCA-HP [administrator] 2/10/2014 4:59:27 PMmbam-log-2014-02-10 (16-59-27).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 215282Time elapsed: 6 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\$RECYCLE.BIN\S-1-5-21-1157660980-3504564827-1891706756-1000\$RKITJI3.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\becca\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.C:\Users\becca\Local Settings\Temporary Internet Files\Content.IE5\Z2LCZQQ6\BiTool[1].dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully. (end) ESET C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\luckyleapUninstall.exe.vir Win32/BrowseFox.C potentially unwanted applicationC:\Program Files (x86)\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A potentially unwanted applicationC:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.CF potentially unwanted applicationC:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A53MIZ2L\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\Users\becca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBZ63TTQ\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\Users\becca\AppData\Local\Temp\nsh1A86.tmp Win32/Toolbar.Conduit.S potentially unwanted applicationC:\Users\becca\AppData\Local\Temp\nsp45E8.tmp Win32/Toolbar.Conduit.S potentially unwanted applicationC:\Users\becca\Downloads\ArcadeFrontierGames (1).exe Win32/OpenCandy potentially unsafe applicationC:\Users\becca\Downloads\ArcadeFrontierGames (2).exe Win32/OpenCandy potentially unsafe applicationC:\Users\becca\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy potentially unsafe applicationC:\Users\becca\Downloads\cbsidlm-cbsi134-AdwCleaner-SEO-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Users\becca\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\becca\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe a variant of Win32/Verti.A potentially unwanted applicationC:\Users\becca\Downloads\VideoConverterSetup (1).exe a variant of Win32/InstallCore.CF potentially unwanted applicationC:\Users\becca\Downloads\VideoConverterSetup (2).exe a variant of Win32/InstallCore.CF potentially unwanted applicationC:\Users\becca\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.CF potentially unwanted applicationC:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01Ran by becca (administrator) on BECCA-HP on 10-02-2014 18:50:42Running from C:\Users\becca\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"HKU\S-1-5-21-1157660980-3504564827-1891706756-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No FileBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR Extension: (Google Wallet) - C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR HKCU\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]CHR HKCU\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\becca\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\becca\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\becca\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\becca\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-08-21]CHR HKLM-x32\...\Chrome\Extension: [oopdmcnionefjjnmchkiimificckpkif] - C:\Users\becca\AppData\Local\CRE\oopdmcnionefjjnmchkiimificckpkif.crx [2013-08-21] ==================== Services (Whitelisted) ================= R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-08-27] (WildTangent)R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X] ==================== Drivers (Whitelisted) ==================== R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-10-10] (AVG Technologies)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-10 18:50 - 2014-02-10 18:50 - 00010039 _____ () C:\Users\becca\Desktop\FRST.txt2014-02-10 18:50 - 2014-02-10 18:46 - 02151424 _____ (Farbar) C:\Users\becca\Desktop\FRST64.exe2014-02-10 18:46 - 2014-02-10 18:46 - 00002202 _____ () C:\Users\becca\Desktop\eset.txt2014-02-10 16:51 - 2014-02-10 16:48 - 01166132 _____ () C:\Users\becca\Desktop\AdwCleaner.exe2014-02-10 16:48 - 2014-02-10 16:48 - 00006214 _____ () C:\Users\becca\Desktop\JRT.txt2014-02-10 16:39 - 2014-02-10 16:37 - 01037530 _____ (Thisisu) C:\Users\becca\Desktop\JRT.exe2014-02-10 16:16 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\becca\Desktop\mbar2014-02-10 16:16 - 2014-02-10 16:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-10 16:15 - 2014-02-10 16:12 - 12589848 _____ (Malwarebytes Corp.) C:\Users\becca\Desktop\mbar-1.07.0.1009.exe2014-02-10 12:11 - 2014-02-09 19:24 - 00000079 ____R () C:\Users\becca\Desktop\MHM0502400000.cue2014-02-10 11:39 - 2014-02-10 11:39 - 00002815 _____ () C:\Users\becca\Desktop\RKreport[0]_S_02102014_113912.txt2014-02-10 11:36 - 2014-02-10 11:39 - 00000000 ____D () C:\Users\becca\Desktop\RK_Quarantine2014-02-10 11:34 - 2014-02-10 11:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-10 11:34 - 2014-02-10 11:34 - 00000928 _____ () C:\Users\becca\Desktop\NTREGOPT.lnk2014-02-10 11:34 - 2014-02-10 11:34 - 00000909 _____ () C:\Users\becca\Desktop\ERUNT.lnk2014-02-10 11:34 - 2014-02-10 11:31 - 00791393 _____ (Lars Hederer ) C:\Users\becca\Desktop\erunt-setup.exe2014-02-10 11:32 - 2014-02-10 11:32 - 00004485 _____ () C:\Users\becca\Desktop\iExplore - Shortcut.lnk2014-02-10 11:30 - 2014-02-10 11:32 - 00000002 _____ () C:\Users\becca\Desktop\Rkill.txt2014-02-09 19:36 - 2014-02-09 19:36 - 00000959 _____ () C:\Users\Public\Desktop\Message in a Haunted Mansion.lnk2014-02-09 19:30 - 2014-02-09 19:26 - 664978608 ____R () C:\Users\becca\Desktop\MHM0502400000.bin2014-02-09 19:23 - 2014-02-10 12:11 - 00000000 ____D () C:\Users\becca\AppData\Roaming\DAEMON Tools Lite2014-02-09 19:23 - 2014-02-09 19:33 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2014-02-09 19:23 - 2014-02-09 19:23 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite2014-02-09 19:22 - 2014-02-09 19:34 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{EDB7B79D-22B5-4870-8A48-6EBA9D77895C}2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{C2C74585-4E1C-411C-BEC1-2357B8BB083A}2014-02-08 00:13 - 2014-02-09 18:03 - 00000000 ____D () C:\Users\becca\Documents\The Silent Spy2014-02-08 00:10 - 2014-02-09 18:56 - 00000000 ____D () C:\Program Files (x86)\Games2014-02-07 14:52 - 2014-02-07 21:09 - 00000000 ____D () C:\Users\becca\Documents\Ghost of Thornton Hall2014-02-07 14:29 - 2014-02-07 14:32 - 00000000 ____D () C:\Program Files (x86)\ND 28 Ghost of Thornton Hall2014-02-07 14:29 - 2014-02-07 14:29 - 00000000 ____D () C:\Windows\ND 28 Ghost of Thornton Hall2014-01-26 20:31 - 2014-01-26 20:32 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).scr2014-01-26 11:15 - 2014-01-26 11:09 - 531572487 _____ () C:\Users\becca\Desktop\witch_hunter_120114_13468.zip2014-01-26 10:31 - 2014-01-26 10:55 - 00000000 ____D () C:\Program Files (x86)\Desura2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D () C:\ProgramData\Desura2014-01-26 10:30 - 2014-01-26 10:31 - 01252424 _____ () C:\Users\becca\Downloads\DesuraInstaller.exe2014-01-24 17:57 - 2014-01-24 18:09 - 00000000 ____D () C:\Users\becca\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}2014-01-24 17:52 - 2014-02-05 17:50 - 00000000 ____D () C:\Users\becca\AppData\Roaming\uTorrent2014-01-24 17:51 - 2014-01-24 17:52 - 01307736 _____ (BitTorrent Inc.) C:\Users\becca\Downloads\utorrent.exe2014-01-24 17:50 - 2014-01-24 17:50 - 00003344 _____ () C:\Windows\System32\Tasks\{6B1FC949-516B-43A4-AA40-31BC47521ADC}2014-01-24 17:09 - 2014-01-24 17:09 - 18496195 _____ () C:\Users\becca\Downloads\l4d1_rochelle_remplace_zoey_060114_27670.zip2014-01-24 16:56 - 2014-01-24 16:56 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-22 19:26 - 2014-01-22 19:26 - 00001588 _____ () C:\Users\becca\Desktop\Play Left4Dead.lnk2014-01-22 19:16 - 2014-01-22 19:17 - 02841532 _____ (Saitek ) C:\Users\becca\Downloads\Saitek_Cyborg_Evo_SD6_64.exe2014-01-17 17:52 - 2014-02-06 22:54 - 00000000 ____D () C:\Users\becca\Documents\The Deadly Device2014-01-16 02:53 - 2014-01-16 23:17 - 00000000 ____D () C:\Users\becca\Documents\Tomb of the Lost Queen2014-01-15 14:23 - 2014-01-16 00:29 - 00000000 ____D () C:\Users\becca\Documents\Alibi in Ashes2014-01-14 23:07 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2014-01-14 23:07 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-01-14 23:07 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-01-14 23:07 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-01-13 20:57 - 2014-01-15 00:09 - 00000000 ____D () C:\Users\becca\Documents\The Captive Curse2014-01-12 18:36 - 2014-01-12 18:36 - 00000000 ____D () C:\Users\becca\AppData\Local\Nancy Drew2014-01-12 18:31 - 2014-01-12 18:35 - 00000000 ____D () C:\Program Files (x86)\Nancy Drew ==================== One Month Modified Files and Folders ======= 2014-02-10 18:50 - 2014-02-10 18:50 - 00010039 _____ () C:\Users\becca\Desktop\FRST.txt2014-02-10 18:50 - 2013-10-10 22:35 - 00000000 ____D () C:\FRST2014-02-10 18:49 - 2012-03-15 22:08 - 01416137 _____ () C:\Windows\WindowsUpdate.log2014-02-10 18:46 - 2014-02-10 18:50 - 02151424 _____ (Farbar) C:\Users\becca\Desktop\FRST64.exe2014-02-10 18:46 - 2014-02-10 18:46 - 00002202 _____ () C:\Users\becca\Desktop\eset.txt2014-02-10 18:13 - 2013-10-12 04:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-10 17:15 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-10 17:15 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-10 17:08 - 2013-10-12 04:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-10 17:07 - 2010-11-20 22:47 - 00986786 _____ () C:\Windows\PFRO.log2014-02-10 17:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-10 17:07 - 2009-07-13 23:51 - 00052458 _____ () C:\Windows\setupact.log2014-02-10 16:53 - 2013-10-09 21:31 - 00000000 ____D () C:\AdwCleaner2014-02-10 16:48 - 2014-02-10 16:51 - 01166132 _____ () C:\Users\becca\Desktop\AdwCleaner.exe2014-02-10 16:48 - 2014-02-10 16:48 - 00006214 _____ () C:\Users\becca\Desktop\JRT.txt2014-02-10 16:37 - 2014-02-10 16:39 - 01037530 _____ (Thisisu) C:\Users\becca\Desktop\JRT.exe2014-02-10 16:37 - 2014-02-10 16:16 - 00000000 ____D () C:\Users\becca\Desktop\mbar2014-02-10 16:37 - 2013-10-10 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-10 16:16 - 2014-02-10 16:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-10 16:13 - 2013-07-08 03:00 - 00000000 ___RD () C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-10 16:12 - 2014-02-10 16:15 - 12589848 _____ (Malwarebytes Corp.) C:\Users\becca\Desktop\mbar-1.07.0.1009.exe2014-02-10 12:11 - 2014-02-09 19:23 - 00000000 ____D () C:\Users\becca\AppData\Roaming\DAEMON Tools Lite2014-02-10 11:39 - 2014-02-10 11:39 - 00002815 _____ () C:\Users\becca\Desktop\RKreport[0]_S_02102014_113912.txt2014-02-10 11:39 - 2014-02-10 11:36 - 00000000 ____D () C:\Users\becca\Desktop\RK_Quarantine2014-02-10 11:35 - 2014-02-10 11:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-10 11:34 - 2014-02-10 11:34 - 00000928 _____ () C:\Users\becca\Desktop\NTREGOPT.lnk2014-02-10 11:34 - 2014-02-10 11:34 - 00000909 _____ () C:\Users\becca\Desktop\ERUNT.lnk2014-02-10 11:32 - 2014-02-10 11:32 - 00004485 _____ () C:\Users\becca\Desktop\iExplore - Shortcut.lnk2014-02-10 11:32 - 2014-02-10 11:30 - 00000002 _____ () C:\Users\becca\Desktop\Rkill.txt2014-02-10 11:31 - 2014-02-10 11:34 - 00791393 _____ (Lars Hederer ) C:\Users\becca\Desktop\erunt-setup.exe2014-02-10 10:20 - 2013-07-08 03:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FA883F4-6E4F-41C1-8534-91BE246FE0CC}2014-02-09 20:21 - 2009-07-14 00:13 - 00796484 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-09 19:36 - 2014-02-09 19:36 - 00000959 _____ () C:\Users\Public\Desktop\Message in a Haunted Mansion.lnk2014-02-09 19:36 - 2013-11-14 23:27 - 00000000 ____D () C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-02-09 19:35 - 2014-01-07 01:27 - 00000000 ____D () C:\Program Files\Nancy Drew2014-02-09 19:34 - 2014-02-09 19:22 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite2014-02-09 19:33 - 2014-02-09 19:23 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2014-02-09 19:26 - 2014-02-09 19:30 - 664978608 ____R () C:\Users\becca\Desktop\MHM0502400000.bin2014-02-09 19:24 - 2014-02-10 12:11 - 00000079 ____R () C:\Users\becca\Desktop\MHM0502400000.cue2014-02-09 19:23 - 2014-02-09 19:23 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{EDB7B79D-22B5-4870-8A48-6EBA9D77895C}2014-02-09 19:12 - 2014-02-09 19:12 - 00002982 _____ () C:\Windows\System32\Tasks\{C2C74585-4E1C-411C-BEC1-2357B8BB083A}2014-02-09 18:56 - 2014-02-08 00:10 - 00000000 ____D () C:\Program Files (x86)\Games2014-02-09 18:03 - 2014-02-08 00:13 - 00000000 ____D () C:\Users\becca\Documents\The Silent Spy2014-02-07 21:09 - 2014-02-07 14:52 - 00000000 ____D () C:\Users\becca\Documents\Ghost of Thornton Hall2014-02-07 14:32 - 2014-02-07 14:29 - 00000000 ____D () C:\Program Files (x86)\ND 28 Ghost of Thornton Hall2014-02-07 14:29 - 2014-02-07 14:29 - 00000000 ____D () C:\Windows\ND 28 Ghost of Thornton Hall2014-02-06 22:54 - 2014-01-17 17:52 - 00000000 ____D () C:\Users\becca\Documents\The Deadly Device2014-02-05 17:50 - 2014-01-24 17:52 - 00000000 ____D () C:\Users\becca\AppData\Roaming\uTorrent2014-02-04 13:51 - 2013-08-02 10:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-01-26 20:32 - 2014-01-26 20:31 - 00688992 ____R (Swearware) C:\Users\becca\Downloads\dds (1).scr2014-01-26 17:19 - 2013-07-08 02:59 - 00058408 _____ () C:\Users\becca\AppData\Local\GDIPFONTCACHEV1.DAT2014-01-26 17:19 - 2009-07-13 23:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT2014-01-26 11:09 - 2014-01-26 11:15 - 531572487 _____ () C:\Users\becca\Desktop\witch_hunter_120114_13468.zip2014-01-26 10:55 - 2014-01-26 10:31 - 00000000 ____D () C:\Program Files (x86)\Desura2014-01-26 10:31 - 2014-01-26 10:31 - 00000000 ____D () C:\ProgramData\Desura2014-01-26 10:31 - 2014-01-26 10:30 - 01252424 _____ () C:\Users\becca\Downloads\DesuraInstaller.exe2014-01-25 00:03 - 2011-07-12 22:20 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2014-01-24 20:39 - 2013-07-22 16:17 - 00000000 ____D () C:\games2014-01-24 18:56 - 2013-10-10 19:50 - 00000000 ____D () C:\Program Files (x86)\PasswordBox2014-01-24 18:47 - 2014-01-05 16:50 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-01-24 18:47 - 2014-01-05 16:50 - 00000000 ____D () C:\Windows\SysWOW64\directx2014-01-24 18:09 - 2014-01-24 17:57 - 00000000 ____D () C:\Users\becca\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}2014-01-24 17:52 - 2014-01-24 17:51 - 01307736 _____ (BitTorrent Inc.) C:\Users\becca\Downloads\utorrent.exe2014-01-24 17:50 - 2014-01-24 17:50 - 00003344 _____ () C:\Windows\System32\Tasks\{6B1FC949-516B-43A4-AA40-31BC47521ADC}2014-01-24 17:09 - 2014-01-24 17:09 - 18496195 _____ () C:\Users\becca\Downloads\l4d1_rochelle_remplace_zoey_060114_27670.zip2014-01-24 16:56 - 2014-01-24 16:56 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe2014-01-24 16:56 - 2014-01-24 16:56 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf2014-01-24 16:56 - 2014-01-24 16:56 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-24 16:36 - 2013-07-08 12:35 - 00000000 ____D () C:\Users\becca\AppData\Local\CrashDumps2014-01-22 19:26 - 2014-01-22 19:26 - 00001588 _____ () C:\Users\becca\Desktop\Play Left4Dead.lnk2014-01-22 19:17 - 2014-01-22 19:16 - 02841532 _____ (Saitek ) C:\Users\becca\Downloads\Saitek_Cyborg_Evo_SD6_64.exe2014-01-21 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-01-16 23:17 - 2014-01-16 02:53 - 00000000 ____D () C:\Users\becca\Documents\Tomb of the Lost Queen2014-01-16 03:04 - 2013-08-15 08:50 - 00000000 ____D () C:\Windows\system32\MRT2014-01-16 03:01 - 2013-07-30 07:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-01-16 00:29 - 2014-01-15 14:23 - 00000000 ____D () C:\Users\becca\Documents\Alibi in Ashes2014-01-15 00:09 - 2014-01-13 20:57 - 00000000 ____D () C:\Users\becca\Documents\The Captive Curse2014-01-12 18:36 - 2014-01-12 18:36 - 00000000 ____D () C:\Users\becca\AppData\Local\Nancy Drew2014-01-12 18:35 - 2014-01-12 18:31 - 00000000 ____D () C:\Program Files (x86)\Nancy Drew2014-01-12 18:35 - 2011-07-12 22:34 - 00042425 _____ () C:\Windows\DirectX.log2014-01-12 03:33 - 2014-01-10 23:06 - 00000000 ____D () C:\Users\becca\Documents\Shadow at the Water's Edge Some content of TEMP:====================C:\Users\becca\AppData\Local\Temp\criminalminds-510006264-setup.s510006264.c110268333.len.u.dl.exeC:\Users\becca\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\becca\AppData\Local\Temp\ntdll_dump.dllC:\Users\becca\AppData\Local\Temp\Quarantine.exeC:\Users\becca\AppData\Local\Temp\_is8E3B.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 22:45 ==================== End Of Log ============================ Did not provide an addition.txt
  10. RogueKiller V8.8.6 _x64_ [Feb 7 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : becca [Admin rights] Mode : Scan -- Date : 02/10/2014 11:39:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [7] -> rundll32.exe KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1157660980-3504564827-1891706756-1000\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3276GSX +++++ --- User --- [MBR] 9f025efaddf22eddaf6e5f3c2e1c0403 [bSP] ce126a6b1cce517aad9d50e229359747 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 286178 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 586502144 | Size: 14803 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02102014_113912.txt >> thank you. now when i boot the laptop though i get a ton of error boxes related to erunt. ?
  11. oops DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428Run by becca at 10:20:17 on 2014-02-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.921 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\PasswordBox\pbbtnService.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Sendori\sndappv2.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\taskeng.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\Sendori\SendoriTray.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: IMVU Inc C Toolbar: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - mURLSearchHooks: IMVU Inc C Toolbar: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dllBHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: IMVU Inc C Toolbar: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - TB: IMVU Inc C Toolbar: {f2e99efd-72dc-4c5d-9f7c-219133ff8e40} - uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\becca\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRunmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204LSP: C:\Windows\System32\Sendori.dllTCP: NameServer = 192.168.2.1TCP: Interfaces\{75542D14-EF18-45D4-AD48-FC007129898B} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{993FDB8F-6706-4B4A-B196-93B33A59235C} : DHCPNameServer = 192.168.2.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exex64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-10 45856]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-15 98208]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13336]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-15 1817088]R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-9-24 67584]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 2656280]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-15 335464]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-15 436840]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-15 878184]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2014-1-26 131912]S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-8-27 240736]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]S3 SaiH0464;SaiH0464;C:\Windows\System32\drivers\SaiH0464.sys [2008-3-31 178432]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-29 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-08 05:10:36 -------- d-----w- C:\Program Files (x86)\Games2014-02-07 19:29:28 -------- d-----w- C:\Windows\ND 28 Ghost of Thornton Hall2014-02-07 19:29:28 -------- d-----w- C:\Program Files (x86)\ND 28 Ghost of Thornton Hall2014-02-07 14:38:56 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2387D691-B285-402A-A01C-614138DC1BF2}\offreg.dll2014-02-07 14:21:28 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2387D691-B285-402A-A01C-614138DC1BF2}\mpengine.dll2014-01-26 15:32:42 -------- d-----w- C:\Program Files (x86)\Common Files\Desura2014-01-26 15:31:58 -------- d-----w- C:\ProgramData\Desura2014-01-26 15:31:31 -------- d-----w- C:\Program Files (x86)\Desura2014-01-24 21:56:14 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-22 04:42:17 -------- d-----w- C:\Users\becca\AppData\Local\Diagnostics2014-01-15 04:07:39 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 04:07:39 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 04:07:39 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 04:07:39 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 04:07:39 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 04:07:39 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 04:07:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 04:07:38 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-15 04:07:38 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-12 23:36:16 -------- d-----w- C:\Users\becca\AppData\Local\Nancy Drew2014-01-12 23:31:49 -------- d-----w- C:\Program Files (x86)\Nancy Drew2014-01-12 23:31:49 -------- d-----w- C:\Program Files (x86)\Common Files\Nancy Drew Prerequisites.==================== Find3M ====================.2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll.============= FINISH: 10:20:57.80 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 7/8/2013 3:56:14 AMSystem Uptime: 2/7/2014 2:44:43 PM (44 hours ago).Motherboard: Hewlett-Packard | | 3672Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 279 GiB total, 210.767 GiB free.D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.E: is FIXED (FAT32) - 4 GiB total, 2.882 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP111: 2/8/2014 12:01:14 AM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Flash Player 10 ActiveXAdobe Reader X MUIAdobe Shockwave Player 12.0Agatha Christie - Peril at End HouseAVG SafeGuard toolbarBejeweled 3Blackhawk Striker 2Blasterball 3BlioBounce SymphonyCake ManiaChronicles of AlbianChuzzle DeluxeCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCompaq Setup ManagerCradle of Rome 2CyberLink YouCamD3DX10DesuraDesura: One 4 NineESET Online Scanner v3ESU for Microsoft Windows 7 SP1Evernote v. 4.2.3Farm FrenzyFATEGoogle ChromeGoogle Update HelperGovernor of Poker 2 Premium EditionHP AutoHP Client ServicesHP Customer Experience EnhancementsHP DocumentationHP GamesHP Launch BoxHP MovieStoreHP On Screen DisplayHP Power ManagerHP Quick LaunchHP SetupHP Software FrameworkHP Support AssistantIMVU Avatar Chat SoftwareIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJewel Quest: The Sleepless Star - Collector's EditionJunk Mail filter updateMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 1.1Microsoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Mouse and Keyboard CenterMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery of Mortlake MansionNamco All-Stars: PAC-MANNancy Drew The Silent Spy 1.00Nancy Drew: The Captive CurseND 28 Ghost of Thornton HallOriginPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferRAR Opener version 1.0Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderREALTEK Wireless LAN DriverRecovery ManagerRoxioNow PlayerSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)SendoriSlingo SupremeStrongvault Online BackupswMSMSynaptics TouchPad DriverThe Sims™ 3The Sims™ 3 GenerationsThe Sims™ 3 SupernaturalThe White Wolf of Icicle CreekUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)Update Installer for WildTangent Games AppVacation Quest - The Hawaiian IslandsVirtual Villagers 5 - New BelieversWildTangent Games App for HPWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 5.01 (32-bit)Zuma Deluxe.==== Event Viewer Messages From Past Week ========.2/9/2014 10:19:47 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.2/8/2014 5:29:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.2/7/2014 9:44:17 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.2/7/2014 2:46:36 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.2/7/2014 2:44:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 1262/7/2014 2:42:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}2/7/2014 2:28:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}2/7/2014 2:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}2/7/2014 2:28:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}2/7/2014 2:28:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}2/7/2014 2:28:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/7/2014 2:28:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}2/7/2014 2:28:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2014 2:28:27 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.2/5/2014 5:57:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.2/5/2014 5:57:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.2/5/2014 5:57:16 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 212/5/2014 5:57:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv62/4/2014 7:19:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.2/4/2014 7:19:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.2/4/2014 12:26:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.2/2/2014 2:04:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service..==== End Of File ===========================
  12. as soon as you try to open chrome or IE it freezes solid and you have to hold power button and force restart it's a compaq laptop. i got great help here before with my system which is still running awesome. i can still run scans and programs by transferring via network. so that won't be an issue. Thanks.
  13. Thank you so much. hadn't realized how slow the computer had gotten...
  14. Thank You. You sure know your stuff when it comes to malware.

  15. # AdwCleaner v2.303 - Logfile created 06/13/2013 at 15:21:15 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Justin - JUSTIN-PC # Boot Mode : Normal # Running from : C:\Users\Justin\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Browser Manager ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16448 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.4654] : urls_to_restore_on_startup = [ "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=19DA8C8D633ADFA8598C5251B92047D3", "hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14225358331909721&UM=2" ] ************************* AdwCleaner[R1].txt - [9344 octets] - [13/06/2013 14:01:09] AdwCleaner[R2].txt - [9404 octets] - [13/06/2013 14:01:32] AdwCleaner[R3].txt - [9464 octets] - [13/06/2013 15:09:29] AdwCleaner[R4].txt - [1313 octets] - [13/06/2013 15:18:50] AdwCleaner[R5].txt - [1181 octets] - [13/06/2013 15:21:15] AdwCleaner[s1].txt - [8920 octets] - [13/06/2013 15:09:55] ########## EOF - C:\AdwCleaner[R5].txt - [1301 octets] ########## Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Lavasoft Ad-Aware Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 7 Java version out of Date! Adobe Reader XI Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Ad-Aware Antivirus AdAwareService.exe Ad-Aware Antivirus SBAMSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  16. only thing i see it targeting that i question is Adaware? # AdwCleaner v2.303 - Logfile created 06/13/2013 at 14:01:09 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Justin - JUSTIN-PC # Boot Mode : Normal # Running from : C:\Users\Justin\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : CltMngSvc ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\Justin\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Program Files\adawaretb Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\SearchProtect Folder Found : C:\ProgramData\adawaretb Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\blekko toolbars Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\search protection Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Justin\AppData\Local\Conduit Folder Found : C:\Users\Justin\AppData\Local\Temp\Industriya Folder Found : C:\Users\Justin\AppData\LocalLow\adawaretb Folder Found : C:\Users\Justin\AppData\LocalLow\Conduit Folder Found : C:\Users\Justin\AppData\LocalLow\Industriya Folder Found : C:\Users\Justin\AppData\Roaming\Babylon Folder Found : C:\Users\Justin\AppData\Roaming\DSite Folder Found : C:\Users\Justin\AppData\Roaming\SearchProtect ***** [Registry] ***** Key Found : HKCU\Software\5b2dcd8e53de845 Key Found : HKCU\Software\8ef6e5fbcf93c20a9c240921a52d8776 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\SearchProtect Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\5b2dcd8e53de845 Key Found : HKLM\Software\adawaretb Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\Software\SearchProtect Key Found : HKLM\Software\Tarma Installer Key Found : HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16448 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN31536682011716921&UM=2&UP=SPA124526E-1DC6-40DA-98BE-A8BD05E2C1C8 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} -\\ Google Chrome v27.0.1453.110 File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.4654] : urls_to_restore_on_startup = [ "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=19DA8C8D633ADFA8598C5251B92047D3", "hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14225358331909721&UM=2" ] ************************* AdwCleaner[R1].txt - [9215 octets] - [13/06/2013 14:01:09] ########## EOF - C:\AdwCleaner[R1].txt - [9275 octets] ##########
  17. everything seems ok now. logs attached. Anyway you can tell me what i had and how i got it so it doesn't happen again? mbar-log-2013-06-13 (12-46-31).txt system-log.txt
  18. RougeKiller log.. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Justin [Admin rights] Mode : Scan -- Date : 06/12/2013 22:40:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc] [sUSP PATH] cltmng.exe -- C:\Users\Justin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc] [sUSP PATH] svcxdcl32.exe -- C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Justin\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe) [7] -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Svc2dll (C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2796156219-500140081-3362875990-1000[...]\Run : SearchProtect (C:\Users\Justin\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Svc2dll (C:\Windows\System32\config\systemprofile\AppData\Local\svcxdcl32.exe) [-] -> FOUND [TASK][sUSP PATH] DSite.job : C:\Users\Justin\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [TASK][sUSP PATH] DSite : C:\Users\Justin\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] ca0ecb331c9083ef23465ae312b02d5b [bSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 190680 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] e14fefbe84fae9cd0008e82d7c7da3f5 [bSP] 5d025e3736f1a099bde4170d58df41a2 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 190680 Mo +++++ PhysicalDrive1: +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_06122013_02d2240.txt >> RKreport[1]_S_06122013_02d2240.txt
  19. first is the malwarebytes log. second is DDS log attached as a zip is attach.txt. 2013/06/12 22:18:16 -0500 JUSTIN-PC Justin MESSAGE Starting protection 2013/06/12 22:18:16 -0500 JUSTIN-PC Justin MESSAGE Protection started successfully 2013/06/12 22:18:16 -0500 JUSTIN-PC Justin MESSAGE Starting IP protection 2013/06/12 22:19:07 -0500 JUSTIN-PC Justin MESSAGE IP Protection started successfully 2013/06/12 22:19:21 -0500 JUSTIN-PC Justin MESSAGE Starting database refresh 2013/06/12 22:19:21 -0500 JUSTIN-PC Justin MESSAGE Stopping IP protection 2013/06/12 22:19:30 -0500 JUSTIN-PC Justin MESSAGE IP Protection stopped successfully 2013/06/12 22:19:34 -0500 JUSTIN-PC Justin MESSAGE Database refreshed successfully 2013/06/12 22:19:34 -0500 JUSTIN-PC Justin MESSAGE Starting IP protection 2013/06/12 22:19:43 -0500 JUSTIN-PC Justin MESSAGE IP Protection started successfully 2013/06/12 22:21:14 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.185 (Type: outgoing, Port: 53821, Process: svchost.exe) 2013/06/12 22:21:22 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.191 (Type: outgoing, Port: 53822, Process: svchost.exe) 2013/06/12 22:21:30 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.189 (Type: outgoing, Port: 53823, Process: svchost.exe) 2013/06/12 22:21:38 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.188 (Type: outgoing, Port: 53824, Process: svchost.exe) 2013/06/12 22:21:55 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 53825, Process: svchost.exe) 2013/06/12 22:22:03 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53826, Process: svchost.exe) 2013/06/12 22:22:11 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.191 (Type: outgoing, Port: 53827, Process: svchost.exe) 2013/06/12 22:22:19 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.192 (Type: outgoing, Port: 53828, Process: svchost.exe) 2013/06/12 22:22:35 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.186 (Type: outgoing, Port: 53829, Process: svchost.exe) 2013/06/12 22:22:43 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53830, Process: svchost.exe) 2013/06/12 22:22:51 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.185 (Type: outgoing, Port: 53831, Process: svchost.exe) 2013/06/12 22:22:59 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53832, Process: svchost.exe) 2013/06/12 22:23:16 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53834, Process: svchost.exe) 2013/06/12 22:23:24 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53835, Process: svchost.exe) 2013/06/12 22:23:32 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.185 (Type: outgoing, Port: 53836, Process: svchost.exe) 2013/06/12 22:23:40 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.186 (Type: outgoing, Port: 53837, Process: svchost.exe) 2013/06/12 22:23:56 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 53838, Process: svchost.exe) 2013/06/12 22:24:04 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 53839, Process: svchost.exe) 2013/06/12 22:24:12 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53840, Process: svchost.exe) 2013/06/12 22:24:21 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53873, Process: svchost.exe) 2013/06/12 22:24:37 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.189 (Type: outgoing, Port: 53876, Process: svchost.exe) 2013/06/12 22:24:45 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53885, Process: svchost.exe) 2013/06/12 22:24:53 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.191 (Type: outgoing, Port: 53940, Process: svchost.exe) 2013/06/12 22:25:01 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.185 (Type: outgoing, Port: 54011, Process: svchost.exe) 2013/06/12 22:25:17 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54012, Process: svchost.exe) 2013/06/12 22:25:25 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 54013, Process: svchost.exe) 2013/06/12 22:25:34 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.192 (Type: outgoing, Port: 54014, Process: svchost.exe) 2013/06/12 22:25:42 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54019, Process: svchost.exe) 2013/06/12 22:25:50 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54021, Process: svchost.exe) 2013/06/12 22:26:06 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54025, Process: svchost.exe) 2013/06/12 22:26:14 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54026, Process: svchost.exe) 2013/06/12 22:26:22 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 54027, Process: svchost.exe) 2013/06/12 22:26:30 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 54028, Process: svchost.exe) 2013/06/12 22:26:46 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 54029, Process: svchost.exe) 2013/06/12 22:26:54 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 54030, Process: svchost.exe) 2013/06/12 22:27:03 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 54033, Process: svchost.exe) 2013/06/12 22:27:11 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 54041, Process: svchost.exe) 2013/06/12 22:27:27 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 54042, Process: svchost.exe) 2013/06/12 22:27:37 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.189 (Type: outgoing, Port: 54043, Process: svchost.exe) 2013/06/12 22:27:45 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 54044, Process: svchost.exe) 2013/06/12 22:27:53 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.161 (Type: outgoing, Port: 54045, Process: svchost.exe) 2013/06/12 22:28:01 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 54049, Process: svchost.exe) 2013/06/12 22:28:17 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54050, Process: svchost.exe) 2013/06/12 22:28:25 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 54051, Process: svchost.exe) 2013/06/12 22:28:33 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 54052, Process: svchost.exe) 2013/06/12 22:28:41 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 54057, Process: svchost.exe) 2013/06/12 22:28:57 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54058, Process: svchost.exe) 2013/06/12 22:29:05 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 54061, Process: svchost.exe) 2013/06/12 22:29:13 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.161 (Type: outgoing, Port: 54062, Process: svchost.exe) 2013/06/12 22:29:21 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54063, Process: svchost.exe) 2013/06/12 22:29:38 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 54064, Process: svchost.exe) 2013/06/12 22:29:46 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 54065, Process: svchost.exe) 2013/06/12 22:29:54 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 54066, Process: svchost.exe) 2013/06/12 22:30:02 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 54070, Process: svchost.exe) 2013/06/12 22:30:18 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 54071, Process: svchost.exe) 2013/06/12 22:30:26 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 54072, Process: svchost.exe) 2013/06/12 22:30:34 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.191 (Type: outgoing, Port: 54074, Process: svchost.exe) 2013/06/12 22:30:42 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 54077, Process: svchost.exe) 2013/06/12 22:30:58 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 54078, Process: svchost.exe) 2013/06/12 22:31:06 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.161 (Type: outgoing, Port: 54081, Process: svchost.exe) 2013/06/12 22:31:15 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.186 (Type: outgoing, Port: 54082, Process: svchost.exe) 2013/06/12 22:31:23 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.187 (Type: outgoing, Port: 54083, Process: svchost.exe) 2013/06/12 22:31:39 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.187 (Type: outgoing, Port: 54084, Process: svchost.exe) 2013/06/12 22:31:47 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.185 (Type: outgoing, Port: 54085, Process: svchost.exe) 2013/06/12 22:31:55 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 54086, Process: svchost.exe) 2013/06/12 22:32:03 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.189 (Type: outgoing, Port: 54089, Process: svchost.exe) 2013/06/12 22:32:19 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 54090, Process: svchost.exe) 2013/06/12 22:32:27 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 54091, Process: svchost.exe) 2013/06/12 22:32:35 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.192 (Type: outgoing, Port: 54092, Process: svchost.exe) 2013/06/12 22:32:43 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54093, Process: svchost.exe) 2013/06/12 22:32:51 -0500 JUSTIN-PC Justin MESSAGE Executing scheduled update: Daily 2013/06/12 22:32:52 -0500 JUSTIN-PC Justin MESSAGE Database already up-to-date 2013/06/12 22:32:59 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.186 (Type: outgoing, Port: 54097, Process: svchost.exe) 2013/06/12 22:33:07 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 54105, Process: svchost.exe) 2013/06/12 22:33:15 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 54106, Process: svchost.exe) 2013/06/12 22:33:23 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.192 (Type: outgoing, Port: 54107, Process: svchost.exe) 2013/06/12 22:33:39 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54108, Process: svchost.exe) 2013/06/12 22:33:47 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 54112, Process: svchost.exe) 2013/06/12 22:33:55 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.184 (Type: outgoing, Port: 54113, Process: svchost.exe) 2013/06/12 22:34:03 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.192 (Type: outgoing, Port: 54122, Process: svchost.exe) 2013/06/12 22:34:27 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 54124, Process: svchost.exe) 2013/06/12 22:34:35 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.42.190 (Type: outgoing, Port: 54127, Process: svchost.exe) 2013/06/12 22:34:43 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 54128, Process: svchost.exe) 2013/06/12 22:34:51 -0500 JUSTIN-PC Justin IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 54129, Process: svchost.exe) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.7.2 Run by Justin at 22:30:46 on 2013-06-12 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1609 [GMT -5:00] . AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\SearchProtect\bin\CltMngSvc.exe C:\Windows\system32\taskhost.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Users\Justin\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\config\systemprofile\AppData\Local\svcxdcl32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN31536682011716921&UM=2&UP=SPA124526E-1DC6-40DA-98BE-A8BD05E2C1C8 uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=US&userid=37a807ed-5208-47c6-9d63-e5a497687e7e&searchtype=ds&q={searchTerms} BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [searchProtect] c:\users\justin\appdata\roaming\searchprotect\bin\cltmng.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe mRun: [PCFixSpeed] "c:\program files\pcfixspeed\PCFixTray.exe" /startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe" mRun: [search Protection] c:\programdata\search protection\SearchProtection.exe mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [sBRegRebootCleaner] "c:\program files\ad-aware antivirus\SBRC.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [svc2dll] c:\windows\system32\config\systemprofile\appdata\local\svcxdcl32.exe StartupFolder: c:\users\justin\appdata\roaming\microsoft\windows\start menu\programs\startup\8ef6e5fbcf93c20a9c240921a52d8776.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Download with Xilisoft Download YouTube Video - c:\program files\xilisoft\download youtube video\upod_link.HTM IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TCP: NameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{DEC9E41B-F26D-4781-97A0-FE223B874FBB} : DHCPNameServer = 75.75.76.76 75.75.75.75 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings -- verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-12 13560] R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-10-3 19056] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-3 242240] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336] R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-12 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-12 701512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-10-3 88176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-12 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-12 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2013-5-13 25728] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-12 41584] S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2013-5-13 9216] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-13 1343400] . =============== Created Last 30 ================ . 2013-06-13 03:18:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-06-13 03:18:01 -------- d-----w- c:\users\justin\appdata\roaming\Malwarebytes 2013-06-13 03:17:48 -------- d-----w- c:\programdata\Malwarebytes 2013-06-13 03:17:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-13 03:17:47 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-13 03:17:26 -------- d-----w- c:\users\justin\appdata\local\Programs 2013-06-13 03:15:26 140288 -c--a-w- C:\2589202.exe 2013-06-13 02:50:23 41584 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-06-13 02:38:57 -------- d-----w- c:\users\justin\appdata\local\ElevatedDiagnostics 2013-06-13 02:37:33 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-06-11 06:54:23 -------- dc----w- c:\program files\SpeedFan 2013-06-11 06:54:10 -------- d-----w- c:\windows\system32\searchplugins 2013-06-11 06:54:10 -------- d-----w- c:\windows\system32\Extensions 2013-06-08 21:17:39 -------- d-----w- c:\programdata\McAfee Security Scan 2013-06-08 21:17:34 -------- dc----w- c:\program files\McAfee Security Scan 2013-06-08 20:08:25 -------- d-----w- c:\users\justin\appdata\local\Rockstar Games 2013-06-08 19:41:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-05-30 03:46:56 -------- d-----w- c:\users\justin\.thumbnails 2013-05-30 03:25:04 -------- d-----w- c:\users\justin\appdata\local\fontconfig 2013-05-30 03:25:02 -------- d-----w- c:\users\justin\appdata\local\gegl-0.2 2013-05-30 03:25:02 -------- d-----w- c:\users\justin\.gimp-2.8 2013-05-30 03:23:58 -------- dc----w- c:\program files\GimpShop 2013-05-30 03:22:44 -------- d-----w- c:\users\justin\appdata\roaming\PCFixSpeed 2013-05-30 03:22:43 -------- d-----w- c:\programdata\PCFixSpeed 2013-05-30 03:21:50 -------- dc----w- c:\program files\Conduit 2013-05-30 03:21:42 -------- d-----w- c:\users\justin\appdata\local\Conduit 2013-05-30 03:21:23 -------- dc----w- c:\program files\SearchProtect 2013-05-30 03:21:05 -------- d-----w- c:\users\justin\appdata\roaming\SearchProtect 2013-05-30 03:21:03 -------- d-----w- c:\users\justin\appdata\local\CRE 2013-05-26 21:45:42 -------- d-----w- c:\users\justin\appdata\roaming\VampireSagaHL 2013-05-26 21:45:41 -------- d-----w- c:\programdata\AlawarWrapper 2013-05-26 21:02:15 -------- dc----w- c:\program files\Viva Media Game Center 2013-05-23 18:34:20 -------- dc----w- c:\program files\Street Legal Racing - Redline 2013-05-23 18:27:27 -------- d-----w- c:\users\justin\appdata\local\NFS Underground 2 2013-05-23 18:09:47 -------- dc----w- c:\program files\EA GAMES 2013-05-23 17:26:45 -------- d-----w- c:\programdata\NFS Underground 2013-05-23 17:21:46 -------- dc----w- c:\program files\Portable 2013-05-19 11:23:19 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{552a706f-1fe4-47d3-b061-402197b885ba}\offreg.dll 2013-05-15 21:03:16 -------- d-----w- c:\users\justin\appdata\local\Nancy Drew 2013-05-15 20:57:14 -------- dc----w- c:\program files\Nancy Drew . ==================== Find3M ==================== . 2013-06-13 02:28:02 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys . ============= FINISH: 22:31:11.66 =============== Attach.zip
  20. I hear random audio of ads playing on my computer. i only built this thing in oct... please help. it's random and getting extremly annoying.. i can be trying to play a game and all of a sudden i hear. "please click on an image" over and over, then ads for sears and smartphones... but yet when i go to desktop, there are no ads... just the audio from them... blah. help. Windows 7 AMD triple core processor.. can give all specs if needed..
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.