Jump to content

derekpw

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by derekpw

  1. seems like all scans with logs are working now that i put the exclusions in. i guess that is it for now. need to uninstall all this stuff i downloaded for the testing now.
  2. i also added mbampt.exe to the exlusions shown above.
  3. so, i added some exceptions for malwarebytes in eset and brought it back up and i got 1 scan/log to run so far. will see how it goes for a couple more hours before declaring victory. will let you know. i am not sure why i had to do this for only this program within eset.
  4. fully disabled my ESET antivirus during testing and all scans seem to be working. see attached snip of logs panel. how to config ESET to allow these mbam scans?
  5. no. nothing seems to happen. just when i manually start a scan. never when one is scheduled. how about on your end?
  6. okay... CheckResults.txt mbam-log-2013-07-12 (14-27-37).txt OTL.Txt Extras.Txt
  7. i tried a couple of test scheduled tasks and none produced a log file.
  8. yes, those commands did work and i verified that by looking at the settings->update tab in mbam. i need to get back to sleep. i can test to see if they execute later this morning, like 10am or so. thanks.
  9. ok. i should still see a log file from each scan. is that the only evidence that a scheduled scan runs? where in the u.s. are you? CheckResults.txt
  10. all iobit out except for those in registry. no iobit probs seen anymore. mbam clean uninstalled and reinstalled. activated. added 1 scheduled scan. did not show up in task scheduler. did not run. no log. so, still a sched prob.
  11. ok. done. should i del all the files and the dir manually?
  12. new run of SystemLook... SystemLook 30.07.11 by jpshortstuff Log created at 19:56 on 11/07/2013 by DerekAdministrator - Elevation successful ========== filefind ========== Searching for "*iobit*"C:\Boot\BCD.iobit --a---- 28672 bytes [05:46 19/02/2012] [00:08 07/04/2012] 8B5CF183435280E0A657255CC01B5A2AC:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com --a---- 40 bytes [10:11 18/01/2011] [05:05 13/02/2011] 672F3175987DF93CA25D9B1946FAF88EC:\Users\Derek\NTUSER.DAT.iobit --a---- 2715648 bytes [05:46 19/02/2012] [00:08 07/04/2012] E64459AC6E7C622157C075FA1D2FD82BC:\Users\Derek\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2580480 bytes [05:46 19/02/2012] [00:08 07/04/2012] 7F43179596F774D9AC202B73AF671EA8C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Recent\IObit Toolbar v4.3 Uninstall.PNG.lnk --a---- 673 bytes [02:22 11/07/2013] [02:43 11/07/2013] CEC8D709A63986FEA1EE9521B4A80A75C:\Users\Derek\Desktop\IObit Toolbar v4.3 Uninstall.PNG --a---- 30082 bytes [02:22 11/07/2013] [02:22 11/07/2013] 226B99CC49A3A115AA7BFA0F092877FBC:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 311296 bytes [05:46 19/02/2012] [00:08 07/04/2012] FF1B4505F17ADC103FAAF6F2B5CD6B75C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 446464 bytes [05:46 19/02/2012] [00:08 07/04/2012] 267F4BD2A00B11CE4541D7A59DE0E2FDC:\Windows\System32\config\DEFAULT.iobit --a---- 327680 bytes [05:46 19/02/2012] [05:46 19/02/2012] B24E83A2829160B4D68A8BCF4BC15260C:\Windows\System32\config\SAM.iobit --a---- 131072 bytes [05:46 19/02/2012] [05:46 19/02/2012] E4A690E61E33A1815507A645277E09D0C:\Windows\System32\config\SECURITY.iobit --a---- 28672 bytes [05:46 19/02/2012] [05:46 19/02/2012] C9AA5C030160F8AEE5881B131D0C938DC:\Windows\System32\config\SOFTWARE.iobit --a---- 70447104 bytes [05:46 19/02/2012] [05:46 19/02/2012] EA3D2408742FC9BA3BD72D8566B275A7C:\Windows\System32\config\SYSTEM.iobit --a---- 13873152 bytes [05:46 19/02/2012] [05:46 19/02/2012] 48E4470B29A051BFF109F2F5DDD4D4F4 ========== folderfind ========== Searching for "*iobit*"C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:07 11/07/2013] ========== regfind ========== Searching for "iobit"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_RTM~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_SP1~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\Res\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\content\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\EN-US\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\skin\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\IE\4.3\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\IE\"="" -= EOF =-
  13. ComboFix 13-07-08.04 - Derek 07/11/2013 8:14.5.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2274 [GMT -7:00] Running from: c:\users\Derek\Desktop\ComboFix.exe Command switches used :: c:\users\Derek\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\boot\BCD.iobit" "c:\program files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com" "c:\users\Derek\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit" "c:\users\Derek\AppData\Roaming\Microsoft\Windows\Recent\IObit Toolbar v4.3 Uninstall.PNG.lnk" "c:\users\Derek\Desktop\IObit Toolbar v4.3 Uninstall.PNG" "c:\users\Derek\NTUSER.DAT.iobit" "c:\windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit" "c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit" "c:\windows\System32\config\DEFAULT.iobit" "c:\windows\System32\config\SAM.iobit" "c:\windows\System32\config\SECURITY.iobit" "c:\windows\System32\config\SOFTWARE.iobit" "c:\windows\System32\config\SYSTEM.iobit" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\4461f48e31bde5c56b31b973b773de09\List.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\93e7e3d6030f426844228042348210cf\Service.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\bd5179a413bc0c4b82eedc22c6cab101\re.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\c5cce8d16a1bd48692b421dcf46d3396\Util.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\e56c61f7248672819579325af3387035\POSIX.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\eb138ef0e4282611dbf485a302784646\LibYAML.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\f233f63b6654362865c7577442edb9e3\Win32.dll c:\users\Derek\AppData\Local\Temp\pdk-Derek-4004\perl514.dll c:\windows\logboot_04.07.2013.tureg.log c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5\Ignore.ini c:\windows\TEMP\pdk-SYSTEM-1688\0665c25e931c1ac0151b062449e91028\XSAccessor.dll c:\windows\TEMP\pdk-SYSTEM-1688\17d0b152e63e6bfe81b4b19588538896\mro.dll c:\windows\TEMP\pdk-SYSTEM-1688\19febd96672ffdb7ea244cef36aaa062\Zlib.dll c:\windows\TEMP\pdk-SYSTEM-1688\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll c:\windows\TEMP\pdk-SYSTEM-1688\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll c:\windows\TEMP\pdk-SYSTEM-1688\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll c:\windows\TEMP\pdk-SYSTEM-1688\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll c:\windows\TEMP\pdk-SYSTEM-1688\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll c:\windows\TEMP\pdk-SYSTEM-1688\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll c:\windows\TEMP\pdk-SYSTEM-1688\3b7106dd14676048b10bbb09a990f74c\XS.dll c:\windows\TEMP\pdk-SYSTEM-1688\4461f48e31bde5c56b31b973b773de09\List.dll c:\windows\TEMP\pdk-SYSTEM-1688\44727051c604ef6b79894b64d4c63832\Expat.dll c:\windows\TEMP\pdk-SYSTEM-1688\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll c:\windows\TEMP\pdk-SYSTEM-1688\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll c:\windows\TEMP\pdk-SYSTEM-1688\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll c:\windows\TEMP\pdk-SYSTEM-1688\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll c:\windows\TEMP\pdk-SYSTEM-1688\7f177c338672436e01c4f0bdbcf94491\EV.dll c:\windows\TEMP\pdk-SYSTEM-1688\7f2598c08178217a0e2c754f3d568f28\Byte.dll c:\windows\TEMP\pdk-SYSTEM-1688\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll c:\windows\TEMP\pdk-SYSTEM-1688\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll c:\windows\TEMP\pdk-SYSTEM-1688\aff7ee779ea184f884ed432c30a58f5d\Scale.dll c:\windows\TEMP\pdk-SYSTEM-1688\b6bd87c968599725b8ab2e5c25d3046a\API.dll c:\windows\TEMP\pdk-SYSTEM-1688\b979ace6da01e63d651cce9ee2474fdc\Name.dll c:\windows\TEMP\pdk-SYSTEM-1688\bc147d83c7c868eeee67082dcf55430c\File.dll c:\windows\TEMP\pdk-SYSTEM-1688\bd5179a413bc0c4b82eedc22c6cab101\re.dll c:\windows\TEMP\pdk-SYSTEM-1688\c199d3c1960e7aeeecb599487952bed2\HiRes.dll c:\windows\TEMP\pdk-SYSTEM-1688\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll c:\windows\TEMP\pdk-SYSTEM-1688\c344fd5536724b2af2e6453833b60203\SHA1.dll c:\windows\TEMP\pdk-SYSTEM-1688\c5cce8d16a1bd48692b421dcf46d3396\Util.dll c:\windows\TEMP\pdk-SYSTEM-1688\c668a322917d32a5ea22894518aa9897\Base64.dll c:\windows\TEMP\pdk-SYSTEM-1688\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll c:\windows\TEMP\pdk-SYSTEM-1688\d0bf009923f29116535c26d228271d6d\Scan.dll c:\windows\TEMP\pdk-SYSTEM-1688\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll c:\windows\TEMP\pdk-SYSTEM-1688\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll c:\windows\TEMP\pdk-SYSTEM-1688\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll c:\windows\TEMP\pdk-SYSTEM-1688\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll c:\windows\TEMP\pdk-SYSTEM-1688\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll c:\windows\TEMP\pdk-SYSTEM-1688\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll c:\windows\TEMP\pdk-SYSTEM-1688\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll c:\windows\TEMP\pdk-SYSTEM-1688\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll c:\windows\TEMP\pdk-SYSTEM-1688\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll c:\windows\TEMP\pdk-SYSTEM-1688\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll c:\windows\TEMP\pdk-SYSTEM-1688\e56c61f7248672819579325af3387035\POSIX.dll c:\windows\TEMP\pdk-SYSTEM-1688\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll c:\windows\TEMP\pdk-SYSTEM-1688\eb138ef0e4282611dbf485a302784646\LibYAML.dll c:\windows\TEMP\pdk-SYSTEM-1688\f233f63b6654362865c7577442edb9e3\Win32.dll c:\windows\TEMP\pdk-SYSTEM-1688\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll c:\windows\TEMP\pdk-SYSTEM-1688\fc02da2bf6cf444ed6ad589e94272526\encoding.dll c:\windows\TEMP\pdk-SYSTEM-1688\perl514.dll . . ((((((((((((((((((((((((( Files Created from 2013-06-11 to 2013-07-11 ))))))))))))))))))))))))))))))) . . 2013-07-11 16:08 . 2013-07-11 16:08 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-07-11 16:08 . 2013-07-11 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-11 16:08 . 2013-07-11 16:08 -------- d-----w- c:\users\Darryl\AppData\Local\temp 2013-07-11 16:08 . 2013-07-11 16:08 -------- d-----w- c:\users\Darren\AppData\Local\temp 2013-07-11 16:08 . 2013-07-11 16:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-10 04:20 . 2013-07-10 04:20 -------- d-----w- C:\FRST 2013-07-08 21:30 . 2013-07-08 21:30 -------- d-----w- c:\windows\ERUNT 2013-07-08 21:30 . 2013-07-08 21:30 -------- d-----w- C:\JRT 2013-07-08 05:14 . 2013-07-08 05:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-08 05:08 . 2013-07-08 05:09 -------- d-----w- c:\program files (x86)\ERUNT 2013-07-07 06:46 . 2013-07-07 06:46 -------- d-----w- c:\users\Derek\AppData\Local\GNU 2013-07-07 06:03 . 2013-07-07 06:03 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes 2013-07-07 06:03 . 2013-07-07 06:03 -------- d-----w- c:\programdata\Malwarebytes 2013-07-07 06:03 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-07 06:03 . 2013-07-07 06:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-03 18:34 . 2013-07-03 18:34 -------- d-----w- c:\users\Derek\AppData\Local\Amazon Cloud Player 2013-07-02 19:32 . 2008-10-23 07:00 111928 ------w- c:\windows\SysWow64\BRRBTOOL.EXE 2013-07-02 19:32 . 2007-01-16 07:00 24223 ------w- c:\windows\SysWow64\brlm03a.dll 2013-07-02 19:32 . 2004-08-10 07:42 77824 ------w- c:\windows\SysWow64\brlmw03a.dll 2013-07-02 19:32 . 2013-07-02 19:32 -------- d-----w- c:\program files (x86)\Brownie 2013-07-02 19:32 . 2006-12-21 18:23 176128 ------w- c:\windows\SysWow64\BROSNMP.DLL 2013-07-02 19:32 . 2009-05-26 02:14 196608 ------w- c:\windows\SysWow64\Pdrvinst.dll 2013-07-02 06:36 . 2013-07-02 07:37 -------- d-----w- c:\programdata\Squeezebox 2013-07-02 06:36 . 2013-07-02 06:37 -------- d-----w- c:\program files (x86)\Squeezebox 2013-06-30 10:48 . 2013-06-30 10:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-27 17:27 . 2013-06-27 17:27 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-06-27 17:27 . 2013-06-30 10:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-27 17:26 . 2013-06-27 17:26 -------- d-----w- c:\programdata\McAfee 2013-06-25 10:02 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAA736B2-12A5-4C76-8975-239C44F7A91D}\mpengine.dll 2013-06-24 15:12 . 2013-07-11 02:26 -------- d-----w- c:\program files (x86)\SlimComputer 2013-06-24 14:50 . 2013-06-24 15:12 -------- d-----w- c:\users\Derek\AppData\Local\SlimWare Utilities Inc 2013-06-24 14:49 . 2013-07-11 02:28 -------- d-----w- c:\program files (x86)\SlimCleaner 2013-06-19 18:28 . 2013-06-19 18:28 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-06-12 06:02 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-30 10:48 . 2011-04-17 00:51 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-12 12:14 . 2012-05-15 17:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 12:14 . 2011-08-28 01:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 09:03 . 2010-10-28 22:02 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 18:49 . 2012-05-15 17:55 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-14 18:49 . 2012-05-15 17:55 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-11 06:13 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-09 08:58 . 2013-06-06 19:03 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 09:06 . 2010-10-28 02:35 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-13 05:49 . 2013-05-14 21:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-14 21:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-14 21:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-14 21:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-14 21:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-14 21:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560] . c:\users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ NexDef Plug-in.lnk - c:\users\Derek\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Media Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2013-7-1 3051619] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 STONEDRV;AmScope MD Driver;c:\windows\system32\Drivers\stonedrv.sys;c:\windows\SYSNATIVE\Drivers\stonedrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 squeezesvc;Logitech Media Server;C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe;C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 12:14] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 02:12] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 02:12] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job - c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 02:18] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job - c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 02:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 505696] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 705368] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-02-26 1483776] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 508216] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 52600] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "cAudioFilterAgent"="c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe" [2010-01-29 517176] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 913720] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\squeezesvc] "ImagePath"="C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\squeezesvc] "ImagePath"="C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\progra~2\SQUEEZ~1\server\SqueezeSvr.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\Conexant\SAII\SmartAudio.exe . ************************************************************************** . Completion time: 2013-07-11 09:17:55 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-11 16:17 . Pre-Run: 211,265,961,984 bytes free Post-Run: 211,121,160,192 bytes free . - - End Of File - - 54360BDC5C45495FF2887B0917CA4021 5B5E648D12FCADC244C1EC30318E1EB9
  14. Geez! SystemLook 30.07.11 by jpshortstuffLog created at 21:18 on 10/07/2013 by DerekAdministrator - Elevation successful ========== filefind ========== Searching for "*iobit*"C:\Boot\BCD.iobit --a---- 28672 bytes [05:46 19/02/2012] [00:08 07/04/2012] 8B5CF183435280E0A657255CC01B5A2AC:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com --a---- 40 bytes [10:11 18/01/2011] [05:05 13/02/2011] 672F3175987DF93CA25D9B1946FAF88EC:\Users\Derek\NTUSER.DAT.iobit --a---- 2715648 bytes [05:46 19/02/2012] [00:08 07/04/2012] E64459AC6E7C622157C075FA1D2FD82BC:\Users\Derek\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2580480 bytes [05:46 19/02/2012] [00:08 07/04/2012] 7F43179596F774D9AC202B73AF671EA8C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Recent\IObit Toolbar v4.3 Uninstall.PNG.lnk --a---- 673 bytes [02:22 11/07/2013] [02:43 11/07/2013] CEC8D709A63986FEA1EE9521B4A80A75C:\Users\Derek\Desktop\IObit Toolbar v4.3 Uninstall.PNG --a---- 30082 bytes [02:22 11/07/2013] [02:22 11/07/2013] 226B99CC49A3A115AA7BFA0F092877FBC:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 311296 bytes [05:46 19/02/2012] [00:08 07/04/2012] FF1B4505F17ADC103FAAF6F2B5CD6B75C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 446464 bytes [05:46 19/02/2012] [00:08 07/04/2012] 267F4BD2A00B11CE4541D7A59DE0E2FDC:\Windows\System32\config\DEFAULT.iobit --a---- 327680 bytes [05:46 19/02/2012] [05:46 19/02/2012] B24E83A2829160B4D68A8BCF4BC15260C:\Windows\System32\config\SAM.iobit --a---- 131072 bytes [05:46 19/02/2012] [05:46 19/02/2012] E4A690E61E33A1815507A645277E09D0C:\Windows\System32\config\SECURITY.iobit --a---- 28672 bytes [05:46 19/02/2012] [05:46 19/02/2012] C9AA5C030160F8AEE5881B131D0C938DC:\Windows\System32\config\SOFTWARE.iobit --a---- 70447104 bytes [05:46 19/02/2012] [05:46 19/02/2012] EA3D2408742FC9BA3BD72D8566B275A7C:\Windows\System32\config\SYSTEM.iobit --a---- 13873152 bytes [05:46 19/02/2012] [05:46 19/02/2012] 48E4470B29A051BFF109F2F5DDD4D4F4 ========== folderfind ========== Searching for "*iobit*"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [11:37 12/12/2011] ========== regfind ========== Searching for "iobit"[HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iobit][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iobit][HKEY_CURRENT_USER\Software\Classes\.iobit][HKEY_CURRENT_USER\Software\Classes\.iobit]@="iobit_auto_file"[HKEY_CURRENT_USER\Software\Classes\iobit_auto_file][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A92E9B2606CB9284784201A0FC7F6ED3]"ProductName"="IObit Toolbar v4.3"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A92E9B2606CB9284784201A0FC7F6ED3\SourceList]"PackageName"="iobitToolbar.msi"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_RTM~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_SP1~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\Res\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\content\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\EN-US\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\FF\chrome\skin\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\IE\4.3\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\Program Files (x86)\IObit Toolbar\IE\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2420B77BA60FFF8459FB252F8249B547]"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\Res\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5343648881A5C3A4AB95B915E0DD9232]"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\877C70B90AC0B10439D7E233FB552DC0]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\FF\chrome\skin\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\install.rdf"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\chrome.manifest"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D30D152A4BC0CE44B828A5D2EFAD4865]"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\FF\chrome\content\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A92E9B2606CB9284784201A0FC7F6ED3\InstallProperties]"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A92E9B2606CB9284784201A0FC7F6ED3\InstallProperties]"DisplayName"="IObit Toolbar v4.3"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]"serverURL"="http://iobit.mybrowserbar.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]"partnerName"="IObit"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]"installDir"="C:\Program Files (x86)\IObit Toolbar\"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]"LogPath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog\"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitUpdate_RASAPI32][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitUpdate_RASMANCS][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62B9E29A-BC60-4829-8724-100ACFF7E63D}]"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62B9E29A-BC60-4829-8724-100ACFF7E63D}]"DisplayName"="IObit Toolbar v4.3"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmartDefragBootTime]"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SmartDefragBootTime]"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmartDefragBootTime]"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\AppDataLow\Software\IObit][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iobit][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iobit][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\.iobit][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\.iobit]@="iobit_auto_file"[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\iobit_auto_file][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\.iobit][HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\.iobit]@="iobit_auto_file"[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\iobit_auto_file] -= EOF =-
  15. sounds good. when we close out this topic, i want to get back to the topic to figure out why my malwarebytes does not set and run its scheduled tasks.
  16. Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2012 TuneUp Utilities Language Pack (en-US) Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Thunderbird (17.0.5) Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.71 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` i uninstalled the programs you recommended. the iobit toolbar errored when i tried. see attached snip.
  17. for the things you had me download and run? just delete them?
  18. I have not done the above yet. Will do soon. What do I need to do special to remove all of the stuff I have installed above?
  19. attached. i have not seen the iobit defrag yet on a reboot. either it hasn't been rebooted enough yet, i think i had it run every 10th reboot, or it is gone. should we end this unless i see it again? i do see iobit toolbar listed in that log but have no idea where that is. i am gone for about 3 hours now. dds.txt attach.txt
  20. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01 Ran by Derek (administrator) on 09-07-2013 21:20:35 Running from C:\Users\Derek\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe (AMD) C:\windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SqueezeSvr.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe () C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] () HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [cAudioFilterAgent] - c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe [517176 2010-01-29] (Conexant Systems, Inc.) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET) HKLM\...\Winlogon: [userinit] C:\windows\system32\userinit.exe, Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios) HKCU\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [Google Update] - "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-27] (Google Inc.) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [TWebCamera] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk ShortcutTarget: Logitech Media Server Tray Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.) Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe () BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outlook.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://calendar.live.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {52068670-CB31-4545-8202-3088AB4B063C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms} SearchScopes: HKCU - {B69A12D0-7C4A-4ABD-A64C-325D4F89B887} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\searchplugins\dictionary.xml FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Ghostery - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\firefox@ghostery.com FF Extension: Email This! Bookmarklet Extension - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\gmailthis@lazyrussian.com FF Extension: Flagfox - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: Garmin Communicator - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Groowe Search Toolbar - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{268ad77e-cff8-42d7-b479-da60a7b93305} FF Extension: denggb - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\denggb@balandro.net.xpi FF Extension: smarterwiki - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\smarterwiki@wikiatic.com.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR RestoreOnStartup: "https://mail.google.com/mail/ca/u/0/?shva=1#inbox", "https://www.google.com/calendar/render?tab=mc" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (WOT) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0 CHR Extension: (Atari - Millipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbollfhmapfgngdahcjdbicedcbkkge\1.0_0 CHR Extension: (Yet another flags) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.9.6_0 CHR Extension: (Gmail Offline) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0 CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.9_0 CHR Extension: (Atari - Centipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh\1.0_0 CHR Extension: (AdBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (FlashBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0 CHR Extension: (Atari - Yars' Revenge) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhhgcmlpojjmclpjbbhelmligedpgk\1.0_0 CHR Extension: (Atari - Asteroids) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkamaohjodmnhiehbogggcllkndklok\1.3_0 CHR Extension: (Cloud Reader) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0 CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\1.32_0 CHR Extension: (Atari - Tempest) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdjocancddgfnbhedkaefjdomdcaf\1.0_0 CHR Extension: (Frogger Classic) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnieegbgfhklagjjbacjiidjojeogd\1.1.1_0 CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0 CHR Extension: (Search Center) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\4.0.1_0 CHR Extension: (Glossy Blue) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0 CHR Extension: (ChromeReload) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0 CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (World Time Map) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgaenegbjiendodcdhkhgpipfebflhl\1.0.2_0 CHR Extension: (Atari - Missile Command) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg\1.0_0 CHR Extension: (Send from Gmail (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0 ==================== Services (Whitelisted) ================= R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) R2 squeezesvc; C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe [x] ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] () S3 STONEDRV; C:\Windows\System32\Drivers\stonedrv.sys [20656 2009-11-03] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST 2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe 2013-07-09 03:48 - 2013-07-09 03:51 - 00000000 ___SD C:\ComboFix 2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox 2013-07-09 03:48 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe 2013-07-09 03:48 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe 2013-07-09 03:48 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe 2013-07-09 03:48 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe 2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe 2013-07-08 17:27 - 2013-07-09 08:04 - 00000022 ____A C:\Windows\S.dirmngr 2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt 2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe 2013-07-08 14:37 - 2013-07-08 16:54 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT 2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe 2013-07-07 22:14 - 2013-07-07 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit 2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip 2013-07-07 22:08 - 2013-07-07 22:09 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk 2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer ) C:\Users\Derek\Downloads\erunt-setup.exe 2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-06 23:03 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-06 04:50 - 2013-07-09 20:55 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job 2013-07-06 04:50 - 2013-07-08 04:55 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job 2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk 2013-07-05 06:45 - 2013-07-09 20:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job 2013-07-03 20:43 - 2013-07-03 20:49 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log 2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk 2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip 2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player 2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe 2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip 2013-07-02 21:00 - 2013-07-02 21:22 - 00000000 ____D C:\Users\Derek\Downloads\Coins 2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini 2013-07-02 12:32 - 2009-05-25 19:14 - 00196608 ____N (brother) C:\Windows\SysWOW64\Pdrvinst.dll 2013-07-02 12:32 - 2008-10-23 00:00 - 00111928 ____N (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE 2013-07-02 12:32 - 2007-01-16 00:00 - 00024223 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\brlm03a.dll 2013-07-02 12:32 - 2006-12-21 11:23 - 00176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL 2013-07-02 12:32 - 2004-08-10 01:00 - 00000114 _____ C:\Windows\SysWOW64\brlmw03a.ini 2013-07-02 12:32 - 2004-08-10 00:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll 2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install 2013-07-02 12:29 - 2013-07-02 12:30 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE 2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs 2013-07-01 23:36 - 2013-07-02 00:37 - 00000000 ____D C:\ProgramData\Squeezebox 2013-07-01 23:36 - 2013-07-01 23:37 - 00000000 ____D C:\Program Files (x86)\Squeezebox 2013-07-01 23:35 - 2013-07-01 23:36 - 58564896 ____A (Logitech ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-30 00:02 - 2013-07-09 08:04 - 00036574 ____A C:\Windows\PFRO.log 2013-06-30 00:02 - 2013-07-09 08:04 - 00000784 ____A C:\Windows\setupact.log 2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log 2013-06-27 10:27 - 2013-06-30 03:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee 2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer 2013-06-24 08:10 - 2013-07-08 00:30 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job 2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog 2013-06-24 07:50 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc 2013-06-24 07:49 - 2013-06-24 08:29 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-06-24 07:49 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe 2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe 2013-06-19 21:21 - 2013-06-19 21:22 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv 2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET 2013-06-16 09:27 - 2013-06-16 09:40 - 00000000 ____D C:\Windows\pss 2013-06-15 02:01 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 02:01 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 02:01 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 02:01 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 02:01 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 02:01 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 02:01 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 02:02 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 02:02 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 02:02 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 02:02 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 02:02 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 02:02 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 02:02 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 02:02 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 23:02 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 23:01 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 23:01 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 23:01 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 23:01 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 23:01 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 23:01 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 23:01 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 23:01 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 23:01 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 23:01 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 23:01 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 23:01 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 23:01 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 23:01 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 23:01 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 23:01 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST 2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe 2013-07-09 21:14 - 2012-05-15 10:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-09 20:55 - 2013-07-06 04:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job 2013-07-09 20:50 - 2013-07-05 06:45 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job 2013-07-09 15:24 - 2010-06-23 22:49 - 01412335 ____A C:\Windows\WindowsUpdate.log 2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-09 12:31 - 2010-10-28 18:53 - 00000000 ____D C:\Users\Derek\AppData\Roaming\FileZilla 2013-07-09 08:05 - 2010-10-27 19:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-09 08:04 - 2013-07-08 17:27 - 00000022 ____A C:\Windows\S.dirmngr 2013-07-09 08:04 - 2013-06-30 00:02 - 00036574 ____A C:\Windows\PFRO.log 2013-07-09 08:04 - 2013-06-30 00:02 - 00000784 ____A C:\Windows\setupact.log 2013-07-09 08:04 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-09 03:51 - 2013-07-09 03:48 - 00000000 ___SD C:\ComboFix 2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox 2013-07-09 03:48 - 2012-05-13 13:53 - 00000000 ____D C:\Windows\ERDNT 2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe 2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt 2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe 2013-07-08 16:54 - 2013-07-08 14:37 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT 2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT 2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe 2013-07-08 04:55 - 2013-07-06 04:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job 2013-07-08 00:30 - 2013-06-24 08:10 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job 2013-07-07 22:51 - 2013-07-07 22:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit 2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip 2013-07-07 22:09 - 2013-07-07 22:08 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk 2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk 2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer ) C:\Users\Derek\Downloads\erunt-setup.exe 2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU 2013-07-06 23:46 - 2013-04-22 22:57 - 00000000 ____D C:\Users\Derek\AppData\Roaming\gnupg 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk 2013-07-03 21:46 - 2010-10-27 18:03 - 00000000 ____D C:\users\Derek 2013-07-03 20:49 - 2013-07-03 20:43 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log 2013-07-03 20:49 - 2009-07-13 19:34 - 77332480 ____A C:\Windows\System32\config\SOFTWARE_tureg_old 2013-07-03 20:49 - 2009-07-13 19:34 - 18874368 ____A C:\Windows\System32\config\SYSTEM_tureg_old 2013-07-03 20:49 - 2009-07-13 19:34 - 00028672 ____A C:\Windows\System32\config\SECURITY_tureg_old 2013-07-03 20:42 - 2009-07-13 19:34 - 00327680 ____A C:\Windows\System32\config\DEFAULT_tureg_old 2013-07-03 20:42 - 2009-07-13 19:34 - 00131072 ____A C:\Windows\System32\config\SAM_tureg_old 2013-07-03 20:29 - 2011-11-04 22:18 - 00000000 ____D C:\Registry Export 2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk 2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip 2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player 2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe 2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip 2013-07-02 21:22 - 2013-07-02 21:00 - 00000000 ____D C:\Users\Derek\Downloads\Coins 2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI 2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie 2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini 2013-07-02 12:31 - 2010-03-23 18:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install 2013-07-02 12:30 - 2013-07-02 12:29 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE 2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs 2013-07-02 00:37 - 2013-07-01 23:36 - 00000000 ____D C:\ProgramData\Squeezebox 2013-07-01 23:37 - 2013-07-01 23:36 - 00000000 ____D C:\Program Files (x86)\Squeezebox 2013-07-01 23:36 - 2013-07-01 23:35 - 58564896 ____A (Logitech ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-30 03:48 - 2013-06-27 10:27 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-30 03:48 - 2011-04-16 17:51 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-30 03:48 - 2010-03-23 18:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log 2013-06-29 16:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-27 18:50 - 2010-10-28 13:26 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Mozilla 2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\Apple Computer 2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee 2013-06-27 10:19 - 2010-03-23 18:09 - 00000000 ____D C:\ProgramData\Toshiba 2013-06-27 10:19 - 2010-03-23 18:06 - 00000000 ____D C:\Program Files\TOSHIBA 2013-06-27 09:59 - 2013-05-14 11:46 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-06-27 09:58 - 2012-11-26 21:36 - 00000000 ____D C:\Users\Derek\Downloads\Program Updates 2013-06-27 04:15 - 2012-08-01 20:52 - 00000000 ____D C:\Users\Derek\Documents\_NEW DIRECTORIES 2013-06-24 08:29 - 2013-06-24 07:49 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer 2013-06-24 08:12 - 2013-06-24 07:50 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc 2013-06-24 08:12 - 2013-06-24 07:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog 2013-06-24 07:58 - 2010-03-23 17:42 - 00000000 ____D C:\Windows\Panther 2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe 2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe 2013-06-19 21:22 - 2013-06-19 21:21 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv 2013-06-19 12:09 - 2011-12-30 09:32 - 00000263 ____A C:\Users\Derek\AppData\Roaming\Battery Meter_Settings.ini 2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET 2013-06-19 11:30 - 2013-06-06 00:16 - 00000000 ____D C:\ProgramData\AVAST Software 2013-06-19 04:17 - 2012-08-04 20:21 - 00000000 ____D C:\Users\Derek\Pictures2 2013-06-16 09:40 - 2013-06-16 09:27 - 00000000 ____D C:\Windows\pss 2013-06-12 05:14 - 2012-05-15 10:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 05:14 - 2011-08-27 18:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 03:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 02:03 - 2010-10-28 15:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 04:18 - 2012-08-04 21:28 - 00000000 ____D C:\Users\Derek\SerenityBay.com ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 01:36 ==================== End Of Log ============================ Addition.txt
  21. should i uninstall Combofix or anything i have installed yet?
  22. ran ComboFix and it ran for 1 or 2 minutes and then turned off my computer, not a shutdown, just off. When back up, no log file anywhere. I did notice a weird directory named ComboFix in C:\ that had in it 2 icons showing my hard drive and my dvd drive. Can that just be deleted? Should i try and run again?
  23. ok, attachments you requested. eset found no viruses. mbar-log-2013-07-07 (22-14-13).txt system-log.txt JRT.txt AdwCleanerS1.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.