Jump to content

Gettothechopper

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I don't know what it is, but for some reason my computer is really slow. I did a scan, and 1 item showed up called PUP.Optional.OpenCandy which I quarantined and removed. Still seems slow though. Can someone help? FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Luke (administrator) on LUKE-PC on 13-09-2014 16:57:50 Running from C:\Users\Luke\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Dropbox, Inc.) C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\Administrator.Luke-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C339432B-402C-4973-BAD4-45090F58E07F} URL = SearchScopes: HKCU - {C339432B-402C-4973-BAD4-45090F58E07F} URL = BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_20\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Tcpip\Parameters: [DhcpNameServer] 216.228.192.5 216.228.195.7 FireFox: ======== FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\woqilygb.default FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Extension: Stop Autoplay - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\woqilygb.default\Extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd} [2011-05-16] FF Extension: Easy YouTube Video Downloader - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\woqilygb.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-10-16] FF Extension: Adblock Plus - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\woqilygb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-19] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn [2010-11-02] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-20] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed] R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-05-09] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-06-27] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-24] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-24] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-24] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-14] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-07-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111102.030\IDSvia64.sys [488568 2011-08-23] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111103.024\ENG64.SYS [117880 2011-08-04] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20111103.024\EX64.SYS [2048632 2011-08-04] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-10] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-13 16:57 - 2014-09-13 16:58 - 00016974 _____ () C:\Users\Luke\Downloads\FRST.txt 2014-09-13 16:57 - 2014-09-13 16:57 - 00000000 ____D () C:\FRST 2014-09-13 16:54 - 2014-09-13 16:55 - 02105856 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe 2014-09-13 15:49 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-13 15:49 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-13 15:47 - 2014-09-13 16:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-13 00:35 - 2014-09-13 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-12 22:34 - 2014-09-13 16:40 - 00000000 ___RD () C:\Users\Luke\Dropbox 2014-09-12 22:34 - 2014-09-12 22:34 - 00001041 _____ () C:\Users\Luke\Desktop\Dropbox.lnk 2014-09-12 22:33 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-12 22:33 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-12 22:33 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-12 22:33 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-12 22:33 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-12 22:33 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-09-12 22:33 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-09-12 22:33 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-09-12 22:33 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-09-12 22:33 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-09-12 22:33 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-09-12 22:32 - 2014-09-12 22:32 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-12 22:32 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-12 22:32 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-12 22:24 - 2014-09-13 16:40 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Dropbox 2014-09-12 22:23 - 2014-09-12 22:24 - 00323696 _____ (Dropbox, Inc.) C:\Users\Luke\Downloads\DropboxInstaller.exe 2014-09-12 22:22 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-12 22:22 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-12 22:22 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-09-12 22:22 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-09-12 22:06 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-09-12 22:06 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-09-12 21:56 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-12 21:56 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-12 21:56 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-09-12 21:56 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-09-12 21:56 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-09-12 21:56 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-09-12 21:56 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-09-12 21:56 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-09-12 21:56 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-09-12 21:56 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-09-12 21:51 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-09-12 21:51 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-09-12 21:50 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-12 21:50 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-12 21:50 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-09-12 21:50 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-09-12 21:50 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-12 21:50 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-12 21:50 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-12 21:50 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-12 21:50 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-09-12 21:50 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-09-12 21:50 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-09-12 21:50 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-09-12 21:47 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-09-12 21:47 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-09-12 21:47 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-09-12 21:47 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-09-12 21:47 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-09-12 21:47 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-09-12 21:47 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-09-12 21:47 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-09-12 21:47 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-09-12 21:47 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-09-12 21:47 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-09-12 21:47 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-09-12 21:47 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-09-12 21:47 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-09-12 21:47 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-12 21:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-12 21:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-12 21:43 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-12 21:42 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-09-12 21:42 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-09-12 21:42 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-09-12 21:42 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-09-12 21:42 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-09-12 21:42 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-09-12 21:42 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-09-12 21:27 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-12 21:27 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-09-12 21:11 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-12 21:11 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-12 21:11 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-12 21:05 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-12 21:05 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-09-12 19:57 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-09-12 19:30 - 2014-09-13 16:32 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-12 19:28 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-12 19:28 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-12 19:28 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-09-12 19:28 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-09-12 19:27 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-09-12 19:27 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-09-12 19:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-12 19:27 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-09-12 19:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-12 19:22 - 2014-09-12 19:22 - 06010880 _____ () C:\Program Files (x86)\GUTE9E2.tmp 2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 ____D () C:\Program Files (x86)\GUME9E1.tmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-13 16:58 - 2014-09-13 16:57 - 00016974 _____ () C:\Users\Luke\Downloads\FRST.txt 2014-09-13 16:57 - 2014-09-13 16:57 - 00000000 ____D () C:\FRST 2014-09-13 16:57 - 2009-07-13 22:10 - 01743735 _____ () C:\Windows\WindowsUpdate.log 2014-09-13 16:55 - 2014-09-13 16:54 - 02105856 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe 2014-09-13 16:48 - 2014-09-13 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-13 16:41 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-13 16:41 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-13 16:40 - 2014-09-12 22:34 - 00000000 ___RD () C:\Users\Luke\Dropbox 2014-09-13 16:40 - 2014-09-12 22:24 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Dropbox 2014-09-13 16:38 - 2013-03-15 20:49 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-13 16:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-13 16:35 - 2009-07-13 21:51 - 00063709 _____ () C:\Windows\setupact.log 2014-09-13 16:35 - 2009-07-13 21:45 - 00334976 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-13 16:32 - 2014-09-12 19:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-13 16:32 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-13 16:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-09-13 16:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-09-13 16:17 - 2012-05-04 12:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-13 16:02 - 2014-03-06 23:16 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-13 16:02 - 2009-07-13 22:13 - 00775124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-13 15:36 - 2014-09-13 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-13 15:36 - 2012-05-04 23:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-13 15:36 - 2010-07-22 11:04 - 00553514 _____ () C:\Windows\PFRO.log 2014-09-13 00:35 - 2013-03-15 20:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-12 22:42 - 2012-12-07 13:06 - 00000000 ___RD () C:\Users\Luke\Desktop\Desktop Files 2014-09-12 22:34 - 2014-09-12 22:34 - 00001041 _____ () C:\Users\Luke\Desktop\Dropbox.lnk 2014-09-12 22:34 - 2010-11-02 16:55 - 00000000 ____D () C:\Users\Luke 2014-09-12 22:32 - 2014-09-12 22:32 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-12 22:24 - 2014-09-12 22:23 - 00323696 _____ (Dropbox, Inc.) C:\Users\Luke\Downloads\DropboxInstaller.exe 2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-12 21:46 - 2014-09-12 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-12 21:46 - 2014-01-08 00:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-12 19:30 - 2013-03-15 20:49 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-09-12 19:30 - 2013-03-15 20:49 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-09-12 19:27 - 2014-01-09 21:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-12 19:25 - 2010-12-10 19:55 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-12 19:22 - 2014-09-12 19:22 - 06010880 _____ () C:\Program Files (x86)\GUTE9E2.tmp 2014-09-12 19:22 - 2014-09-12 19:22 - 00000000 ____D () C:\Program Files (x86)\GUME9E1.tmp 2014-09-12 19:21 - 2012-05-04 12:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-12 19:20 - 2012-05-04 12:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-12 19:20 - 2011-05-16 19:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-04 19:10 - 2014-09-12 22:32 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-04 19:05 - 2014-09-12 22:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-22 19:07 - 2014-09-12 21:11 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 18:45 - 2014-09-12 21:11 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-22 17:59 - 2014-09-12 21:11 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete: ==================== C:\Users\Luke\jagex_cl_runescape_LIVE.dat C:\Users\Luke\jagex_runescape_preferences.dat C:\Users\Luke\jagex_runescape_preferences2.dat Some content of TEMP: ==================== C:\Users\Luke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl3iqbs.dll C:\Users\Luke\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Luke\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Luke\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Luke\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe C:\Users\Luke\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe C:\Users\Luke\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Luke\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Luke\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Luke\AppData\Local\Temp\Uninstaller-4300.exe C:\Users\Luke\AppData\Local\Temp\zipsetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-03-23 11:59 ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Luke at 2014-09-13 16:59:14 Running from C:\Users\Luke\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Internet Security (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton AntiVirus (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: avast! Internet Security (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton AntiVirus (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Internet Security (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software) Avernum 3 (HKLM-x32\...\Product_Name) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation) Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.) Dropbox (HKCU\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.) Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version: - NCH Software) Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Java 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSI Afterburner 2.2.0 (HKLM-x32\...\Afterburner) (Version: 2.2.0 - MSI Co., LTD) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 18.7.1.3 - Symantec Corporation) OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.) PSPPContent (x32 Version: 14.2.0.1 - Corel Corporation) Hidden PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio) Roxio Burn (x32 Version: 1.01 - Roxio) Hidden Setup (x32 Version: 14.2.0.1 - Corel Corporation) Hidden Sid Meier's Alpha Centauri (HKLM-x32\...\Sid Meier's Alpha Centauri) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC) VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Wurm Online (HKCU\...\Wurm Online) (Version: - Code Club AB) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2809977914-2267757094-2383384390-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 26-01-2014 05:25:15 Windows Update 09-02-2014 04:27:53 Windows Modules Installer 09-02-2014 04:31:39 Windows Update 27-02-2014 05:32:43 Windows Update 07-03-2014 05:00:07 Windows Update 07-03-2014 05:58:57 Windows Update 19-03-2014 03:25:12 Windows Update 20-03-2014 04:07:40 Windows Update 23-03-2014 03:33:36 Windows Update 13-09-2014 02:21:02 Windows Update 13-09-2014 22:44:16 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01AF8DE5-9092-4B9C-9281-E6DDA3E5F65C} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation) Task: {18936C0C-964A-46FF-BEEF-A19D17B40E3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated) Task: {4416A9FF-7917-437C-9668-432528A7CB72} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation) Task: {7CE0AD36-368A-49B6-8F58-CDEB3D2A1DD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.) Task: {B3414616-2370-491A-A3C4-6E810BCF40CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.) Task: {E1E30B93-E8BC-48E7-A1DF-F8DB7F45CDDC} - System32\Tasks\DF0Z0DL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.) Task: {E8591596-B28B-408A-8869-C57AC01A357D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-22 09:15 - 2009-07-17 10:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 2010-07-22 09:15 - 2009-07-17 10:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll 2012-04-27 10:43 - 2012-04-27 10:43 - 00086016 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll 2013-08-09 13:50 - 2013-08-09 12:17 - 02092544 _____ () C:\Program Files\AVAST Software\Avast\defs\13080902\algo.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-13 16:39 - 2014-09-13 16:39 - 00043008 _____ () c:\users\luke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl3iqbs.dll 2014-09-12 22:32 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\libcef.dll 2010-05-04 16:36 - 2010-05-04 16:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2014-09-13 00:35 - 2014-09-13 00:35 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" ==================== Faulty Device Manager Devices ============= Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Marvell Service: yukonw7 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/07/2014 01:15:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 48048 Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 48048 Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32167 Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32167 Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15959 Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15959 Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (09/13/2014 04:57:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 04:57:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 03:37:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DockLoginService service. Error: (09/13/2014 03:37:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device service failed to start due to the following error: %%1053 Error: (09/13/2014 03:37:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. Error: (09/13/2014 00:37:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 00:37:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 00:36:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 00:36:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Error: (09/13/2014 00:35:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. Microsoft Office Sessions: ========================= Error: (05/07/2014 01:15:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Luke\Downloads\SoftonicDownloader_for_openoffice-org.exe Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 48048 Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 48048 Error: (02/27/2014 03:22:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32167 Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32167 Error: (02/27/2014 03:21:45 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15959 Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15959 Error: (02/27/2014 03:21:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 55% Total physical RAM: 3032.36 MB Available physical RAM: 1356.26 MB Total Pagefile: 6062.91 MB Available Pagefile: 4002.89 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:149.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08000000) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. It seems to be gone. Thanks! I don't even know how I got infected, it was only until I started using YTD that I noticed issues. Other than that, I have no idea. If it's safe though, I guess I can keep using it.
  3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows 7 Professional x64 Ran by Luke on Thu 01/02/2014 at 17:08:32.00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Luke\appdata\local\cre" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 01/02/2014 at 17:31:22.72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.016 - Report created 02/01/2014 at 17:43:36 # Updated 23/12/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Luke - DARTHLUKE # Running from : D:\Downloads\AdwCleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\GreenTree Applications Folder Deleted : C:\Users\Luke\Desktop\Tutorials ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1361 octets] - [02/01/2014 17:42:27] AdwCleaner[s0].txt - [1302 octets] - [02/01/2014 17:43:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1362 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.02.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Luke :: DARTHLUKE [administrator] 1/2/2014 5:55:25 PM mbam-log-2014-01-02 (17-55-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 264264 Time elapsed: 1 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I was also planning to uninstall youtube downloader, if this is okay?
  4. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.45.2 Run by Luke at 13:26:09 on 2014-01-01 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16301.14017 [GMT -8:00] . AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork D:\Main Directory\Malwarebytes' Anti-Malware\mbamscheduler.exe D:\Main Directory\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted D:\Main Directory\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 216.228.192.5 216.228.195.7 TCP: Interfaces\{ACAFE22C-3E22-4824-9B58-F078A5BC03E1} : DHCPNameServer = 216.228.192.5 216.228.195.7 TCP: Interfaces\{AF146E01-9C6F-4140-8F94-B42F3788A550} : DHCPNameServer = 216.228.192.5 216.228.195.7 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\windows\syswow64\nvinit.dll d3dgearload.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 validation.sls.microsoft.com . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 205320] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-4-30 28184] R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-3-16 447888] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-30 1032416] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-30 409832] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-30 38984] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-30 84328] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-3 50344] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-3 116776] R2 MBAMScheduler;MBAMScheduler;D:\Main Directory\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-15 418376] R2 MBAMService;MBAMService;D:\Main Directory\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-15 701512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-15 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-30 646248] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/30 12:22:57;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-30 1255736] . =============== Created Last 30 ================ . 2013-12-31 20:14:50 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{53046BB1-FA3C-489A-82B2-C351134067CC}\mpengine.dll 2013-12-27 20:29:45 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll 2013-12-16 05:06:48 -------- d-----w- C:\Users\Luke\HouseCalc 2013-12-12 08:36:28 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2013-12-12 08:36:28 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2013-12-12 08:36:27 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2013-12-12 08:36:27 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2013-12-12 08:13:39 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-12 08:13:39 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-12-12 08:13:39 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-12-03 20:44:58 -------- d-----w- C:\Users\Luke\AppData\Roaming\AVAST Software . ==================== Find3M ==================== . 2013-12-03 20:43:47 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-12-03 20:43:47 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-12-03 20:43:47 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-12-03 20:43:47 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-12-03 20:43:46 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-12-03 20:43:46 43152 ----a-w- C:\Windows\avastSS.scr 2013-12-03 20:43:45 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2013-12-03 20:43:43 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2013-11-27 19:47:29 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-14 05:29:00 217648 ----a-w- C:\Windows\SysWow64\d3dGearLoad.dll 2013-11-14 05:28:56 4026040 ----a-w- C:\Windows\SysWow64\d3dGear.dll 2013-11-14 05:28:16 138832 ----a-w- C:\Windows\SysWow64\d3dGearDecoder.dll 2013-11-14 05:23:34 265528 ----a-w- C:\Windows\System32\d3dGearLoad64.dll 2013-11-14 05:23:28 4201200 ----a-w- C:\Windows\System32\d3dGear64.dll 2013-11-14 05:22:40 159944 ----a-w- C:\Windows\System32\d3dGearDecoder64.dll 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-31 07:46:13 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2013-10-31 07:46:12 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll 2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-10-20 17:44:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-20 17:44:54 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-10-16 04:55:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx 2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx 2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe 2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe 2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe 2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe 2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys . ============= FINISH: 13:26:30.21 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/30/2012 12:03:04 PM System Uptime: 1/1/2014 1:20:22 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z68MA-D2H-B3 Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 4.008 GiB free. D: is FIXED (NTFS) - 932 GiB total, 871.899 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP345: 1/1/2014 12:42:44 AM - Windows Update RP346: 1/1/2014 11:31:01 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Avadon: The Black Fortress avast! Internet Security Blender Blender (remove only) CamStudio version 2.7 Creation Kit CyberLink LabelPrint CyberLink Media Suite CyberLink Power2Go CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDVD 10 CyberLink PowerDVD Copy CyberLink PowerProducer D3DGear D3DX10 Dota 2 Endless Space Etron USB3.0 Host Controller Garry's Mod Geneforge 1 Google Chrome Google Update Helper Guild Wars Intel® Processor Graphics Java 7 Update 45 Java 7 Update 45 (64-bit) Java Auto Updater Legends of Norrath Legends of Norrath Magic: The Gathering - Duels of the Planeswalkers 2013 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Natural Selection 2 Notepad++ NVIDIA 3D Vision Controller Driver 285.66 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.2.24.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Photo Common Photo Gallery Primal Carnage Python 2.7.5 Python 3.3.2 (64-bit) Realtek Ethernet Controller Driver SecondLifeViewer (remove only) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) SketchUp 2013 SSD Tweaker version 2.0.1 Steam Terragen 3 The Elder Scrolls IV: Oblivion The Elder Scrolls V: Skyrim The Lord of the Rings Online™ v03.08.00.8025 The Stanley Parable Unity Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) VLC media player 2.0.7 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (32-bit) wxPython 2.8.12.1 (unicode) for Python 2.7 YTD Video Downloader 4.5 . ==== Event Viewer Messages From Past Week ======== . 12/31/2013 12:53:29 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 1/1/2014 11:31:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems. 1/1/2014 1:22:31 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 1/1/2014 1:22:31 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. . ==== End Of File ===========================
  5. Hello, I've been having problems with some links redirecting me through app.mybrowserbar. Can someone help?
  6. Thanks a lot for all the help! I am not so good at computers and it would have taken me far longer to fix it, if at all. :)

  7. I haven't noticed popups anymore, and the ads inserted on links are definitely gone. I have my computer turned off currently (using my phone) due to thunderstorms, but I will check some more next chance I get. Though I'm not sure how to check other than browse the net and see if popups appear.
  8. # AdwCleaner v2.305 - Logfile created 07/16/2013 at 17:44:48 # Updated 11/07/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Luke - DARTHLUKE # Boot Mode : Normal # Running from : C:\Users\Luke\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Deleted : D:\Documents\Uninstall.exe Folder Deleted : C:\Users\Luke\AppData\Local\Conduit Folder Deleted : C:\Users\Luke\AppData\Local\Temp\AirInstaller Folder Deleted : C:\Users\Luke\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.40] : keyword = "search.conduit.com", ************************* AdwCleaner[s1].txt - [2177 octets] - [16/07/2013 17:44:48] ########## EOF - C:\AdwCleaner[s1].txt - [2237 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.2 (07.16.2013:1) OS: Windows 7 Professional x64 Ran by Luke on Tue 07/16/2013 at 17:56:41.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/16/2013 at 18:00:23.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Luke [Admin rights] Mode : Scan -- Date : 07/16/2013 16:32:32 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] TopArcadeHits.job : C:\Users\Luke\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND [V2][sUSP PATH] TopArcadeHits : C:\Users\Luke\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD10EURS-730AB1 ATA Device +++++ --- User --- [MBR] 950c4775786dd93c6711dc3ca1b3bb6a [bSP] 8fbc4bdbe90372b0f8750b3662d5b44c : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EURS-730AB1 ATA Device +++++ --- User --- [MBR] 81b0f4c27496aa3e8b1f7879406b1713 [bSP] df4406f6afb9ac78172ab75be08dff8b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07162013_163232.txt >>
  10. The DDS and attach files: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2 Run by Luke at 15:45:15 on 2013-07-16 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16301.13075 [GMT -7:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork D:\Main Directory\Malwarebytes' Anti-Malware\mbamscheduler.exe D:\Main Directory\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE D:\Main Directory\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Users\Luke\AppData\Local\TopArcadeHits\updater.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Luke\AppData\Local\TopArcadeHits\Toparcadehits.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 216.228.192.5 216.228.195.7 TCP: Interfaces\{ACAFE22C-3E22-4824-9B58-F078A5BC03E1} : DHCPNameServer = 216.228.192.5 216.228.195.7 TCP: Interfaces\{AF146E01-9C6F-4140-8F94-B42F3788A550} : DHCPNameServer = 216.228.192.5 216.228.195.7 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 validation.sls.microsoft.com . ============= SERVICES / DRIVERS =============== . R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-4-30 22600] R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-4-30 12368] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2012-4-30 270824] R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 189936] R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2012-4-30 131232] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-30 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-30 378944] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-30 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-30 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-29 46808] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-29 137960] R2 MBAMScheduler;MBAMScheduler;D:\Main Directory\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-15 418376] R2 MBAMService;MBAMService;D:\Main Directory\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-15 701512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-15 25928] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/30 12:22:57;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-30 646248] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-30 1255736] . =============== Created Last 30 ================ . 2013-07-16 10:09:06 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA165E94-C69E-41CA-ABF7-E1EF51A16CFE}\mpengine.dll 2013-07-16 06:06:54 -------- d-----w- C:\Users\Luke\AppData\Roaming\Malwarebytes 2013-07-16 06:06:34 -------- d-----w- C:\ProgramData\Malwarebytes 2013-07-16 06:06:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-15 05:35:20 -------- d-----w- C:\ProgramData\YTD Video Downloader 2013-07-15 05:35:11 -------- d-----w- C:\Program Files (x86)\GreenTree Applications 2013-07-15 05:10:01 -------- d-----w- C:\Users\Luke\AppData\Local\TopArcadeHits 2013-07-11 17:03:26 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll 2013-07-11 17:03:26 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll 2013-07-11 17:03:26 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll 2013-07-11 17:03:26 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll 2013-07-11 17:03:26 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll 2013-07-11 17:03:26 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll 2013-07-11 17:03:26 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll 2013-07-11 17:03:23 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-07-11 17:03:23 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-07-11 17:03:21 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-11 17:03:21 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-11 16:59:05 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-11 16:59:02 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 16:59:02 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-11 16:59:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-11 16:59:02 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-11 16:59:02 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 16:58:16 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-11 16:58:16 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-07-02 05:01:29 25600 ----a-r- C:\Users\Luke\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe 2013-07-02 05:01:26 -------- d-----w- C:\Python26 2013-07-02 03:40:37 -------- d-----w- C:\Users\Luke\AppData\Roaming\SketchUp 2013-07-02 03:40:09 -------- d-----w- C:\ProgramData\SketchUp 2013-07-02 03:40:09 -------- d-----w- C:\Program Files (x86)\SketchUp 2013-06-19 01:25:27 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-17 00:58:21 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll . ==================== Find3M ==================== . 2013-07-06 18:43:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-06 18:43:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-27 19:08:58 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-27 19:08:58 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-19 01:25:24 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-19 01:25:24 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-17 00:58:19 971680 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-17 00:58:19 1092512 ----a-w- C:\Windows\System32\npdeployJava1.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 17:57:22 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:59:06 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2013-05-09 08:59:06 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2013-05-09 08:59:06 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll . ============= FINISH: 15:45:25.00 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/30/2012 12:03:04 PM System Uptime: 7/16/2013 9:44:26 AM (6 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z68MA-D2H-B3 Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 2.705 GiB free. D: is FIXED (NTFS) - 932 GiB total, 894.724 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&B75C242&0&00E6 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&B75C242&0&00E6 Service: RTL8167 . ==== System Restore Points =================== . RP177: 7/11/2013 11:58:06 PM - Windows Update RP178: 7/16/2013 3:08:48 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin avast! Internet Security Blender Blender (remove only) CamStudio version 2.7 Creation Kit CyberLink LabelPrint CyberLink Media Suite CyberLink Power2Go CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDVD 10 CyberLink PowerDVD Copy CyberLink PowerProducer D3DX10 Dota 2 Endless Space Etron USB3.0 Host Controller Google Chrome Google Update Helper Guild Wars Intel® Processor Graphics Java 7 Update 21 (64-bit) Java 7 Update 25 Java Auto Updater Legends of Norrath Legends of Norrath Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Natural Selection 2 ngPlant Notepad++ NVIDIA 3D Vision Controller Driver 285.66 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.2.24.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Photo Common Photo Gallery Primal Carnage Python 2.6 Python 2.7.3 Python 3.3.0 (64-bit) Realtek Ethernet Controller Driver SecondLifeViewer (remove only) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SketchUp 2013 SSD Tweaker version 2.0.1 Steam The Elder Scrolls V: Skyrim The Lord of the Rings Online™ v03.08.00.8025 TopArcadeHits Unity Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VLC media player 2.0.7 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (32-bit) YTD Video Downloader 4.3 . ==== Event Viewer Messages From Past Week ======== . 7/16/2013 9:46:35 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/16/2013 9:46:35 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 7/16/2013 9:44:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 7/16/2013 9:44:47 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  11. Hello, I just joined this forum because I have malware and I'm not sure how to get rid of it. I must have gotten infected yesterday, its not very bad but annoying (popups). I did a full scan, it turned up 1 file so I quarantined & removed it, but the popups are still there. Links on websites also have advertisements attached to them which is not normal. I read one other thread in this forum and it looks like combofix is the only way to remove this. Apparently it's dangerous if used incorrectly, so I decided to ask for specific instructions. Any help?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.