Jump to content

RhysAndersen

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here's the full scan current log of mbam Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.05.02 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 10.0.9200.16686 RHYS :: RICE [limited] Protection: Disabled 10/6/2013 3:38:09 PM MBAM-log-2013-10-06 (18-19-00).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 459696 Time elapsed: 1 hour(s), 1 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\AdwCleaner\Quarantine\C\Program Files (x86)\lucky leap\bin\utilluckyleap.exe.vir (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\RHYS\Desktop\Work\Website\Personal\Rhys Andersen\frostwire-5.4.0.windows.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\RHYS\Downloads\OLD DOWNLOADS\frostwire-5.3.8.windows.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\RHYS\Downloads\OLD DOWNLOADS\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\RHYS\Downloads\OLD DOWNLOADS\media.player.codec.pack.v4.1.1.setup.exe (PUP.Dealio.TB) -> No action taken. C:\Users\RHYS\Downloads\OLD DOWNLOADS\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> No action taken. C:\Windows\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> No action taken. (end)
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Home Premium x64 Ran by RHYS on Sat 10/05/2013 at 23:16:28.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] application updater Successfully deleted: [service] application updater ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Folder] "C:\Users\RHYS\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\RHYS\appdata\local\apn" Successfully deleted: [Folder] "C:\Users\RHYS\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Program Files (x86)\application updater" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old" Successfully deleted: [File] C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\user.js Successfully deleted: [Folder] C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\extensions\toolbar@ask.com Emptied folder: C:\Users\RHYS\AppData\Roaming\mozilla\firefox\profiles\hgupipme.default\minidumps [74 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/05/2013 at 23:19:28.22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (THIS IS FROM ADWCLEANER. I ALREADY USED IT ONCE AND IT FOUND MULTIPLE THREATS OR REGISTRY ISSUES INCLUDING LUCKY LEAP TRACES, AVG SAFEGUARD TOOLBAR AND A FEW OTHERS. TOLD IT TO CLEAN IT AND IT DID AND IT RESTARTED MY COMP BUT WHEN IT RESTARTED IT WENT BACK TO NORMAL MODE AND CRASHED RIGHT AFTER LOGIN SCREEN. I LOOKED AT THE QUARANTINE AND THERE'S MULTIPLE QUARANTINED FILES. I CAN POST THOSE IF YOU LIKE) # AdwCleaner v3.006 - Report created 05/10/2013 at 23:32:53 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : RHYS - RICE # Running from : C:\Users\RHYS\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\prefs.js ] -\\ Google Chrome v30.0.1599.66 [ File : C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3827 octets] - [05/10/2013 23:21:56] AdwCleaner[R1].txt - [811 octets] - [05/10/2013 23:32:54] AdwCleaner[s0].txt - [3563 octets] - [05/10/2013 23:26:00] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [930 octets] ########## ESET ONLINE SCAN--- C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe multiple threats C:\Users\RHYS\Desktop\Work\Website\Personal\Rhys Andersen\frostwire-5.4.0.windows.exe multiple threats C:\Users\RHYS\Downloads\cbsidlm-cbsi134-Freemake_Video_Converter-ORG-75218346.exe probably a variant of Win32/CNETInstaller.A application C:\Users\RHYS\Downloads\OLD DOWNLOADS\cbsidlm-tr1_7-CamStudio-SEO2-10067101.exe Win32/DownloadAdmin.D application C:\Users\RHYS\Downloads\OLD DOWNLOADS\cnet_mylockbox_setup_zip.exe a variant of Win32/InstallCore.D application C:\Users\RHYS\Downloads\OLD DOWNLOADS\frostwire-5.3.8.windows.exe multiple threats C:\Users\RHYS\Downloads\OLD DOWNLOADS\GraboidVideoSetup-3.11.exe Win32/Graboid application C:\Users\RHYS\Downloads\OLD DOWNLOADS\InternationalPrimoPDF.exe Win32/OpenCandy application C:\Users\RHYS\Downloads\OLD DOWNLOADS\media.player.codec.pack.v4.1.1.setup.exe probably a variant of Win32/Toolbar.Widgi application C:\Users\RHYS\Downloads\OLD DOWNLOADS\vlcmediaplayer-setup.exe multiple threats C:\Windows\AutoKMS\AutoKMS.exe MSIL/HackKMS.A application Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by RHYS (administrator) on RICE on 06-10-2013 10:14:03 Running from C:\Users\RHYS\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] () HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-10-15] (Saitek) HKLM\...\Run: [saiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek) HKLM\...\Runonce: [GrpConv] - grpconv -o HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1616696 2013-08-13] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [ (A0)] - cmd /c "C:\Users\RHYS\Desktop\mbar\mbar.exe" /bootscan /s [1178424 2013-08-13] (Malwarebytes Corporation) HKCU\...\Run: [avichannel] - C:\Program Files (x86)\Evaer\videochannel.exe [1691136 2012-07-03] (Evaer Technology) HKCU\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [56360 2012-10-28] (Mobile Stream) HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[s0].txt [3563 2013-10-05] () HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-16] (Creative Technology Ltd) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [FLxHCIm64] - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows ® Win 7 DDK provider) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PowerDVD12DMREngine] - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [506480 2012-12-28] (CyberLink) HKLM-x32\...\Run: [PowerDVD12Agent] - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [375168 2012-12-28] (CyberLink Corp.) HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company) HKU\UpdatusUser\...\Run: [bitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" HKU\UpdatusUser\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) Startup: C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {39BCF954-D162-464F-ACB6-E6B6437765B3} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms} SearchScopes: HKCU - {39BCF954-D162-464F-ACB6-E6B6437765B3} URL = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811&p={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111017&iesrc={referrer:source} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Extension: DivXWebPlayer - C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\Extensions\DivXWebPlayer@divx.com.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} Chrome: ======= CHR Extension: (Frostwire Toolbar) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.4.0_0 CHR Extension: (Google Drive) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Skype Click to Call) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 CHR Extension: (Gmail) - C:\Users\RHYS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [aaaaaaooaijelonlmbcbjkocdnicdfmo] - C:\Users\RHYS\AppData\Local\APN\GoogleCRXs\aaaaaaooaijelonlmbcbjkocdnicdfmo_7.15.4.0.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= S2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.) S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink) S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink) S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) S4 GSService; C:\Windows\SysWOW64\GSService.exe [249856 2012-02-14] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S2 MSSQL$XACTWARE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-09-15] () S4 SQLAgent$XACTWARE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] () S2 HitmanPro36CrusaderBoot; "K:\PC cleaning\HitmanPro35_x64.exe" /crusader:boot [x] S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS) S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-28] (AVG Technologies) R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream) S3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic) R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows ® Win 7 DDK provider) R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [116440 2013-10-05] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S1 MpKsl7b9478dc; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [46768 2013-10-05] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.) S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.) R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-10-15] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-10-15] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.) S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-06 10:13 - 2013-10-06 10:13 - 00000000 ____D C:\FRST 2013-10-06 10:12 - 2013-10-06 10:12 - 01954124 _____ (Farbar) C:\Users\RHYS\Downloads\FRST64.exe 2013-10-06 10:04 - 2013-10-06 10:04 - 00001091 _____ C:\Users\RHYS\Desktop\esetonline.txt 2013-10-05 23:53 - 2013-10-05 23:53 - 02347384 _____ (ESET) C:\Users\RHYS\Downloads\esetsmartinstaller_enu.exe 2013-10-05 23:42 - 2013-10-05 23:42 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-05 23:19 - 2013-10-05 23:19 - 00006787 _____ C:\Users\RHYS\Desktop\JRT.txt 2013-10-05 23:16 - 2013-10-05 23:16 - 00000000 ____D C:\Windows\ERUNT 2013-10-05 23:07 - 2013-10-05 23:33 - 00000000 ____D C:\AdwCleaner 2013-10-05 23:07 - 2013-10-05 23:07 - 01045226 _____ C:\Users\RHYS\Downloads\AdwCleaner.exe 2013-10-05 23:06 - 2013-10-05 23:06 - 01030305 _____ (Thisisu) C:\Users\RHYS\Downloads\JRT.exe 2013-10-05 22:39 - 2013-10-05 22:48 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-10-05 22:38 - 2013-10-05 22:48 - 00000000 ____D C:\Users\RHYS\Desktop\mbar 2013-10-05 22:36 - 2013-10-05 22:37 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005(1).exe 2013-10-05 22:10 - 2013-10-05 22:10 - 00032498 _____ C:\ComboFix.txt 2013-10-05 21:50 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-05 21:50 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-05 21:50 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-05 21:50 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-05 21:50 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-05 21:50 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-05 21:50 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-05 21:50 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-05 21:45 - 2013-10-05 22:10 - 00000000 ____D C:\Qoobox 2013-10-05 21:45 - 2013-10-05 22:08 - 00000000 ____D C:\Windows\erdnt 2013-10-05 21:44 - 2013-10-05 21:44 - 05130782 ____R (Swearware) C:\Users\RHYS\Downloads\ComboFix.exe 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Users\RHYS\AppData\Local\VS Revo Group 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\ProgramData\VS Revo Group 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Program Files\VS Revo Group 2013-10-05 21:16 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2013-10-05 21:15 - 2013-10-05 21:15 - 10031224 _____ (VS Revo Group ) C:\Users\RHYS\Downloads\RevoUninProSetup.exe 2013-10-05 19:30 - 2013-10-05 19:30 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(3).scr 2013-10-05 19:20 - 2013-10-05 19:20 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(2).scr 2013-10-05 19:16 - 2013-10-05 19:16 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(1).scr 2013-10-05 14:41 - 2013-10-05 14:41 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds.scr 2013-10-05 11:43 - 2013-10-05 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-05 11:42 - 2013-10-05 11:42 - 00204496 _____ (Malwarebytes) C:\Users\RHYS\Downloads\startuplite-setup-1.07.exe 2013-10-05 11:24 - 2013-10-05 11:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005.exe 2013-10-05 02:30 - 2013-10-05 02:30 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64-30785.exe 2013-10-05 02:30 - 2013-10-05 02:30 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-05 02:30 - 2013-10-05 02:30 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Malwarebytes 2013-10-05 02:29 - 2013-10-05 02:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-05 02:29 - 2013-10-05 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-05 02:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-05 02:28 - 2013-10-05 02:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\RHYS\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-05 02:23 - 2013-10-05 02:23 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-10-05 02:21 - 2013-10-05 02:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\RHYS\Downloads\mbam-clean-1.60.2.0003.exe 2013-10-05 02:15 - 2013-10-05 02:15 - 01440846 _____ C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-10-05 02:15 - 2013-10-05 02:15 - 00000000 ____D C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000 2013-10-01 03:03 - 2013-10-01 03:03 - 00000000 ____H C:\Users\RHYS\Documents\Default.rdp 2013-09-29 13:07 - 2013-09-29 13:08 - 00000000 ____D C:\Users\RHYS\Desktop\DONT EVEN THINK ABOUT IT 2013-09-27 13:10 - 2013-09-27 13:10 - 00000784 _____ C:\Users\RHYS\Desktop\09_27_2013 - TPUB Seamless Gutters (SC).pdf.log 2013-09-27 12:56 - 2013-09-27 12:56 - 00000784 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.log 2013-09-27 12:30 - 2013-09-27 12:30 - 00010820 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.xlsx 2013-09-25 11:39 - 2013-09-25 11:39 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashRpt 2013-09-20 04:20 - 2013-09-20 04:20 - 00012593 _____ C:\Users\RHYS\Documents\Expenses Spreadsheet.xlsx 2013-09-15 03:11 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-15 03:11 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-15 03:11 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-15 03:11 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-15 03:11 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-15 03:11 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-15 03:11 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-15 03:11 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-15 03:11 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-15 03:11 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-15 03:11 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-15 03:11 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-15 03:11 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-15 03:11 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-14 17:53 - 2013-09-14 17:54 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Riot Games 2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Riot Games 2013-09-14 17:50 - 2013-09-14 17:51 - 32229024 _____ (Riot Games) C:\Users\RHYS\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe 2013-09-14 16:07 - 2013-09-14 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2 2013-09-14 14:59 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-14 14:59 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-14 14:59 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-14 14:59 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-14 14:59 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-14 14:59 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-14 14:59 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-14 14:59 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-14 14:59 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-14 14:59 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-14 14:59 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-14 14:59 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-14 14:59 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-14 14:59 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-14 14:59 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-14 14:59 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-14 14:59 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-14 14:59 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-14 14:59 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-14 14:59 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-14 14:59 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-14 14:59 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-14 14:59 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-14 14:59 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-14 14:59 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-14 14:59 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-14 14:59 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-14 14:55 - 2013-09-14 14:55 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64.exe 2013-09-14 14:54 - 2013-09-14 14:55 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill.exe 2013-09-14 14:47 - 2013-09-14 14:47 - 406211619 _____ C:\Windows\MEMORY.DMP 2013-09-14 14:47 - 2013-09-14 14:47 - 00266320 _____ C:\Windows\Minidump\091413-26208-01.dmp 2013-09-14 13:35 - 2013-09-14 14:09 - 00000000 ___RD C:\Users\Public\Desktop\Installation Log Files 2013-09-14 13:15 - 2013-09-14 13:15 - 00066814 _____ C:\Users\RHYS\Documents\cc_20130914_131522.reg 2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ___RD C:\Users\RHYS\Documents\HP Photo Creations 2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Visan 2013-09-13 14:26 - 2013-09-14 14:09 - 00000000 ____D C:\ProgramData\HP Photo Creations 2013-09-13 14:26 - 2013-09-14 14:09 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2013-09-13 14:26 - 2013-09-13 14:43 - 00001993 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2013-09-13 14:25 - 2013-09-13 14:25 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\HpUpdate 2013-09-11 16:55 - 2013-09-11 16:55 - 00018223 _____ C:\Users\RHYS\Downloads\sample basic contents sheet.xlsx 2013-09-11 16:55 - 2013-09-11 16:55 - 00013096 _____ C:\Users\RHYS\Downloads\Adjusters_Invoice.xlsx 2013-09-11 16:55 - 2013-09-11 16:55 - 00010804 _____ C:\Users\RHYS\Downloads\sample billing form.xlsx 2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\found.005 2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\ProgramData\McAfee 2013-09-08 11:09 - 2013-09-08 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\RHYS\Downloads\jxpiinstall.exe ==================== One Month Modified Files and Folders ======= 2013-10-06 10:13 - 2013-10-06 10:13 - 00000000 ____D C:\FRST 2013-10-06 10:12 - 2013-10-06 10:12 - 01954124 _____ (Farbar) C:\Users\RHYS\Downloads\FRST64.exe 2013-10-06 10:04 - 2013-10-06 10:04 - 00001091 _____ C:\Users\RHYS\Desktop\esetonline.txt 2013-10-06 02:16 - 2012-11-26 23:05 - 01463343 _____ C:\Windows\WindowsUpdate.log 2013-10-05 23:53 - 2013-10-05 23:53 - 02347384 _____ (ESET) C:\Users\RHYS\Downloads\esetsmartinstaller_enu.exe 2013-10-05 23:42 - 2013-10-05 23:42 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-05 23:33 - 2013-10-05 23:07 - 00000000 ____D C:\AdwCleaner 2013-10-05 23:28 - 2012-11-03 14:43 - 00000000 ____D C:\ProgramData\Kodak 2013-10-05 23:28 - 2011-04-01 23:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-05 23:27 - 2012-11-27 18:51 - 00030815 _____ C:\Windows\setupact.log 2013-10-05 23:27 - 2011-08-10 09:41 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-05 23:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-05 23:19 - 2013-10-05 23:19 - 00006787 _____ C:\Users\RHYS\Desktop\JRT.txt 2013-10-05 23:16 - 2013-10-05 23:16 - 00000000 ____D C:\Windows\ERUNT 2013-10-05 23:07 - 2013-10-05 23:07 - 01045226 _____ C:\Users\RHYS\Downloads\AdwCleaner.exe 2013-10-05 23:06 - 2013-10-05 23:06 - 01030305 _____ (Thisisu) C:\Users\RHYS\Downloads\JRT.exe 2013-10-05 22:48 - 2013-10-05 22:39 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-10-05 22:48 - 2013-10-05 22:38 - 00000000 ____D C:\Users\RHYS\Desktop\mbar 2013-10-05 22:39 - 2013-03-13 03:21 - 00064414 _____ C:\Windows\PFRO.log 2013-10-05 22:37 - 2013-10-05 22:36 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005(1).exe 2013-10-05 22:10 - 2013-10-05 22:10 - 00032498 _____ C:\ComboFix.txt 2013-10-05 22:10 - 2013-10-05 21:45 - 00000000 ____D C:\Qoobox 2013-10-05 22:08 - 2013-10-05 21:45 - 00000000 ____D C:\Windows\erdnt 2013-10-05 22:05 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2013-10-05 21:58 - 2009-07-13 21:34 - 87556096 _____ C:\Windows\system32\config\software.bak 2013-10-05 21:58 - 2009-07-13 21:34 - 24117248 _____ C:\Windows\system32\config\system.bak 2013-10-05 21:58 - 2009-07-13 21:34 - 01048576 _____ C:\Windows\system32\config\default.bak 2013-10-05 21:58 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-10-05 21:58 - 2009-07-13 21:34 - 00061440 _____ C:\Windows\system32\config\sam.bak 2013-10-05 21:44 - 2013-10-05 21:44 - 05130782 ____R (Swearware) C:\Users\RHYS\Downloads\ComboFix.exe 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Users\RHYS\AppData\Local\VS Revo Group 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\ProgramData\VS Revo Group 2013-10-05 21:16 - 2013-10-05 21:16 - 00000000 ____D C:\Program Files\VS Revo Group 2013-10-05 21:15 - 2013-10-05 21:15 - 10031224 _____ (VS Revo Group ) C:\Users\RHYS\Downloads\RevoUninProSetup.exe 2013-10-05 21:13 - 2011-09-15 05:51 - 00000000 ____D C:\Program Files (x86)\Steam 2013-10-05 19:30 - 2013-10-05 19:30 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(3).scr 2013-10-05 19:20 - 2013-10-05 19:20 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(2).scr 2013-10-05 19:16 - 2013-10-05 19:16 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds(1).scr 2013-10-05 18:54 - 2011-09-14 21:47 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\BitTorrent 2013-10-05 14:41 - 2013-10-05 14:41 - 00688992 ____R (Swearware) C:\Users\RHYS\Downloads\dds.scr 2013-10-05 13:31 - 2013-10-05 11:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-05 11:42 - 2013-10-05 11:42 - 00204496 _____ (Malwarebytes) C:\Users\RHYS\Downloads\startuplite-setup-1.07.exe 2013-10-05 11:24 - 2013-10-05 11:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\RHYS\Downloads\mbar-1.07.0.1005.exe 2013-10-05 02:47 - 2011-04-01 23:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-05 02:39 - 2012-06-30 23:13 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\vlc 2013-10-05 02:30 - 2013-10-05 02:30 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64-30785.exe 2013-10-05 02:30 - 2013-10-05 02:30 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-05 02:30 - 2013-10-05 02:30 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Malwarebytes 2013-10-05 02:30 - 2013-10-05 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-05 02:30 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-05 02:30 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-05 02:29 - 2013-10-05 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-05 02:29 - 2013-10-05 02:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\RHYS\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-05 02:24 - 2012-11-26 21:25 - 00000380 _____ C:\Users\RHYS\AppData\Roaming\sp_data.sys 2013-10-05 02:23 - 2013-10-05 02:23 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-10-05 02:21 - 2013-10-05 02:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\RHYS\Downloads\mbam-clean-1.60.2.0003.exe 2013-10-05 02:15 - 2013-10-05 02:15 - 01440846 _____ C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-10-05 02:15 - 2013-10-05 02:15 - 00000000 ____D C:\Users\RHYS\Downloads\mbam-chameleon-1.62.1.1000 2013-10-05 00:55 - 2011-09-17 16:34 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashDumps 2013-10-04 16:28 - 2011-12-25 00:57 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Skype 2013-10-03 22:52 - 2013-07-22 09:40 - 00000000 ____D C:\Users\RHYS\Documents\Outlook Files 2013-10-01 03:03 - 2013-10-01 03:03 - 00000000 ____H C:\Users\RHYS\Documents\Default.rdp 2013-09-29 13:08 - 2013-09-29 13:07 - 00000000 ____D C:\Users\RHYS\Desktop\DONT EVEN THINK ABOUT IT 2013-09-27 13:10 - 2013-09-27 13:10 - 00000784 _____ C:\Users\RHYS\Desktop\09_27_2013 - TPUB Seamless Gutters (SC).pdf.log 2013-09-27 13:10 - 2011-10-04 13:57 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\PrimoPDF 2013-09-27 12:56 - 2013-09-27 12:56 - 00000784 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.log 2013-09-27 12:30 - 2013-09-27 12:30 - 00010820 _____ C:\Users\RHYS\Desktop\ISAAC CREW PAY.xlsx 2013-09-25 11:39 - 2013-09-25 11:39 - 00000000 ____D C:\Users\RHYS\AppData\Local\CrashRpt 2013-09-24 23:33 - 2012-05-13 19:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-20 04:20 - 2013-09-20 04:20 - 00012593 _____ C:\Users\RHYS\Documents\Expenses Spreadsheet.xlsx 2013-09-19 00:26 - 2013-08-16 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-19 00:26 - 2011-09-17 15:20 - 00000000 ____D C:\Users\RHYS\AppData\Local\Mozilla 2013-09-15 12:28 - 2013-04-01 19:26 - 00000000 ___RD C:\Users\RHYS\Desktop\Work 2013-09-15 11:03 - 2011-09-15 05:12 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-15 11:03 - 2011-09-15 05:12 - 00000000 ___RD C:\Users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-15 03:41 - 2009-07-29 01:03 - 00000000 ____D C:\Windows\Panther 2013-09-15 03:40 - 2012-11-26 19:36 - 00411928 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-15 03:11 - 2013-07-13 08:18 - 00000000 ____D C:\Windows\system32\MRT 2013-09-15 03:11 - 2011-09-15 06:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-15 03:07 - 2012-11-19 22:16 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-15 03:07 - 2011-10-02 09:43 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-14 20:41 - 2013-09-14 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2 2013-09-14 20:41 - 2012-04-06 12:54 - 00000000 ____D C:\ProgramData\P4G 2013-09-14 20:41 - 2011-10-28 14:20 - 00000000 ____D C:\Windows\Minidump 2013-09-14 20:41 - 2011-08-10 09:57 - 00000000 ____D C:\ExpressGateUtil 2013-09-14 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2013-09-14 17:54 - 2013-09-14 17:53 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Riot Games 2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Riot Games 2013-09-14 17:51 - 2013-09-14 17:50 - 32229024 _____ (Riot Games) C:\Users\RHYS\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe 2013-09-14 17:49 - 2011-08-10 09:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-14 17:44 - 2011-09-15 05:12 - 00000000 ____D C:\Users\RHYS 2013-09-14 17:32 - 2012-11-20 03:25 - 00000000 ____D C:\Windows\AutoKMS 2013-09-14 17:32 - 2012-08-14 10:13 - 00000000 ____D C:\Program Files (x86)\FrostWire 5 2013-09-14 17:32 - 2011-09-15 06:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2013-09-14 17:32 - 2011-09-15 06:23 - 00000000 ___RD C:\Users\RHYS\Desktop\Desktop Icons 2013-09-14 17:32 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-14 17:24 - 2013-04-11 21:11 - 00000000 ____D C:\ProgramData\Visan 2013-09-14 14:55 - 2013-09-14 14:55 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill64.exe 2013-09-14 14:55 - 2013-09-14 14:54 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\RHYS\Downloads\rkill.exe 2013-09-14 14:47 - 2013-09-14 14:47 - 406211619 _____ C:\Windows\MEMORY.DMP 2013-09-14 14:47 - 2013-09-14 14:47 - 00266320 _____ C:\Windows\Minidump\091413-26208-01.dmp 2013-09-14 14:09 - 2013-09-14 13:35 - 00000000 ___RD C:\Users\Public\Desktop\Installation Log Files 2013-09-14 14:09 - 2013-09-13 14:26 - 00000000 ____D C:\ProgramData\HP Photo Creations 2013-09-14 14:09 - 2013-09-13 14:26 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2013-09-14 14:09 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-09-14 13:15 - 2013-09-14 13:15 - 00066814 _____ C:\Users\RHYS\Documents\cc_20130914_131522.reg 2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ___RD C:\Users\RHYS\Documents\HP Photo Creations 2013-09-13 14:43 - 2013-09-13 14:43 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\Visan 2013-09-13 14:43 - 2013-09-13 14:26 - 00001993 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2013-09-13 14:38 - 2011-12-25 08:21 - 00000000 ____D C:\Users\RHYS\AppData\Local\HP 2013-09-13 14:25 - 2013-09-13 14:25 - 00000000 ____D C:\Users\RHYS\AppData\Roaming\HpUpdate 2013-09-11 16:55 - 2013-09-11 16:55 - 00018223 _____ C:\Users\RHYS\Downloads\sample basic contents sheet.xlsx 2013-09-11 16:55 - 2013-09-11 16:55 - 00013096 _____ C:\Users\RHYS\Downloads\Adjusters_Invoice.xlsx 2013-09-11 16:55 - 2013-09-11 16:55 - 00010804 _____ C:\Users\RHYS\Downloads\sample billing form.xlsx 2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\found.005 2013-09-08 11:10 - 2013-09-08 11:10 - 00000000 ____D C:\ProgramData\McAfee 2013-09-08 11:10 - 2012-09-06 14:58 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-09-08 11:10 - 2011-10-13 18:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-09-08 11:09 - 2013-09-08 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\RHYS\Downloads\jxpiinstall.exe Alureon: C:\Users\RHYS\AppData\Local\Temp\sqcwbjx\swdcpss\wow.dll Files to move or delete: ==================== C:\Users\RHYS\jagex_cl_runescape_LIVE.dat C:\Users\RHYS\random.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-05-24 09:21 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by RHYS at 2013-10-06 10:14:56 Running from C:\Users\RHYS\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 4.2.1) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202) Adobe Reader X (10.1.8) (x32 Version: 10.1.8) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636) aioscnnr (x32 Version: 7.6.11.10) AnyMedia Player 3.3.5 (x32 Version: 3.3.5) Apple Application Support (x32 Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (x32 Version: 2.1.3.127) ASUS AI Recovery (x32 Version: 1.0.23) ASUS FaceLogon (x32 Version: 1.0.0013) ASUS Live Update (x32 Version: 3.1.2) ASUS Power4Gear Hybrid (Version: 1.2.0) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0040) ASUS USB Charger Plus (x32 Version: 2.0.8) ASUS Virtual Camera (x32 Version: 1.0.25) ASUS WebStorage (x32 Version: 3.0.84.161) AsusScr_G74 Series_ENG (x32 Version: 1.0.0001) AsusVibe2.0 (x32 Version: 2.0.7.146) Atheros Client Installation Program (x32 Version: 7.0) ATK Package (x32 Version: 1.0.0015) Bing Bar (x32 Version: 7.0.610.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.65) Blur (x32) Bonjour (Version: 3.0.0.10) Borderlands (x32) Brink (x32) Bulletstorm (x32) C4USelfUpdater (x32 Version: 1.00.0000) Call of Duty: Modern Warfare 2 - Multiplayer (x32) Call of Duty: Modern Warfare 2 (x32) Camfrog Video Chat 6.1 (x32 Version: 6.1.151) CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294) Canon DIGITAL CAMERA Solution Disk Software Guide (x32 Version: 1.4.0.1) CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9) Canon MOV Decoder (x32 Version: 1.8.0.7) Canon MOV Encoder (x32 Version: 1.6.0.1) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4) Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide (x32 Version: 1.0.0.1) Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3) Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2) Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7) Canon Utilities MyCamera (x32 Version: 7.4.0.2) Canon Utilities PhotoStitch (x32 Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24) Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9) CCleaner (Version: 3.25) center (x32 Version: 6.2.5.0) Cisco WebEx Meetings (x32) Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) CyberLink PowerDVD 12 (x32 Version: 12.0.2428.57) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DirectX 9 Runtime (x32 Version: 1.00.0000) DiRT 3 (x32) E.Y.E: Divine Cybermancy (x32) EasyTether (Version: 1.1.17) EasyTether (x32 Version: 1.1.17) EasyTether ADB USB driver (Version: 1.0.0) Epson USB Display (x32 Version: 1.51.000) ESET Online Scanner v3 (x32) essentials (x32 Version: 6.0.14.0) Evaer Video Recorder for Skype 1.2.9.51 (x32 Version: 1.2.9.51) ExpressGateCloud (x32 Version: 2.6.27.160) Finger Sensing Pad Driver (Version: 9.1.3.5) FLVPlayer4Free Free FLV Player 4.5.0.0 (x32) Free 3D Photo Maker version 2.0.13.1117 (x32) Fresco Logic USB3.0 Host Controller (Version: 3.5.73.0) FrostWire 5.3.8 (x32 Version: 5.3.8.0) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) GameFast.exe (Version: 1.0.0.1) Garry's Mod (x32) Google Chrome (x32 Version: 30.0.1599.66) Google Earth (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0) HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 7.0.0.1118) Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0) iTunes (Version: 10.6.3.25) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kies mini (x32 Version: 1.00.0000) K-Lite Mega Codec Pack 8.0.0 (x32 Version: 8.0.0) Kodak AIO Printer (Version: 7.0.3.0) KODAK AiO Software (x32 Version: 7.6.12.20) League of Legends (x32 Version: 3.0.0) LIMBO (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.2.0223.1) Microsoft Security Essentials (Version: 4.2.223.1) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 (x32) Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22) Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0) Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Setup Support Files (x32 Version: 10.1.2531.0) Microsoft SQL Server VSS Writer (Version: 10.1.2531.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) My Lockbox 2.6 (Version: 2.6) Nuance PDF Reader (x32 Version: 6.00.0041) NVIDIA 3D Vision Controller Driver 306.97 (Version: 306.97) NVIDIA 3D Vision Driver 306.97 (Version: 306.97) NVIDIA Control Panel 306.97 (Version: 306.97) NVIDIA Graphics Driver 306.97 (Version: 306.97) NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.85.551) NVIDIA PhysX (x32 Version: 9.11.0621) NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697) ocr (x32 Version: 6.2.3.50) OpenAL (x32) Plants vs. Zombies: Game of the Year (x32) Portal 2 (x32) PreReq (x32 Version: 6.2.3.0) PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5) PrintProjects (x32 Version: 1.0.0.9282) PunkBuster Services (x32 Version: 0.987) QuickTime (x32 Version: 7.72.80.56) Rapture3D 2.4.8 Game (x32) Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564) Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10001) Revo Uninstaller Pro 3.0.7 (Version: 3.0.7) Rotation Desktop for G Series.exe (Version: 1.0.0.9) Roxio AACS Certificate (x32 Version: 1.0.0) Roxio CinePlayer (x32 Version: 5.8) Roxio CinePlayer (x32 Version: 5.8.58233.5) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0) Serious Sam HD: The First Encounter (x32) Serious Sam HD: The Second Encounter (x32) Service Pack 1 for SQL Server 2008 (KB968369) (x32 Version: 10.1.2531.0) Sid Meier's Civilization V (x32) SkyDrift (x32) Skype Click to Call (x32 Version: 5.9.9216) Skype™ 6.6 (x32 Version: 6.6.106) Smart Technology Programming Software 7.0.23.0 (Version: 7.0.23.0) Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0) StarCraft II (x32 Version: 1.4.3.21029) Steam (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) syncables desktop SE (x32 Version: 5.5.746.11492) Test Drive Unlimited 2 (x32) THX TruStudio (x32 Version: 1.03.01) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Ventrilo Client (x32 Version: 3.0.8) VLC media player 1.0.1 (x32 Version: 1.0.1) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Live 影像中心 (x32 Version: 15.4.3502.0922) Windows Live 照片库 (x32 Version: 15.4.3502.0922) Windows Live 程式集 (x32 Version: 15.4.3502.0922) Windows Live 软件包 (x32 Version: 15.4.3502.0922) WinFlash (x32 Version: 2.32.0) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) Wireless Console 3 (x32 Version: 3.0.27) WModem Driver Installer (x32 Version: 2.0.6.9) Xactimate 27 (x32 Version: 27.6.1068.48950) Xvid MPEG-4 Video Codec (x32) YTD YouTube Downloader & Converter 3.7 (x32) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2) ==================== Restore Points ========================= 15-09-2013 08:00:16 Windows Update 18-09-2013 08:52:43 Windows Update 21-09-2013 20:52:18 Windows Update 26-09-2013 04:48:29 Windows Update 29-09-2013 06:35:46 Windows Update 02-10-2013 16:36:01 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-10-05 22:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {020CAA9B-93D6-452E-9106-B7E54BEA4742} - \Scheduled Update for Ask Toolbar No Task File Task: {044200BD-8409-4705-A67E-3660BAF21CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.) Task: {15BEA5DF-E2F3-439E-876D-104A2E29E00D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {301EA0EE-6E32-4E60-997E-DF0C17D0FC62} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2012-11-20] () Task: {3B6C7B4A-CD27-4EF7-AC5F-6D5EE0BACA62} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS) Task: {3FC2EEB2-034B-4915-BC6D-47AE61BD0953} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01] (Google Inc.) Task: {516A3BD9-7653-4D11-80A0-31110DF7FBCD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {6A8E1E7D-71CE-4906-B924-F3D111DFFBF7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\WSCStub.exe Task: {7D094985-8319-4FE2-A708-6EDF4898336A} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.) Task: {823D06CC-1930-4E66-B47A-BD00CF906FA7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS) Task: {943B2BA2-C931-4E22-8FAD-49748F566117} - System32\Tasks\{E5846720-7FDF-41E0-929E-D4F0A86CD7D6} => C:\Program Files (x86)\Xactware\Xactimate27\CORE\x.exe [2012-07-03] (Xactware) Task: {9945CC47-4B50-4FCC-A70D-429E67BC617D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14] (Adobe Systems Incorporated) Task: {9D54CAF0-352C-4870-B7B2-63657664A2FD} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe Task: {B8AABF2F-20AF-4FA8-8676-ADC164AE176E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\SymErr.exe Task: {B8DE8580-568D-4E18-8207-D9E0EAADB5A4} - System32\Tasks\{8334ABBE-9DDC-4201-B128-6DB79F3EC701} => C:\Program Files (x86)\asus\VirtualCamera\VirCam.exe [2012-01-12] (ASUS) Task: {CE2D1D71-DF2F-415B-9874-A4E300DC7DD0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.) Task: {DCFC4D73-7F34-4B83-B642-935E816D2E2A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.2.0.19\SymErr.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-16 21:38 - 2013-09-19 00:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-05-14 22:12 - 2013-05-14 22:12 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/05/2013 11:28:19 PM) (Source: MSSQL$XACTWARE) (User: ) Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$XACTWARE\Performance'. SQL Server performance counters are disabled. System errors: ============= Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:49 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:13:33 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/06/2013 10:11:25 AM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (10/05/2013 11:28:19 PM) (Source: MSSQL$XACTWARE)(User: ) Description: First CounterSYSTEM\CurrentControlSet\Services\MSSQL$XACTWARE\Performance CodeIntegrity Errors: =================================== Date: 2013-10-05 21:57:56.858 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-10-05 21:57:56.733 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-07-08 20:29:12.698 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:29:12.650 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:29:12.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:29:12.519 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:29:12.445 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:28:02.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:28:02.762 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-07-08 20:28:02.643 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 12265.16 MB Available physical RAM: 9262.48 MB Total Pagefile: 24528.5 MB Available Pagefile: 21810.18 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:50.82 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:286.34 GB) NTFS Drive e: (SDATA1) (Fixed) (Total:349.3 GB) (Free:30.61 GB) NTFS Drive f: (System Files) (Fixed) (Total:349.33 GB) (Free:231.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 38601C96) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=394 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 699 GB) (Disk ID: BBC58B91) Partition 1: (Not Active) - (Size=349 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=349 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. ill use the others- but i was looking online and a few sites said that the dda driver error is usually from a rootkit trying to stop malwarebytes from running. Ill run the others and post the logs. thanks
  4. by command line im assuming you mean running command prompt? But I dont know how to get it to run from there
  5. alright u lost me there, not a command line pro. I dont know what youre talking about with the modifying shortcut bit either. I just learn this stuff as i go... Sorry if this makes you have to write more. Can i download the dds driver somewhere and put it where it needs to be or is that an extra-obvious wrong idea?
  6. Alright, so I'd normally try to keep going through the steps, but so far I've uninstalled what you asked and then tried to do the ABAR program. The error comes up about the dds driver not being installed. Like the original post stated I had ran the ABAR program tool before with no luck. It said I had like 8 issues. I "cleaned" and then restarted my comp to try to scan again but failed like this time due to the dds driver not being installed. I deleted the ABAR software from before and redownloaded the new software. So im stuck at this point and didnt want to go further due to trying to follow the steps in order. Just so you know, I stated this originally, but I did run the fixdamage exe from the plugins folder prior to this post too.
  7. ComboFix 13-10-04.02 - RHYS 10/05/2013 21:51:24.1.8 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10145 [GMT -5:00] Running from: c:\users\RHYS\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\searchplugins\bing-zugo.xml c:\windows\AsPatch10430001.exe c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . ((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 ))))))))))))))))))))))))))))))) . . 2013-10-06 02:16 . 2013-10-06 02:16 -------- d-----w- c:\users\RHYS\AppData\Local\VS Revo Group 2013-10-06 02:16 . 2013-10-06 02:16 -------- d-----w- c:\programdata\VS Revo Group 2013-10-06 02:16 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-10-06 02:16 . 2013-10-06 02:16 -------- d-----w- c:\program files\VS Revo Group 2013-10-05 16:43 . 2013-10-05 18:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-05 07:30 . 2013-10-05 07:30 -------- d-----w- c:\users\RHYS\AppData\Roaming\Malwarebytes 2013-10-05 07:29 . 2013-10-05 07:29 -------- d-----w- c:\programdata\Malwarebytes 2013-10-05 07:29 . 2013-10-05 07:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-05 07:29 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-05 07:28 . 2013-10-05 07:28 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\offreg.dll 2013-10-05 07:28 . 2013-10-05 07:28 46768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys 2013-10-04 07:53 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\mpengine.dll 2013-10-02 16:36 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-25 16:39 . 2013-09-25 16:39 -------- d-----w- c:\users\RHYS\AppData\Local\CrashRpt 2013-09-14 22:53 . 2013-09-14 22:53 -------- d-----w- C:\Riot Games 2013-09-14 22:53 . 2013-09-14 22:54 -------- d-----w- c:\users\RHYS\AppData\Roaming\Riot Games 2013-09-13 19:43 . 2013-09-13 19:43 -------- d-----w- c:\users\RHYS\AppData\Roaming\Visan 2013-09-13 19:26 . 2013-09-14 19:09 -------- d-----w- c:\program files (x86)\HP Photo Creations 2013-09-13 19:26 . 2013-09-14 19:09 -------- d-----w- c:\programdata\HP Photo Creations 2013-09-13 19:25 . 2013-09-13 19:25 -------- d-----w- c:\users\RHYS\AppData\Roaming\HpUpdate 2013-09-09 15:04 . 2013-09-09 15:04 -------- d-----w- C:\found.005 2013-09-08 16:11 . 2013-09-14 22:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-09-08 16:10 . 2013-09-08 16:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-08 16:10 . 2013-09-08 16:10 -------- d-----w- c:\programdata\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-05 07:24 . 2012-11-27 02:25 380 ----a-w- c:\users\RHYS\AppData\Roaming\sp_data.sys 2013-09-15 08:07 . 2011-10-02 14:43 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-08 16:10 . 2012-09-06 19:58 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-09-08 16:10 . 2011-10-13 23:35 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-09-05 20:43 . 2013-09-05 20:43 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BEFA36-E56E-4202-B385-63764C726209}\gapaengine.dll 2013-08-28 17:40 . 2013-08-27 16:19 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-08-23 02:47 . 2012-11-28 05:01 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-02 01:48 . 2013-09-14 19:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-25 09:25 . 2013-08-14 17:00 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-25 08:57 . 2013-08-14 17:00 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58 . 2013-08-14 17:00 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-19 01:41 . 2013-08-14 17:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-07-09 05:54 . 2013-08-14 17:00 1732032 ----a-w- c:\windows\system32\ntdll(88).dll 2013-07-09 05:52 . 2013-08-14 17:00 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-07-09 05:51 . 2013-08-14 17:00 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 05:46 . 2013-08-14 17:00 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-07-09 05:46 . 2013-08-14 17:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-09 05:46 . 2013-08-14 17:00 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-09 04:52 . 2013-08-14 17:00 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52 . 2013-08-14 17:00 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-07-09 04:46 . 2013-08-14 17:00 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-07-09 04:46 . 2013-08-14 17:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46 . 2013-08-14 17:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "avichannel"="c:\program files (x86)\Evaer\videochannel.exe" [2012-07-04 1691136] "EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2012-10-28 56360] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-05 4284976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-12-28 506480] "PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-12-28 375168] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496] "Malwarebytes Anti-Rootkit (cleanup)"="c:\programdata\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-08-13 1616696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . c:\users\RHYS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] R1 MpKsl7b9478dc;MpKsl7b9478dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [x] R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/31 17:45];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x] R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x] R2 EMP_UDSA;EMP_UDSA;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [x] R2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);k:\pc cleaning\HitmanPro35_x64.exe;k:\pc cleaning\HitmanPro35_x64.exe [x] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [x] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys;c:\windows\SYSNATIVE\drivers\EMP_UDAU.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x] R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R4 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x] S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x] S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-01 23:50 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 03:12] . 2013-05-26 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-11-20 08:25] . 2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . 2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-15 454144] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-15 158208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll FF - ProfilePath - c:\users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\ FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe Wow6432Node-HKLM-RunOnce-(A0) - c:\users\RHYS\Desktop\mbar\mbar.exe SafeBoot-MBAMSwissArmy HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HitmanPro36CrusaderBoot] "ImagePath"="\"k:\pc cleaning\HitmanPro35_x64.exe\" /crusader:boot" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2398509053-587471880-2104730802-1000\Software\SecuROM\License information*] "datasecu"=hex:82,d9,d3,c7,7a,6d,64,8e,56,23,12,ac,36,89,3f,98,c2,11,91,c2,27, c6,bf,2a,09,12,42,37,30,9a,53,d9,95,8e,2d,35,ce,25,72,a5,94,7c,d0,7c,b6,a4,\ "rkeysecu"=hex:08,e5,3f,13,dc,de,32,de,d8,1f,18,72,86,14,79,c9 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-05 22:10:20 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-06 03:10 . Pre-Run: 53,162,299,392 bytes free Post-Run: 54,942,044,160 bytes free . - - End Of File - - 80F459D353802B0C20D5E06117C27D5D
  8. combofix is saying my microsoft security essentials is not off, but I unchecked that box a while ago and saved settings. I checked it again and it says realtime protection is not on. How do I get combofix to recognize it as off?
  9. I saw the bit about utorrent. I deleted bitorrent off my computer and can reload the dds files if needed.
  10. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/15/2011 5:12:00 AM System Uptime: 10/5/2013 6:25:44 PM (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | G74Sx Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 1995/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 49.42 GiB free. D: is FIXED (NTFS) - 394 GiB total, 286.337 GiB free. E: is FIXED (NTFS) - 349 GiB total, 30.606 GiB free. F: is FIXED (NTFS) - 349 GiB total, 231.75 GiB free. G: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP289: 9/15/2013 3:00:16 AM - Windows Update RP290: 9/18/2013 3:52:43 AM - Windows Update RP291: 9/21/2013 3:52:18 PM - Windows Update RP292: 9/25/2013 11:48:29 PM - Windows Update RP293: 9/29/2013 1:35:46 AM - Windows Update RP294: 10/2/2013 11:36:01 AM - Windows Update . ==== Installed Programs ====================== . ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.8) Adobe Shockwave Player 11.6 aioscnnr AnyMedia Player 3.3.5 Apple Application Support Apple Mobile Device Support Apple Software Update ASUS AI Recovery ASUS FaceLogon ASUS Live Update ASUS Power4Gear Hybrid ASUS Splendid Video Enhancement Technology ASUS USB Charger Plus ASUS Virtual Camera ASUS WebStorage AsusScr_G74 Series_ENG AsusVibe2.0 Atheros Client Installation Program ATK Package AVG SafeGuard toolbar Batman: Arkham Asylum GOTY Edition Bing Bar BitTorrent Bluetooth Win7 Suite (64) Blur Bonjour Borderlands Brink Bulletstorm C4USelfUpdater Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Camfrog Video Chat 6.1 CamStudio OSS Desktop Recorder Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner center Cisco WebEx Meetings Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD 12 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX 9 Runtime DiRT 3 E.Y.E: Divine Cybermancy EasyTether EasyTether ADB USB driver Epson USB Display essentials Evaer Video Recorder for Skype 1.2.9.51 ExpressGateCloud Finger Sensing Pad Driver FLVPlayer4Free Free FLV Player 4.5.0.0 Free 3D Photo Maker version 2.0.13.1117 Fresco Logic USB3.0 Host Controller FrostWire 5.3.8 Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live GameFast.exe Garry's Mod Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HP Deskjet 1000 J110 series Basic Device Software HP Deskjet 1000 J110 series Help Intel® Control Center Intel® Management Engine Components Intel® Turbo Boost Technology Monitor 2.0 iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 29 Junk Mail filter update K-Lite Mega Codec Pack 8.0.0 Kies Air Discovery Service Kies mini Kodak AIO Printer KODAK AiO Software League of Legends LIMBO Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 My Lockbox 2.6 Nuance PDF Reader NVIDIA 3D Vision Controller Driver 306.97 NVIDIA 3D Vision Driver 306.97 NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver ocr OpenAL Pando Media Booster Plants vs. Zombies: Game of the Year Portal 2 PreReq PrimoPDF -- brought to you by Nitro PDF Software PrintProjects PunkBuster Services QuickTime Rapture3D 2.4.8 Game Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Rotation Desktop for G Series.exe Roxio AACS Certificate Roxio CinePlayer SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition Serious Sam HD: The First Encounter Serious Sam HD: The Second Encounter Service Pack 1 for SQL Server 2008 (KB968369) Sid Meier's Civilization V SkyDrift Skype Click to Call Skype™ 6.6 Smart Technology Programming Software 7.0.23.0 Sql Server Customer Experience Improvement Program StarCraft II Steam swMSM syncables desktop SE Test Drive Unlimited 2 THX TruStudio Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Ventrilo Client VLC media player 1.0.1 Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash WinPcap 4.1.2 Wireless Console 3 WModem Driver Installer Xactimate 27 Xvid MPEG-4 Video Codec YTD YouTube Downloader & Converter 3.7 . ==== Event Viewer Messages From Past Week ======== . 10/5/2013 7:16:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2013 6:36:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 10/5/2013 6:36:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 10/5/2013 6:34:56 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode. 10/5/2013 6:34:40 PM, Error: mbamchameleon [61440] - 10/5/2013 6:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 10/5/2013 6:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/5/2013 6:27:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2013 6:27:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/5/2013 6:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/5/2013 6:27:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/5/2013 6:27:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/5/2013 6:26:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ discache ElbyCDIO MBAMSwissArmy MpFilter spldr Wanarpv6 10/5/2013 6:26:13 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2013 6:26:08 PM, Error: Service Control Manager [7000] - The HitmanPro 3.6 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified. 10/5/2013 3:13:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (XACTWARE) service to connect. 10/5/2013 3:13:50 AM, Error: Service Control Manager [7000] - The SQL Server (XACTWARE) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/5/2013 3:08:20 AM, Error: Service Control Manager [7031] - The Update lucky leap service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 10/5/2013 3:01:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 10/5/2013 2:56:22 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 10/5/2013 11:19:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TurboBoost with arguments "" in order to run the server: {432533D5-CFFA-4B76-B573-85035430429E} 10/5/2013 11:16:32 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 10/5/2013 1:47:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 10/5/2013 1:36:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ discache ElbyCDIO MpFilter spldr Wanarpv6 10/5/2013 1:33:31 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 10/4/2013 5:58:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 10/4/2013 5:58:22 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by RHYS at 19:20:34 on 2013-10-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10819 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\helppane.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe" uRun: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" mRun: [Conime] C:\Windows\System32\conime.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" mRun: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" mRunOnce: [ (A0)] cmd /c "C:\Users\RHYS\Desktop\mbar\mbar.exe" /rdv /s dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" StartupFolder: C:\Users\RHYS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{53F68677-B5CA-492C-8935-2AB1E93CA2FB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\14E64656273756E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\2456C6B696E6F574F505C65737F5D494D4F4F5339343339334 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\34F627E656273747F6E65602F4666696365602D416E616765627 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\36162696E6028353 : DHCPNameServer = 192.168.85.1 TCP: Interfaces\{9217A5C6-8E54-4D28-A583-C469193046F3}\65562796A7F6E6D2839303C4D264736473 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{C43D13DB-036B-43E4-B2EA-CD158D284548} : DHCPNameServer = 8.8.8.8 8.8.4.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe x64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\RHYS\AppData\Roaming\Mozilla\Firefox\Profiles\hgupipme.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-10-17 54848] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-5 55856] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-27 45856] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-8-10 17152] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832] R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2012-11-16 20784] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-19 246568] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-19 76584] R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760] R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-11-26 445800] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-10 471144] R3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544] R3 SaiU1708;SaiU1708;C:\Windows\System32\drivers\SaiU1708.sys [2012-9-20 47168] S0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2013-10-5 116440] S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] S1 MpKsl7b9478dc;MpKsl7b9478dc;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys [2013-10-5 46768] S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/31 17:45:21];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-12-28 130320] S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] S2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-8-10 113840] S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-3-31 91248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-3-31 78960] S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-3-31 296048] S2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [2012-8-9 98304] S2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);"K:\PC cleaning\HitmanPro35_x64.exe" /crusader:boot --> K:\PC cleaning\HitmanPro35_x64.exe [?] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512] S2 MSSQL$XACTWARE;SQL Server (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392] S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008] S2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-3-31 83704] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-10 2655768] S2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-28 1643184] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272] S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-6-28 35840] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-11-23 102368] S3 eppvad_simple;EPSON Projector UD Audio Device;C:\Windows\System32\drivers\EMP_UDAU.sys [2012-8-9 23040] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-25 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928] S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-8-10 32344] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-8-10 290920] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-11-23 203104] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-17 1255736] S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512] S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400] S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-10 79360] S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-10 79360] S4 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-2-22 249856] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-10-05 23:34:56 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2013-10-05 16:43:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-05 07:30:46 -------- d-----w- C:\Users\RHYS\AppData\Roaming\Malwarebytes 2013-10-05 07:29:57 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-05 07:29:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-05 07:29:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-05 07:28:08 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\offreg.dll 2013-10-05 07:28:08 46768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\MpKsl7b9478dc.sys 2013-10-04 07:53:08 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64324CA6-4AEF-4097-9F30-AFCA602D0647}\mpengine.dll 2013-10-02 16:36:25 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-25 16:39:21 -------- d-----w- C:\Users\RHYS\AppData\Local\CrashRpt 2013-09-14 22:53:50 -------- d-----w- C:\Riot Games 2013-09-14 22:53:15 -------- d-----w- C:\Users\RHYS\AppData\Roaming\Riot Games 2013-09-14 21:07:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2 2013-09-13 19:43:56 -------- d-----w- C:\Users\RHYS\AppData\Roaming\Visan 2013-09-13 19:26:14 -------- d-----w- C:\ProgramData\HP Photo Creations 2013-09-13 19:26:14 -------- d-----w- C:\Program Files (x86)\HP Photo Creations 2013-09-13 19:25:58 -------- d-----w- C:\Users\RHYS\AppData\Roaming\HpUpdate 2013-09-09 15:04:55 -------- d-sh--w- C:\found.005 2013-09-08 16:10:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2013-10-05 07:24:03 380 ----a-w- C:\Users\RHYS\AppData\Roaming\sp_data.sys 2013-09-08 16:10:45 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-08 16:10:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-08-28 17:40:55 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll(88).dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 19:20:43.21 ===============
  11. Ok, here's my problem- Started running slower recently. My internet seems to be taken over and a lot slower recently while my wife's is not. Pop-ups come up while using well-known sites that do not have pop-ups. I ran Malwarebytes Pro one time (it had been forever since i'd ran it) to check and what do you know it came up with some stuff and said it should be deleted. I tried to "remove" them and then upon re-starting my computer wouldnt load past the windows login screen. After trying to fix it for forever and no luck, I restored my comp to a previous state. Since then I'd been using it a bit knowing something was there but not how to get it. I finally found the name lucky leap on my computer internet and knowing i didn't install it I checked the internet and found it was some sort of virus-like adware or something. This time I decided to try to be sneakier, ran the "rootkill" program, ran malwarebytes chameleon and THEN tried to clean a few of the malicious files found with ABAM and of course I got back to where I was before. I couldn't even get into safe mode a few times. Had to hard reboot multiple times until finally safe mode loaded. I currently cannot run in normal windows mode. I have to load in safe with network. Since it "crashed" again I've gone through and used the ABAR rootkit program with the fixdamage and everything and I still can't get it to load into normal. I've thought to myself multiple times before that there could be a couple different viruses. I can always restore to a point before, but it obviously means the virus or whatever will still be there. HELP! I love Malwarebytes!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.