Jump to content

hylndr11

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by hylndr11

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by Matt (administrator) on GAMER on 11-08-2014 10:56:04 Running from C:\Users\Matt\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [sTCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.) HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-11] (Siber Systems) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation) SSODL: EldosMountNotificator-cbfs5 - {AFEF775F-6BA8-403A-8792-47080EF3E12B} - C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs5 - {AFEF775F-6BA8-403A-8792-47080EF3E12B} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 1EldosIconOverlay-cbfs5 -> {76B86BA7-FAF3-461A-B5C4-EF9BFC2A8D55} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 2EldosIconOverlay-cbfs5 -> {C8F3B0A8-5462-4230-98F3-13A3C903BCAA} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers: BitcasaBadFileOverlay -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: BitcasaMirrorOverlay -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: BitcasaNotMirrored -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll () ShellIconOverlayIdentifiers: EldosIconOverlay-cbfs5 -> {9A8FAA3A-AD07-477F-97F3-E45486058AFA} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay-cbfs5 -> {76B86BA7-FAF3-461A-B5C4-EF9BFC2A8D55} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: 2EldosIconOverlay-cbfs5 -> {C8F3B0A8-5462-4230-98F3-13A3C903BCAA} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: EldosIconOverlay-cbfs5 -> {9A8FAA3A-AD07-477F-97F3-E45486058AFA} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E834EB41F0FCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {C652886C-9567-468e-8F0A-DED62F2848CF} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\0caxifnh.default-1394586824848 FF Homepage: google.com FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\0caxifnh.default-1394586824848\searchplugins\yahoo_ff.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-03] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-03] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} FF Extension: Yoono - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-11-26] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-12-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed] R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-12] () R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed] R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [413888 2013-11-25] (EldoS Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-07] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 10:55 - 2014-08-11 10:55 - 00000000 ____D () C:\Users\Matt\Downloads\FRST-OlderVersion 2014-08-11 10:05 - 2014-08-11 10:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-11 10:05 - 2014-08-11 10:05 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-11 10:05 - 2014-08-11 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-11 10:05 - 2014-08-11 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-11 10:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-11 10:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-11 10:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-11 10:03 - 2014-08-11 10:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-11 08:39 - 2014-08-11 08:39 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-2.1.1.1001.exe 2014-08-11 08:36 - 2014-08-11 08:36 - 00001912 _____ () C:\Windows\SysWOW64\look.txt 2014-08-11 08:36 - 2014-08-11 08:36 - 00000000 _____ () C:\Users\Matt\Downloads\look.txt 2014-08-11 08:35 - 2014-08-11 08:35 - 00000218 _____ () C:\Users\Matt\Downloads\MB64.zip 2014-08-08 13:31 - 2014-08-08 13:31 - 00000883 _____ () C:\Users\Matt\Desktop\JRT.txt 2014-08-08 13:27 - 2014-08-08 13:27 - 01016261 _____ (Thisisu) C:\Users\Matt\Downloads\JRT.exe 2014-08-08 13:20 - 2014-08-08 13:20 - 01366203 _____ () C:\Users\Matt\Downloads\AdwCleaner.exe 2014-08-08 13:19 - 2014-08-08 13:19 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps 2014-08-08 13:16 - 2014-08-08 13:28 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 13:16 - 2014-08-08 13:16 - 00000256 _____ () C:\DelFix.txt 2014-08-08 13:15 - 2014-08-08 13:15 - 00709564 _____ () C:\Users\Matt\Downloads\delfix_10.8.exe 2014-08-07 20:16 - 2014-08-07 20:16 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-08-07 20:15 - 2014-08-07 20:16 - 05392984 _____ () C:\Users\Matt\Downloads\RogueKillerX64.exe 2014-08-04 10:34 - 2014-08-04 10:34 - 00285520 _____ () C:\Windows\Minidump\080414-29421-01.dmp 2014-08-03 16:28 - 2014-08-03 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-03 15:43 - 2014-08-04 03:20 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Bitcasa 2014-08-03 15:43 - 2014-08-03 15:43 - 00001668 _____ () C:\Users\Public\Desktop\Bitcasa Infinite Drive.lnk 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\com.bitcasa.Bitcasa 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\Program Files\Bitcasa 2014-08-03 15:43 - 2013-11-25 13:14 - 00009000 _____ (EldoS Corporation) C:\Windows\system32\elevtmsg.dll 2014-08-03 15:43 - 2013-11-25 13:13 - 00219944 _____ (EldoS Corporation) C:\Windows\SysWOW64\cbfsNetRdr5.dll 2014-08-03 15:43 - 2013-11-25 13:13 - 00120616 _____ (EldoS Corporation) C:\Windows\system32\cbfsNetRdr5.dll 2014-08-03 15:43 - 2013-11-25 13:12 - 00183592 _____ (EldoS Corporation) C:\Windows\system32\cbfsMntNtf5.dll 2014-08-03 15:43 - 2013-11-25 13:12 - 00157480 _____ (EldoS Corporation) C:\Windows\SysWOW64\cbfsMntNtf5.dll 2014-08-03 15:43 - 2013-11-25 13:03 - 00413888 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbfs5.sys 2014-08-03 15:42 - 2014-08-03 15:42 - 26095664 _____ (Bitcasa Inc. ) C:\Users\Matt\Downloads\Bitcasa Setup 1.1.6.18 en.exe 2014-08-03 15:28 - 2014-08-04 10:33 - 278458458 _____ () C:\Windows\MEMORY.DMP 2014-08-03 15:28 - 2014-08-03 15:28 - 00292800 _____ () C:\Windows\Minidump\080314-21356-01.dmp 2014-08-03 14:35 - 2014-08-11 10:56 - 00019701 _____ () C:\Users\Matt\Downloads\FRST.txt 2014-08-03 14:22 - 2014-08-11 10:55 - 02099712 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe 2014-08-03 14:15 - 2014-08-03 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-03 14:15 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-03 14:15 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-03 14:15 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-03 14:15 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-03 14:14 - 2014-08-03 14:15 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-03 14:03 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-03 14:03 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-03 14:03 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-03 14:03 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-03 14:03 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-03 14:03 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-03 14:03 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-03 14:03 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-03 14:03 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-03 14:03 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-03 14:03 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-03 14:03 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-03 14:03 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-03 14:03 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-03 14:03 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-03 14:03 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-03 14:03 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-03 14:03 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-03 14:03 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-03 14:03 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-03 14:03 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-03 14:03 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-03 14:03 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-03 14:03 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-03 14:03 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-03 14:03 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-03 14:03 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-03 14:03 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-03 14:03 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-03 14:03 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-03 14:03 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-03 14:03 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-03 14:03 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-03 14:03 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-03 14:03 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-03 14:03 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-03 14:03 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-03 14:03 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-03 14:03 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-03 14:03 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-03 14:03 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-03 14:03 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-03 14:03 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-03 14:03 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-03 14:03 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-03 14:03 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-03 14:03 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-03 14:03 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-03 14:03 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-03 14:03 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-03 14:03 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-03 14:03 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-03 14:03 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-03 14:03 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-03 14:03 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-03 14:03 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-03 14:03 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-03 14:03 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-08-03 14:03 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-03 14:03 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-03 14:03 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-08-03 14:03 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-03 14:03 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-08-03 14:03 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-08-03 14:03 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-03 14:03 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-03 14:03 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-03 14:03 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-03 14:03 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-08-03 14:03 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-03 14:03 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-03 14:03 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-03 14:03 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-03 14:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-03 14:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-03 14:03 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-08-03 14:03 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-08-03 14:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-08-03 14:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-08-03 14:03 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-11 10:56 - 2014-08-03 14:35 - 00019701 _____ () C:\Users\Matt\Downloads\FRST.txt 2014-08-11 10:56 - 2014-06-05 00:06 - 00000000 ____D () C:\FRST 2014-08-11 10:55 - 2014-08-11 10:55 - 00000000 ____D () C:\Users\Matt\Downloads\FRST-OlderVersion 2014-08-11 10:55 - 2014-08-03 14:22 - 02099712 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe 2014-08-11 10:35 - 2012-12-27 16:37 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Skype 2014-08-11 10:35 - 2012-09-14 10:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-11 10:35 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-11 10:35 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-11 10:32 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-11 10:31 - 2011-11-25 23:47 - 01116137 _____ () C:\Windows\WindowsUpdate.log 2014-08-11 10:29 - 2014-08-11 10:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-11 10:29 - 2011-11-26 22:49 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-08-11 10:28 - 2014-06-06 10:58 - 00008277 _____ () C:\Windows\setupact.log 2014-08-11 10:28 - 2011-11-26 22:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-11 10:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-11 10:05 - 2014-08-11 10:05 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-11 10:05 - 2014-08-11 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-11 10:05 - 2014-08-11 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-11 10:05 - 2013-07-03 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-11 10:03 - 2014-08-11 10:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-11 10:01 - 2014-06-06 10:58 - 00033732 _____ () C:\Windows\PFRO.log 2014-08-11 08:39 - 2014-08-11 08:39 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-2.1.1.1001.exe 2014-08-11 08:36 - 2014-08-11 08:36 - 00001912 _____ () C:\Windows\SysWOW64\look.txt 2014-08-11 08:36 - 2014-08-11 08:36 - 00000000 _____ () C:\Users\Matt\Downloads\look.txt 2014-08-11 08:35 - 2014-08-11 08:35 - 00000218 _____ () C:\Users\Matt\Downloads\MB64.zip 2014-08-08 13:31 - 2014-08-08 13:31 - 00000883 _____ () C:\Users\Matt\Desktop\JRT.txt 2014-08-08 13:28 - 2014-08-08 13:16 - 00000000 ____D () C:\Windows\ERUNT 2014-08-08 13:27 - 2014-08-08 13:27 - 01016261 _____ (Thisisu) C:\Users\Matt\Downloads\JRT.exe 2014-08-08 13:25 - 2013-10-17 23:09 - 00000000 ____D () C:\Users\Matt\AppData\Local\FluxSoftware 2014-08-08 13:22 - 2014-06-05 00:01 - 00000000 ____D () C:\AdwCleaner 2014-08-08 13:20 - 2014-08-08 13:20 - 01366203 _____ () C:\Users\Matt\Downloads\AdwCleaner.exe 2014-08-08 13:19 - 2014-08-08 13:19 - 00000000 ____D () C:\Users\Matt\AppData\Local\CrashDumps 2014-08-08 13:16 - 2014-08-08 13:16 - 00000256 _____ () C:\DelFix.txt 2014-08-08 13:15 - 2014-08-08 13:15 - 00709564 _____ () C:\Users\Matt\Downloads\delfix_10.8.exe 2014-08-07 20:16 - 2014-08-07 20:16 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-08-07 20:16 - 2014-08-07 20:15 - 05392984 _____ () C:\Users\Matt\Downloads\RogueKillerX64.exe 2014-08-07 14:14 - 2011-11-25 23:47 - 00000000 ____D () C:\Users\Matt 2014-08-07 13:59 - 2012-12-27 16:37 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-04 10:34 - 2014-08-04 10:34 - 00285520 _____ () C:\Windows\Minidump\080414-29421-01.dmp 2014-08-04 10:34 - 2012-11-16 07:54 - 00000000 ____D () C:\Windows\Minidump 2014-08-04 10:33 - 2014-08-03 15:28 - 278458458 _____ () C:\Windows\MEMORY.DMP 2014-08-04 03:22 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-04 03:22 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-04 03:22 - 2012-04-27 22:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-04 03:22 - 2009-07-14 00:45 - 00304008 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-04 03:21 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-04 03:20 - 2014-08-03 15:43 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Bitcasa 2014-08-04 03:04 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-04 03:02 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-03 16:28 - 2014-08-03 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-03 15:43 - 2014-08-03 15:43 - 00001668 _____ () C:\Users\Public\Desktop\Bitcasa Infinite Drive.lnk 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\com.bitcasa.Bitcasa 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2014-08-03 15:43 - 2014-08-03 15:43 - 00000000 ____D () C:\Program Files\Bitcasa 2014-08-03 15:42 - 2014-08-03 15:42 - 26095664 _____ (Bitcasa Inc. ) C:\Users\Matt\Downloads\Bitcasa Setup 1.1.6.18 en.exe 2014-08-03 15:35 - 2012-09-14 10:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-03 15:35 - 2012-09-14 10:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-03 15:35 - 2011-11-27 00:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-03 15:28 - 2014-08-03 15:28 - 00292800 _____ () C:\Windows\Minidump\080314-21356-01.dmp 2014-08-03 14:31 - 2012-12-27 16:37 - 00000000 ____D () C:\ProgramData\Skype 2014-08-03 14:16 - 2014-03-21 20:36 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-03 14:15 - 2014-08-03 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-03 14:15 - 2014-08-03 14:14 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-03 14:15 - 2013-04-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Java Some content of TEMP: ==================== C:\Users\Matt\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 00:50 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by Matt at 2014-08-11 10:56:36 Running from C:\Users\Matt\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE) @BIOS B14.0418.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) @BIOS B14.0418.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.0429 - Gigabyte) APP Center (x32 Version: 1.14.0429 - Gigabyte) Hidden Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Articulate Storyline (HKLM-x32\...\{CF080EA9-C318-46D7-A597-4EA95714E631}) (Version: 1.02.02 - Articulate) Articulate Storyline (x32 Version: 1.02.02 - Articulate) Hidden AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) Bitcasa version 1.1.6.18 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.1.6.18 - Bitcasa Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis®3 MP Open Beta (HKLM-x32\...\{02454664-23E6-46B3-9CB3-30870AE3645E}) (Version: 1.0.0.0 - Electronic Arts) DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Easy Tune 6 B11.0823.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0823.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.) Fraps (HKLM-x32\...\Fraps) (Version: - ) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6423 - Realtek Semiconductor Corp.) RoboForm 7-9-5-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-7 - Siber Systems) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE) Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.) Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinWay Resume Deluxe (HKLM-x32\...\{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}) (Version: 12.00.019 - WinWay Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 09-08-2014 00:57:35 Windows Update 09-08-2014 01:18:00 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2013-07-03 18:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {030EC57F-0425-4574-9D1B-C201DCF5311D} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMJMKMOMKJLMNMOJCNKMJJIMKJCNLMNJHMKMCNOJLJMJOMCNMMOMLMOMOMIMJMOJGMJMLJKMJNJICMIMCNGMCNKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMPINIAJMIPIFMLMKMMMJNHICMEKMICNJJCKJNBJCMCLOJLILIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMMMPMOMFMNMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {0C60C37C-E48C-426A-950A-A78E8D42AB45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {64F7F246-85B2-4727-9310-E5F690FCED28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-03] (Adobe Systems Incorporated) Task: {730FC477-B21E-4DF7-B5E1-1CC59CCF61EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EBC58168-48E2-4767-8546-4486C611F5B7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-03-11] (Siber Systems) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-27 14:39 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe 2011-11-27 02:38 - 2012-02-12 22:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-08-03 15:43 - 2014-02-21 13:17 - 00313856 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll 2014-08-03 15:43 - 2014-02-21 13:06 - 02064384 _____ () C:\Program Files\Bitcasa\bitcasaui.dll 2011-11-26 22:45 - 2011-11-26 22:45 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll 2011-11-26 23:29 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2014-04-29 14:40 - 2014-04-29 14:40 - 01239360 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL 2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll 2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll 2014-03-13 03:29 - 2014-03-13 03:29 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll 2011-11-26 22:41 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2014 10:29:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 10:22:08 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (08/11/2014 10:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 09:56:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 08:33:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 08:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 09:02:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 08:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/11/2014 09:54:26 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:41:32 AM on ‎8/‎11/‎2014 was unexpected. Error: (08/11/2014 08:33:39 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:31:19 AM on ‎8/‎11/‎2014 was unexpected. Error: (08/11/2014 08:24:25 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:23:36 AM on ‎8/‎11/‎2014 was unexpected. Error: (08/08/2014 09:01:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:58:14 PM on ‎8/‎8/‎2014 was unexpected. Error: (08/08/2014 08:53:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:52:22 PM on ‎8/‎8/‎2014 was unexpected. Microsoft Office Sessions: ========================= Error: (08/11/2014 10:29:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 10:22:08 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (08/11/2014 10:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 10:02:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 09:56:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 08:33:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2014 08:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 09:02:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 08:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-07-03 18:45:58.479 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-03 18:45:58.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8149.92 MB Available physical RAM: 6254.84 MB Total Pagefile: 16298.02 MB Available Pagefile: 14220.77 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:336.77 GB) NTFS Drive d: (WinWay Resume) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BD586539) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. Thank you for the help. OK ran the script and removed old one and did a clean install....... does not appear to have found anything. Computer still not stable though - last time I thought this was a hardware issue after I got this far in the process, updated bios went through everything tested RAM etc. It will randomly reboot and BSOD/lock up like it was a ram issue.
  3. Yes, it was clear, I remember now last time I did this, seems clean now the computer starts hitting BSODs fairly frequently - difference is this time Ive deleted anything that Ive ever downloaded. Now it wont finish a MB scan it asks do I want MB to make changes to the computer and then says its unprotected and then BSOD
  4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014 Ran by Matt at 2014-08-08 13:19:32 Run:1 Running from C:\Users\Matt\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {EFD2E7D3-8888-4bdd-A3A8-97F2380FF190} URL = https://search.yahoo...p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=SPLBR1&pc=SPLH SearchScopes: HKCU - {EFD2E7D3-8888-4bdd-A3A8-97F2380FF190} URL = https://search.yahoo...p={searchTerms} FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} FF Extension: Splashtop Connect Companion - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011-11-26] FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} FF Extension: Splashtop Connect - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011-11-26] C:\Users\Matt\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Matt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Matt\AppData\Local\Temp\Quarantine.exe C:\Users\Matt\AppData\Local\Temp\vlc-2.1.3-win32.exe ***************** HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD2E7D3-8888-4bdd-A3A8-97F2380FF190}" => Key deleted successfully. "HKCR\CLSID\{EFD2E7D3-8888-4bdd-A3A8-97F2380FF190}" => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} => value deleted successfully. C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} => value deleted successfully. C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} => Moved successfully. C:\Users\Matt\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully. C:\Users\Matt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully. C:\Users\Matt\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Matt\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully. ==== End of Fixlog ==== # AdwCleaner v3.304 - Report created 08/08/2014 at 13:22:01 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Matt - GAMER # Running from : C:\Users\Matt\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : AppleChargerSrv ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Matt\AppData\Roaming\Search Protection File Deleted : C:\Windows\System32\AppleChargerSrv.exe ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\0caxifnh.default-1394586824848\prefs.js ] ************************* AdwCleaner[R0].txt - [7979 octets] - [05/06/2014 00:02:33] AdwCleaner[R1].txt - [1094 octets] - [08/08/2014 13:20:59] AdwCleaner[s0].txt - [8215 octets] - [05/06/2014 00:03:20] AdwCleaner[s1].txt - [1026 octets] - [08/08/2014 13:22:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1086 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Matt on Fri 08/08/2014 at 13:28:12.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] wcuservice_stc_ie Successfully deleted: [service] wcuservice_stc_ie ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\0caxifnh.default-1394586824848\minidumps [20 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/08/2014 at 13:31:47.24 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. rogue log RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Matt [Admin rights] Mode : Scan -- Date : 08/07/2014 20:21:55 ¤¤¤ Bad processes : 1 ¤¤¤ [suspicious.Path] (SVC) gdrv -- \??\C:\Windows\gdrv.sys[7] -> STOPPED ¤¤¤ Registry Entries : 9 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++ --- User --- [MBR] 435dd7a9309166cb025b3742542276a9 [bSP] 7f5bfd7366e0f512857a1e84d1585c9b : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_06062014_104145.log - RKreport_DEL_06062014_104728.log - RKreport_SCN_06062014_104058.log - RKreport_SCN_06062014_104318.log RKreport_SCN_06062014_104850.log Did not find any threats in malwarebytes - Found about 7 last week when I ran for the first time and did exactly as listed above.. THANK YOU
  6. Hello - Thank you for the help - I ran MB and found plenty of pup.spigots but nothing really resolved when gonig through the process with MB. I turned the computer off for a month or so went out of town came back and trying to get it fixed. Here is FRST post Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Matt (administrator) on GAMER on 03-08-2014 14:35:16 Running from C:\Users\Matt\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Flux Software LLC) C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [sTCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.) HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [F.lux] => C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-11] (Siber Systems) HKU\S-1-5-21-3692006442-243579773-3437851365-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-05-19] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-19] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E834EB41F0FCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {EFD2E7D3-8888-4bdd-A3A8-97F2380FF190} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH SearchScopes: HKCU - {C652886C-9567-468e-8F0A-DED62F2848CF} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} SearchScopes: HKCU - {EFD2E7D3-8888-4bdd-A3A8-97F2380FF190} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms} BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\0caxifnh.default-1394586824848 FF DefaultSearchEngine: Yahoo! FF SelectedSearchEngine: Yahoo! FF Homepage: google.com FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\0caxifnh.default-1394586824848\searchplugins\yahoo_ff.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} FF Extension: Splashtop Connect Companion - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011-11-26] FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} FF Extension: Splashtop Connect - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011-11-26] FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} FF Extension: Yoono - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-11-26] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-12-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) S2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed] R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-12] () R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed] R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-08-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 14:35 - 2014-08-03 14:35 - 00019566 _____ () C:\Users\Matt\Downloads\FRST.txt 2014-08-03 14:22 - 2014-08-03 14:22 - 02094080 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe 2014-08-03 14:15 - 2014-08-03 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-03 14:15 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-03 14:15 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-03 14:15 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-03 14:15 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-03 14:14 - 2014-08-03 14:15 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 14:35 - 2014-08-03 14:35 - 00019566 _____ () C:\Users\Matt\Downloads\FRST.txt 2014-08-03 14:35 - 2014-06-05 00:06 - 00000000 ____D () C:\FRST 2014-08-03 14:35 - 2012-09-14 10:52 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-03 14:35 - 2012-09-14 10:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-03 14:35 - 2012-09-14 10:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-03 14:35 - 2011-11-27 00:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-03 14:34 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-03 14:33 - 2014-05-17 20:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 14:31 - 2012-12-27 16:37 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-03 14:31 - 2012-12-27 16:37 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Skype 2014-08-03 14:31 - 2012-12-27 16:37 - 00000000 ____D () C:\ProgramData\Skype 2014-08-03 14:29 - 2011-11-26 22:49 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-08-03 14:28 - 2014-06-06 10:58 - 00005421 _____ () C:\Windows\setupact.log 2014-08-03 14:28 - 2014-06-06 10:58 - 00002240 _____ () C:\Windows\PFRO.log 2014-08-03 14:28 - 2011-11-26 22:57 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-03 14:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-03 14:27 - 2011-11-25 23:47 - 01866038 _____ () C:\Windows\WindowsUpdate.log 2014-08-03 14:22 - 2014-08-03 14:22 - 02094080 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe 2014-08-03 14:16 - 2014-03-21 20:36 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-03 14:15 - 2014-08-03 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-03 14:15 - 2014-08-03 14:14 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-08-03 14:15 - 2013-04-07 18:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-03 14:12 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-03 14:12 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-11 03:02 - 2014-08-03 14:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-08-03 14:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-08-03 14:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-08-03 14:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe Some content of TEMP: ==================== C:\Users\Matt\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Matt\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Matt\AppData\Local\Temp\Quarantine.exe C:\Users\Matt\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 00:50 ==================== End Of Log ============================ addition.txt run awhile back Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014 Ran by Matt at 2014-06-05 00:07:06 Running from C:\Users\Matt\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE) µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Articulate Storyline (HKLM-x32\...\{CF080EA9-C318-46D7-A597-4EA95714E631}) (Version: 1.02.02 - Articulate) Articulate Storyline (x32 Version: 1.02.02 - Articulate) Hidden AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Crysis®3 MP Open Beta (HKLM-x32\...\{02454664-23E6-46B3-9CB3-30870AE3645E}) (Version: 1.0.0.0 - Electronic Arts) DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Easy Tune 6 B11.0823.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0823.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.) f.lux (HKCU\...\Flux) (Version: - ) Fraps (HKLM-x32\...\Fraps) (Version: - ) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6423 - Realtek Semiconductor Corp.) RoboForm 7-9-5-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-7 - Siber Systems) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE) Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.) Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinWay Resume Deluxe (HKLM-x32\...\{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}) (Version: 12.00.019 - WinWay Corporation) ==================== Restore Points ========================= 30-05-2014 12:16:47 Windows Update 03-06-2014 17:38:25 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-07-03 18:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {030EC57F-0425-4574-9D1B-C201DCF5311D} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMJMKMOMKJLMNMOJCNKMJJIMKJCNLMNJHMKMCNOJLJMJOMCNMMOMLMOMOMIMJMOJGMJMLJKMJNJICMIMCNGMCNKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMPINIAJMIPIFMLMKMMMJNHICMEKMICNJJCKJNBJCMCLOJLILIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMMMPMOMFMNMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {64F7F246-85B2-4727-9310-E5F690FCED28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {730FC477-B21E-4DF7-B5E1-1CC59CCF61EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EBC58168-48E2-4767-8546-4486C611F5B7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-03-11] (Siber Systems) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-27 14:39 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-11-26 22:47 - 2011-08-22 16:26 - 00057344 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe 2011-11-27 02:38 - 2012-02-12 22:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-11-26 22:38 - 2011-06-09 22:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-11-26 22:47 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll 2014-05-10 04:02 - 2014-05-10 04:02 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2014-05-14 14:35 - 2014-05-14 14:35 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll 2014-03-13 03:29 - 2014-03-13 03:29 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll 2011-11-26 22:41 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/05/2014 00:04:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2014 00:03:32 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (06/04/2014 11:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 08:14:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 05:27:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9001 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9001 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2014 10:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8003 Error: (06/04/2014 10:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8003 System errors: ============= Error: (06/04/2014 11:51:49 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:44:47 PM on ‎6/‎4/‎2014 was unexpected. Error: (06/04/2014 11:30:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (06/04/2014 08:12:54 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:46:06 PM on ‎6/‎4/‎2014 was unexpected. Error: (06/04/2014 05:27:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:34:00 PM on ‎6/‎4/‎2014 was unexpected. Error: (06/04/2014 09:11:17 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000004e (0x0000000000000007, 0x00000000001ef116, 0x00000000001ef066, 0x0000000000000000)C:\Windows\MEMORY.DMP Error: (06/04/2014 09:11:17 AM) (Source: BugCheck) (EventID: 1005) (User: ) Description: Error: (06/04/2014 09:11:10 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:38:26 AM on ‎6/‎4/‎2014 was unexpected. Error: (05/31/2014 09:01:14 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:59:36 PM on ‎5/‎31/‎2014 was unexpected. Error: (05/27/2014 08:12:08 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:29:19 PM on ‎5/‎27/‎2014 was unexpected. Error: (05/26/2014 09:57:57 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Microsoft Office Sessions: ========================= Error: (06/05/2014 00:04:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2014 00:03:32 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (06/04/2014 11:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 08:14:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 05:27:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9001 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9001 Error: (06/04/2014 10:52:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2014 10:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8003 Error: (06/04/2014 10:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8003 CodeIntegrity Errors: =================================== Date: 2013-07-03 18:45:58.479 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-03 18:45:58.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 8109.11 MB Available physical RAM: 6413.54 MB Total Pagefile: 16216.4 MB Available Pagefile: 14357.43 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:49.43 GB) NTFS Drive d: (WinWay Resume) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BD586539) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  7. Hey - yea, thanks - ran some diagnostics def hardware - looks like HD failure so Ill be going to SSD now THanks again.
  8. SAFE MODE is fine - i have been trying to uninstall Trendmicro security client - this is a business machine, i still think that has something to do with it for several reasons - cannot uninstall this thing though - deleted registry keys all of them, even used the custom uninstall tool from TM. It just wont come off
  9. Lol - ive cleaned plenty of these things have not seen anything like this before -ran SAS found one more virus - it got rid of it but did not provide any logs or anything i did a full scan. Machine still acts very weird - with all the services running def get BSOD and it does not really run, desktop opens thats it - with them all off It behaves a little better can move around more and get some stuff going but usually it locks up eventually as well. So I am not sure it is one of the services - Thank you for your time so much - I am sending you a donation now ! If you have any other ideas let me know, if not I guess I need wipe it or something
  10. Kinda crazy - i will go in and disable have the services, its start up well enough and work fine in desktop for a min then ill start adding them one by one - doesnt happen again, ive tried all diff combos- then it will randomly happen - it locks up and I get BSOD - so I cant tell if its a service - im gonna try and re install malwarebytes and run a full scan again, since it found so many but always locked up - i had to delete it
  11. Got defender stopped and went back and ran some others I couldnt before - Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01 Ran by Matt at 2013-11-12 14:21:47 Run:1 Running from C:\Users\Matt\Desktop\dds Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKLM-x32\...\Runonce: [{67CCDC7F-81CC-45BA-98A0-72FB009A882A}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe -accepteula -accepteulaksn -activeimages -postboot [x] HKLM-x32\...\Runonce: [{36B4841C-8700-4FB7-A6B9-B4B7FE320157}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe -accepteula -accepteulaksn -activeimages -postboot [x] BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{67CCDC7F-81CC-45BA-98A0-72FB009A882A} => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{36B4841C-8700-4FB7-A6B9-B4B7FE320157} => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. "C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe" => File/Directory not found. "C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe" => File/Directory not found. ==== End of Fixlog ====
  12. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01 Ran by Matt at 2013-11-12 12:02:04 Running from C:\Users\Matt\Desktop\dds Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92} AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79} ==================== Installed Programs ====================== 7-Zip 9.20 (x32) AccelerometerP11 (x32 Version: 2.00.10.22) Adobe AIR (x32 Version: 3.8.0.1430) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Media Player (x32 Version: 1.8) Adobe Photoshop CS5 (x32 Version: 12.0) Adobe Reader XI (11.0.02) (x32 Version: 11.0.02) Advanced Audio FX Engine (x32 Version: 1.12.05) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) Article Marketing Robot (x32 Version: 1.1.072) BioAPI Framework (Version: 1.0.2) Bonjour (Version: 3.0.0.10) Custom (Version: 01.00.00.000) CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426) Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159) Dell Data Protection | Access (Version: 01.01.01.001) Dell Data Protection | Access (x32 Version: 2.0.00001.001) Dell Data Protection | Access | Drivers (x32 Version: 1.00.011) Dell Data Protection | Access | Middleware (x32 Version: 1.00.005) Dell System Manager (Version: 1.6.00000) Dell Touchpad (Version: 7.1208.101.116) Dell Webcam Central (x32 Version: 1.40.05) DellAccess (Version: 01.01.00.053) DirectX 9 Runtime (x32 Version: 1.00.0000) Dropbox (HKCU Version: 2.0.22) EMBASSY Security Center (Version: 04.03.00.067) f.lux (HKCU) Gemalto (Version: 01.64.01.0010) GetDiz (x32 Version: 4.6) Google Talk Plugin (x32 Version: 4.9.1.16010) GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083) Intel® Processor Graphics (x32 Version: 8.15.10.2353) iTunes (Version: 10.5.3.3) Java 7 Update 21 (x32 Version: 7.0.210) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 14.0.8089.726) Kudos Chat Search Agent (x32 Version: 2.1) Kudos Chat Search v2 (x32 Version: 2.2) LG United Mobile Driver (x32 Version: 2.2) Live! Cam Avatar Creator (x32 Version: 4.6.3009.1) LogoMaker 3.0 (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Market Samurai (x32 Version: 0.92.78) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000) Microsoft Silverlight (x32 Version: 4.0.60531.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) mIRC (x32 Version: 7.22) Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Notepad++ (x32 Version: 6.2) NTRU TCG Software Stack (Version: 2.1.34) NVIDIA 3D Vision Driver 268.83 (Version: 268.83) NVIDIA Control Panel 268.83 (Version: 268.83) NVIDIA Graphics Driver 268.83 (Version: 268.83) NVIDIA Install Application (Version: 2.265.42.0) NVIDIA nView 135.85 (Version: 135.85) NVIDIA nView Desktop Manager (Version: 6.14.10.13585) NVIDIA Optimus 1.0.23 (Version: 1.0.23) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6883) NVIDIA Update Components (Version: 1.0.23) ozTitleGenerator (HKCU Version: 1.1.0.12) PC-CCID (Version: 2.0.0) PDF Settings CS5 (x32 Version: 10.0) PhotoShowExpress (x32 Version: 2.0.063) Preboot Manager (Version: 03.03.00.049) Private Information Manager (Version: 07.01.00.007) RBVirtualFolder64Inst (Version: 1.00.0000) RoboForm 7-7-4 (All Users) (x32 Version: 7-7-4) Roxio Activation Module (x32 Version: 1.0) Roxio BackOnTrack (x32 Version: 1.3.3) Roxio Burn (x32 Version: 1.8) Roxio Creator Starter (x32 Version: 1.0.439) Roxio Creator Starter (x32 Version: 12.1.77.0) Roxio Creator Starter (x32 Version: 5.0.0) Roxio Express Labeler 3 (x32 Version: 3.2.2) Roxio File Backup (Version: 1.3.2) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0) SEO PowerSuite (x32) Skype Click to Call (x32 Version: 6.9.12585) Skype™ 6.10 (x32 Version: 6.10.104) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0) SPBA 5.9 (Version: 5.9.4.6686) TeamViewer 7 (x32 Version: 7.0.15723) Trend Micro Client/Server Security Agent (x32 Version: 3.5.1163) Trusted Drive Manager (Version: 4.0.5.8) TurboTax 2011 (x32) TurboTax 2011 wgaiper (x32 Version: 011.000.1699) TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999) TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495) TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214) TurboTax 2011 wrapper (x32 Version: 011.000.0121) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Upek Touchchip Fingerprint Reader (Version: 1.2.004) VLC media player 1.1.11 (x32 Version: 1.1.11) Wave Infrastructure Installer (Version: 07.66.40.0008) Wave Support Software Installer (Version: 05.13.00.014) Wicked Article Creator 2.7.0.0 (x32) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Movie Maker (x32 Version: 14.0.8091.0730) Windows Live Photo Gallery (x32 Version: 14.0.8081.709) Windows Live Sign-in Assistant (x32 Version: 5.000.818.5) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Upload Tool (x32 Version: 14.0.8014.1029) Windows Live Writer (x32 Version: 14.0.8089.0726) WinRAR 4.01 (64-bit) (Version: 4.01.0) WinZip 16.0 (Version: 16.0.9661) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-11-12 09:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0017F327-C07E-4DD2-97DF-0816BEE86A3D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2012-03-18] (Siber Systems) Task: {1B1838EB-3472-4BAB-83C3-1BD558A22AB2} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-09-30] (Microsoft Corporation) Task: {1D5A9E54-0DC1-4563-8344-64A1CAB184B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.) Task: {99FB3E01-B579-4A9B-9F43-BDF8EBD2FAA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.) Task: {C6C22079-7456-46B4-B2ED-BE062CCBD93C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F833EB6D-E16A-4857-B995-B650F82CCCFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Run RoboForm TaskBar Icon.job => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20521097.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21438284.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20521097.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21438284.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Faulty Device Manager Devices ============= Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/12/2013 10:38:24 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2013 10:29:17 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2013 09:44:43 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode . Operation: Instantiating VSS server Error: (11/12/2013 09:44:43 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode ] Operation: Instantiating VSS server Error: (11/12/2013 08:14:13 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 07:56:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 07:50:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:46:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:43:21 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:17:25 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/12/2013 00:00:05 PM) (Source: DCOM) (User: ) Description: 1084TdmService{285E95B2-ACD5-4405-8D24-2D73E65DD047} Error: (11/12/2013 10:37:22 AM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/12/2013 10:37:22 AM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (11/12/2013 10:37:14 AM) (Source: DCOM) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/12/2013 10:37:08 AM) (Source: DCOM) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/12/2013 10:36:58 AM) (Source: DCOM) (User: ) Description: 1084TdmService{285E95B2-ACD5-4405-8D24-2D73E65DD047} Error: (11/12/2013 10:36:48 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi Wanarpv6 Error: (11/12/2013 10:36:47 AM) (Source: Service Control Manager) (User: ) Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%1068 Error: (11/12/2013 10:36:46 AM) (Source: Service Control Manager) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (11/12/2013 10:35:12 AM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (11/12/2013 10:38:24 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2013 10:29:17 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2013 09:44:43 AM) (Source: VSS)(User: ) Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode Operation: Instantiating VSS server Error: (11/12/2013 09:44:43 AM) (Source: VSS)(User: ) Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode Operation: Instantiating VSS server Error: (11/12/2013 08:14:13 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 07:56:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 07:50:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:46:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:43:21 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2013 06:17:25 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-11-12 09:50:49.644 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-12 09:50:49.597 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-12 09:50:49.535 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-12 09:50:49.488 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-28 14:20:52.051 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-28 14:20:52.035 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-28 14:20:52.004 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-28 14:20:51.973 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-03 16:39:40.679 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-04-03 16:39:40.669 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8072.9 MB Available physical RAM: 7199.24 MB Total Pagefile: 16143.98 MB Available Pagefile: 15277.48 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:315.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Recovery) (Fixed) (Total:13.66 GB) (Free:6.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D2332EA8) Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  13. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01 Ran by Matt (administrator) on MININT-AH1V0P8 on 12-11-2013 12:00:22 Running from C:\Users\Matt\Desktop\dds Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-24] (IDT, Inc.) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] () HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKLM-x32\...\Runonce: [{67CCDC7F-81CC-45BA-98A0-72FB009A882A}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe -accepteula -accepteulaksn -activeimages -postboot [x] HKLM-x32\...\Runonce: [{36B4841C-8700-4FB7-A6B9-B4B7FE320157}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe -accepteula -accepteulaksn -activeimages -postboot [x] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKCU\...\Run: [Kudos Chat Search] - C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe [5726200 2012-02-27] (Kudos Knowledge) HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [f.lux] - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:49267;https=127.0.0.1:49267 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.) BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default FF NetworkProxy: "http", "173.213.90.71" FF NetworkProxy: "http_port", 55555 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Matt\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Extension: SeoQuake - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF Extension: Page Speed - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} FF Extension: firebug - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: historyblock - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\historyblock@kain.xpi FF Extension: nasanightlaunch - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\nasanightlaunch@example.com.xpi FF Extension: pagerank - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\pagerank@any-tech.ws.xpi FF Extension: toolbar - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\toolbar@sape.ru.xpi FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{0471d3b0-a403-11df-981c-0800200c9a66}.xpi FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi FF Extension: fireftp - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: downbarconfig - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox ==================== Services (Whitelisted) ================= S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-18] (Trend Micro Inc.) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-13] () S4 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () S4 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-18] (Trend Micro Inc.) S4 TmPfw; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.) S4 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-11] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-11-11] (Malwarebytes Corporation) S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2010-12-21] (Novatel Wireless Inc) S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2010-12-21] (Novatel Wireless Inc.) R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRxpx64.sys [74400 2011-01-04] (O2Micro ) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjxpx64.sys [83560 2011-03-23] (O2Micro ) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-24] (Trend Micro Inc.) R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.) S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-24] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.) S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.) S2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S4 nvkflt; system32\DRIVERS\nvkflt.sys [x] S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 12:00 - 2013-11-12 12:00 - 00000000 ____D C:\FRST 2013-11-12 09:53 - 2013-11-12 09:53 - 00029768 _____ C:\ComboFix.txt 2013-11-12 09:40 - 2013-11-12 09:40 - 05145576 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe 2013-11-11 18:19 - 2013-11-11 18:46 - 00000000 ____D C:\Users\Matt\Desktop\mbar 2013-11-11 18:07 - 2013-11-11 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-11 18:07 - 2013-11-11 18:47 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-11 18:05 - 2013-11-11 18:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-11 16:48 - 2013-11-11 16:48 - 00002131 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164833.txt 2013-11-11 16:47 - 2013-11-11 16:47 - 00001161 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164731.txt 2013-11-11 14:31 - 2013-11-11 14:31 - 00002163 _____ C:\Users\Matt\Desktop\JRT.txt 2013-11-11 14:29 - 2013-11-11 14:29 - 00000000 ____D C:\Windows\ERUNT 2013-11-11 14:28 - 2013-11-11 14:28 - 01034531 _____ (Thisisu) C:\Users\Matt\Desktop\JRT.exe 2013-11-11 14:00 - 2013-11-11 14:00 - 00004529 _____ C:\Users\Matt\Desktop\MBRCheck_11.11.13_14.00.21.txt 2013-11-11 13:31 - 2013-11-11 13:31 - 00000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job 2013-11-11 12:48 - 2013-11-11 12:48 - 00018611 _____ C:\Users\Matt\Desktop\dds.txt 2013-11-11 12:48 - 2013-11-11 12:48 - 00015534 _____ C:\Users\Matt\Desktop\attach.txt 2013-11-11 12:46 - 2013-11-11 12:46 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.scr 2013-11-11 12:20 - 2013-11-11 12:20 - 00002253 _____ C:\Users\Matt\Desktop\RKreport[4]_D_11112013_02d1220.txt 2013-11-11 12:19 - 2013-11-11 12:19 - 00003035 _____ C:\Users\Matt\Desktop\RKreport[3]_S_11112013_02d1219.txt 2013-11-11 11:56 - 2013-11-11 11:56 - 00006576 ____N C:\bootsqm.dat 2013-11-11 10:27 - 2013-11-11 14:24 - 00000000 ____D C:\AdwCleaner 2013-11-11 10:26 - 2013-11-11 10:27 - 01085542 _____ C:\Users\Matt\Desktop\AdwCleaner.exe 2013-11-11 10:16 - 2013-11-11 10:16 - 00000000 ____D C:\Users\Matt\Desktop\New folder (4) 2013-11-11 09:32 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-11 09:32 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-11 09:32 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-11 09:32 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-11 09:32 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-11 09:32 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-11 09:32 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-11 09:32 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-22 14:42 - 2013-10-22 14:42 - 00000000 ____D C:\Users\Matt\Downloads\The.Neverending.Story.1984.720p.BluRay.x264-MELiTE 2013-10-22 14:41 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Matt\Downloads\The NeverEnding Story[1984]DvDrip[720x436]AC3[6ch][Eng]-RHooD 2013-10-21 11:31 - 2013-10-21 11:31 - 00054073 _____ C:\Users\Matt\Desktop\Tower Lease Broken link report for October 21, 2013.txt 2013-10-18 05:06 - 2013-10-18 05:06 - 00000000 ____D C:\Users\Matt\AppData\Local\FluxSoftware ==================== One Month Modified Files and Folders ======= 2013-11-12 12:00 - 2013-11-12 12:00 - 00000000 ____D C:\FRST 2013-11-12 11:59 - 2012-12-29 17:40 - 00000000 ____D C:\Users\Matt\Desktop\dds 2013-11-12 10:30 - 2013-06-10 07:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-12 10:29 - 2012-07-19 15:09 - 00000000 ___RD C:\Users\Matt\Dropbox 2013-11-12 10:29 - 2012-07-19 15:05 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Dropbox 2013-11-12 10:28 - 2011-09-26 12:13 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-12 10:27 - 2010-11-20 22:47 - 00018878 _____ C:\Windows\PFRO.log 2013-11-12 10:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-12 10:27 - 2009-07-13 23:51 - 00081812 _____ C:\Windows\setupact.log 2013-11-12 10:24 - 2013-04-28 13:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe 2013-11-12 09:53 - 2013-11-12 09:53 - 00029768 _____ C:\ComboFix.txt 2013-11-12 09:53 - 2012-04-02 08:59 - 00000000 ____D C:\Qoobox 2013-11-12 09:53 - 2012-03-10 15:51 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0 2013-11-12 09:51 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2013-11-12 09:40 - 2013-11-12 09:40 - 05145576 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe 2013-11-11 19:51 - 2011-10-01 13:06 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype 2013-11-11 19:50 - 2011-09-26 12:45 - 00000000 ____D C:\ProgramData\Sonic 2013-11-11 18:48 - 2013-11-11 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-11 18:47 - 2013-11-11 18:07 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-11 18:46 - 2013-11-11 18:19 - 00000000 ____D C:\Users\Matt\Desktop\mbar 2013-11-11 18:05 - 2013-11-11 18:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-11 16:48 - 2013-11-11 16:48 - 00002131 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164833.txt 2013-11-11 16:47 - 2013-11-11 16:47 - 00001161 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164731.txt 2013-11-11 16:47 - 2013-04-28 13:46 - 00000000 ____D C:\Users\Matt\Desktop\RK_Quarantine 2013-11-11 14:31 - 2013-11-11 14:31 - 00002163 _____ C:\Users\Matt\Desktop\JRT.txt 2013-11-11 14:29 - 2013-11-11 14:29 - 00000000 ____D C:\Windows\ERUNT 2013-11-11 14:28 - 2013-11-11 14:28 - 01034531 _____ (Thisisu) C:\Users\Matt\Desktop\JRT.exe 2013-11-11 14:24 - 2013-11-11 10:27 - 00000000 ____D C:\AdwCleaner 2013-11-11 14:00 - 2013-11-11 14:00 - 00004529 _____ C:\Users\Matt\Desktop\MBRCheck_11.11.13_14.00.21.txt 2013-11-11 13:31 - 2013-11-11 13:31 - 00000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job 2013-11-11 12:48 - 2013-11-11 12:48 - 00018611 _____ C:\Users\Matt\Desktop\dds.txt 2013-11-11 12:48 - 2013-11-11 12:48 - 00015534 _____ C:\Users\Matt\Desktop\attach.txt 2013-11-11 12:47 - 2011-09-30 21:55 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent 2013-11-11 12:46 - 2013-11-11 12:46 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.scr 2013-11-11 12:20 - 2013-11-11 12:20 - 00002253 _____ C:\Users\Matt\Desktop\RKreport[4]_D_11112013_02d1220.txt 2013-11-11 12:19 - 2013-11-11 12:19 - 00003035 _____ C:\Users\Matt\Desktop\RKreport[3]_S_11112013_02d1219.txt 2013-11-11 11:56 - 2013-11-11 11:56 - 00006576 ____N C:\bootsqm.dat 2013-11-11 10:33 - 2013-05-17 09:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job 2013-11-11 10:27 - 2013-11-11 10:26 - 01085542 _____ C:\Users\Matt\Desktop\AdwCleaner.exe 2013-11-11 10:20 - 2011-10-20 18:59 - 00000000 ____D C:\Users\Matt\Downloads\2011 5.0 pics 2013-11-11 10:16 - 2013-11-11 10:16 - 00000000 ____D C:\Users\Matt\Desktop\New folder (4) 2013-11-11 09:28 - 2013-04-28 13:10 - 04101100 _____ C:\Users\Matt\Desktop\tdsskiller.zip 2013-11-11 09:15 - 2009-07-14 00:13 - 00795040 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-11 08:36 - 2009-07-14 00:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-11-11 08:20 - 2011-09-26 14:08 - 02090457 _____ C:\Windows\WindowsUpdate.log 2013-11-10 20:31 - 2013-05-17 09:35 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job 2013-11-08 08:32 - 2011-09-30 17:26 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla 2013-11-07 08:20 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-07 08:20 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-06 10:59 - 2011-10-01 13:06 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-06 10:59 - 2011-10-01 13:06 - 00000000 ____D C:\ProgramData\Skype 2013-11-06 10:56 - 2011-10-03 09:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\SoftGrid Client 2013-11-06 10:56 - 2011-10-02 12:22 - 00000000 ____D C:\Users\Matt\Downloads\Rank Tracker projects 2013-11-06 10:56 - 2011-10-02 12:20 - 00339984 _____ C:\Users\Matt\.ranktracker.properties 2013-11-06 10:56 - 2011-10-02 12:18 - 00000000 ____D C:\Users\Matt\.ranktracker 2013-11-06 10:56 - 2011-09-30 09:53 - 00001264 _____ C:\Windows\TMFilter.log 2013-11-06 10:56 - 2011-09-30 08:06 - 00000000 ____D C:\Users\Matt 2013-11-05 11:03 - 2013-04-18 15:44 - 00000000 ____D C:\Users\Matt\Documents\Techwood Consulting 2013-10-22 14:43 - 2013-10-22 14:41 - 00000000 ____D C:\Users\Matt\Downloads\The NeverEnding Story[1984]DvDrip[720x436]AC3[6ch][Eng]-RHooD 2013-10-22 14:42 - 2013-10-22 14:42 - 00000000 ____D C:\Users\Matt\Downloads\The.Neverending.Story.1984.720p.BluRay.x264-MELiTE 2013-10-21 11:31 - 2013-10-21 11:31 - 00054073 _____ C:\Users\Matt\Desktop\Tower Lease Broken link report for October 21, 2013.txt 2013-10-18 05:06 - 2013-10-18 05:06 - 00000000 ____D C:\Users\Matt\AppData\Local\FluxSoftware 2013-10-18 05:06 - 2012-01-30 14:17 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\F.lux Some content of TEMP: ==================== C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 05:52 ==================== End Of Log ============================
  14. OK running this one - thank you !! I see now that when I followed first stop i DL one of the sponsored links and installed it thinking i was getting the script - browseroptimizer pro or something I think - so i got that one I saw it in malwarbytes at some point - just FYI
  15. Cannot really get to this step - when I select change parameters and click on loaded modules and too reboot - it reboots but I am doing all this from safe mode, only way the computer works at all - regular mode gives some application.dll error for malwarebytes not from malwarebytes, as if malwarebytes is messed up and then loads desktop but you cannot click on anything at all. So - when it reboots i have to press f8 to get into safe mode but tdskiller is not starting back up automatically when i force it into safemode after the reboot as intructed above - make sense ? Thank you
  16. I disabled windows defender several times it seems to still say it is enabled - ANYWAY here is combofix ComboFix 13-11-11.01 - Matt 11/12/2013 9:45.7.8 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.7068 [GMT -5:00] Running from: c:\users\Matt\Desktop\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 ))))))))))))))))))))))))))))))) . . 2013-11-12 14:51 . 2013-11-12 14:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-12 14:51 . 2013-11-12 14:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-11-12 14:51 . 2013-11-12 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-11 23:07 . 2013-11-11 23:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-11 23:07 . 2013-11-11 23:47 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-11 23:05 . 2013-11-11 23:05 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-11 19:29 . 2013-11-11 19:29 -------- d-----w- c:\windows\ERUNT 2013-11-11 15:27 . 2013-11-11 19:24 -------- d-----w- C:\AdwCleaner 2013-10-18 10:06 . 2013-10-18 10:06 -------- d-----w- c:\users\Matt\AppData\Local\FluxSoftware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 14:32 . 2011-10-01 00:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-30 15:14 . 2013-09-30 15:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-09-30 15:14 . 2013-09-30 15:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-30 15:14 . 2013-09-30 15:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-09-30 15:14 . 2013-09-30 15:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-30 15:14 . 2013-09-30 15:14 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-09-30 15:14 . 2013-09-30 15:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-09-30 15:14 . 2013-09-30 15:14 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-30 15:14 . 2013-09-30 15:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-09-30 15:14 . 2013-09-30 15:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-09-30 15:14 . 2013-09-30 15:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-09-30 15:14 . 2013-09-30 15:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-09-30 15:14 . 2013-09-30 15:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-09-30 15:14 . 2013-09-30 15:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-09-30 15:14 . 2013-09-30 15:14 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-30 15:14 . 2013-09-30 15:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-09-30 15:14 . 2013-09-30 15:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-09-30 15:14 . 2013-09-30 15:14 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-09-30 15:14 . 2013-09-30 15:14 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-30 15:14 . 2013-09-30 15:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-09-30 15:14 . 2013-09-30 15:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-09-30 15:14 . 2013-09-30 15:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-09-30 15:14 . 2013-09-30 15:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-09-30 15:14 . 2013-09-30 15:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-09-30 15:14 . 2013-09-30 15:14 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-30 15:14 . 2013-09-30 15:14 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-09-30 15:14 . 2013-09-30 15:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-09-30 15:14 . 2013-09-30 15:14 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-30 15:14 . 2013-09-30 15:14 81408 ----a-w- c:\windows\system32\icardie.dll 2013-09-30 15:14 . 2013-09-30 15:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-09-30 15:14 . 2013-09-30 15:14 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-30 15:14 . 2013-09-30 15:14 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-30 15:14 . 2013-09-30 15:14 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-09-30 15:14 . 2013-09-30 15:14 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-30 15:14 . 2013-09-30 15:14 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-30 15:14 . 2013-09-30 15:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-09-30 15:14 . 2013-09-30 15:14 441856 ----a-w- c:\windows\system32\html.iec 2013-09-30 15:14 . 2013-09-30 15:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-30 15:14 . 2013-09-30 15:14 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-09-30 15:14 . 2013-09-30 15:14 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-30 15:14 . 2013-09-30 15:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-09-30 15:14 . 2013-09-30 15:14 2647040 ----a-w- c:\windows\system32\iertutil.dll 2013-09-30 15:14 . 2013-09-30 15:14 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-09-30 15:14 . 2013-09-30 15:14 235008 ----a-w- c:\windows\system32\url.dll 2013-09-30 15:14 . 2013-09-30 15:14 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-30 15:14 . 2013-09-30 15:14 216064 ----a-w- c:\windows\system32\msls31.dll 2013-09-30 15:14 . 2013-09-30 15:14 197120 ----a-w- c:\windows\system32\msrating.dll 2013-09-30 15:14 . 2013-09-30 15:14 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-09-30 15:14 . 2013-09-30 15:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-09-30 15:14 . 2013-09-30 15:14 144896 ----a-w- c:\windows\system32\wextract.exe 2013-09-30 15:14 . 2013-09-30 15:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-09-30 15:14 . 2013-09-30 15:14 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-30 15:14 . 2013-09-30 15:14 102912 ----a-w- c:\windows\system32\inseng.dll 2013-09-30 15:14 . 2013-09-30 15:14 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-09-30 15:14 . 2013-09-30 15:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-09-30 15:14 . 2013-09-30 15:14 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-30 15:14 . 2013-09-30 15:14 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-09-30 15:14 . 2013-09-30 15:14 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-09-30 15:14 . 2013-09-30 15:14 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-30 15:14 . 2013-09-30 15:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-09-30 15:14 . 2013-09-30 15:14 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-09-30 15:14 . 2013-09-30 15:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-09-30 15:14 . 2013-09-30 15:14 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-30 15:14 . 2013-09-30 15:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-30 15:14 . 2013-09-30 15:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-09-30 15:14 . 2013-09-30 15:14 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-30 15:14 . 2013-09-30 15:14 149504 ----a-w- c:\windows\system32\occache.dll 2013-09-30 15:14 . 2013-09-30 15:14 13824 ----a-w- c:\windows\system32\mshta.exe 2013-09-30 15:14 . 2013-09-30 15:14 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-30 15:14 . 2013-09-30 15:14 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-09-30 15:14 . 2013-09-30 15:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-09-30 15:14 . 2013-09-30 15:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-09-30 15:12 . 2013-09-30 15:12 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-09-30 15:12 . 2013-09-30 15:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-09-30 15:12 . 2013-09-30 15:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-09-30 15:12 . 2013-09-30 15:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-09-30 15:12 . 2013-09-30 15:12 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-09-30 15:12 . 2013-09-30 15:12 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-09-30 15:12 . 2013-09-30 15:12 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-09-30 15:12 . 2013-09-30 15:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-09-30 15:12 . 2013-09-30 15:12 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-09-30 15:12 . 2013-09-30 15:12 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-09-30 15:12 . 2013-09-30 15:12 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-09-30 15:12 . 2013-09-30 15:12 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-09-30 15:12 . 2013-09-30 15:12 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280] "f.lux"="c:\users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [bU] . c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "RequireSignedAppInit_DLLs"=0 (0x0) "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x] R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x] R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x] R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x] R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x] R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x] R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x] R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRxpx64.sys [x] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjxpx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 14:32] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 14:35] . 2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 14:35] . 2013-11-11 c:\windows\Tasks\Run RoboForm TaskBar Icon.job - c:\program files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2011-10-01 20:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:49267;https=127.0.0.1:49267 uInternet Settings,ProxyOverride = <-loopback> Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\ FF - prefs.js: network.proxy.http - 173.213.90.71 FF - prefs.js: network.proxy.http_port - 55555 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . .txt=GetDiz.TextFile . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mbamchameleon SafeBoot-MBAMSwissArmy AddRemove-Browsersafeguard - c:\users\Matt\AppData\Local\BrowserSafeguard\uninstall.browsersafeguard.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0] "ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-12 09:53:19 ComboFix-quarantined-files.txt 2013-11-12 14:53 ComboFix2.txt 2013-11-11 14:42 ComboFix3.txt 2013-04-28 18:23 ComboFix4.txt 2012-04-06 14:38 ComboFix5.txt 2013-11-12 14:44 . Pre-Run: 338,650,128,384 bytes free Post-Run: 338,610,315,264 bytes free . - - End Of File - - 7ADB634A577F8B18A12508376D6846F4 A36C5E4F47E84449FF07ED3517B43A31 THANK YOU SO MUCH
  17. Ran fixdamage - said it fixed a few things, but still hanging when I try to go back and run anti rootkit defenetly something there, when I try and startup without safe mode computer still acts up - cant really do anything desktop pops up but just cant do anything or click on it.....
  18. I disabled windows defender - still not able to make it through a scan for rootkits in malwarebytes gets hung in .bin sys32 stuff. RUnning fixdamage now
  19. RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Matt [Admin rights] Mode : Scan -- Date : 11/11/2013 16:48:33 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][x][x]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49267;hxxps=127.0.0.1:49267 [Country: , City: ]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [FF][PROXY] 5dgmrkma.default : user_pref("network.proxy.hxxp", "173.213.90.71"); -> FOUND [FF][PROXY] 5dgmrkma.default : user_pref("network.proxy.hxxp_port", 55555); -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST9500423AS +++++ --- User --- [MBR] 499a037b06e6d4eb68ad855b6217ef50 [bSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11112013_164833.txt >> RKreport[0]_S_11112013_164731.txt THANK YOU SIR !!!
  20. Sheesh - desktop opens but sits there then sends a application is not responding window - Do you want to end this process.
  21. Hey guys started with pup.optional.softtonic etc. and ran malwarebytes seem to catch it but - when I run script for quick scan it goes through and doesnt catch anything - when I run full scan it catches 7 things, but then locks up about 2 min into it.....things have gotten worse hard to get to do much of anything not responsive at all not in safe mode - and even safe mode locks up sometimes. This is work computer - gotta get it back going again THANKS !! dds attach.txt : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/30/2011 9:06:01 AM System Uptime: 11/11/2013 12:43:51 PM (0 hours ago) . Motherboard: Dell Inc. | | 0J4TFW Processor: Intel® Core i7-2720QM CPU @ 2.20GHz | CPU 1 | 2195/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 452 GiB total, 315.513 GiB free. D: is FIXED (NTFS) - 14 GiB total, 6.218 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: High Definition Audio Controller Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108 Manufacturer: Microsoft Name: High Definition Audio Controller PNP Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108 Service: HDAudBus . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.20 AccelerometerP11 Adobe AIR Adobe Community Help Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader XI (11.0.02) Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update Article Marketing Robot BioAPI Framework Bonjour BrowserSafeguard with RocketTab Custom CyberLink PowerDVD 9.5 Dell ControlVault Host Components Installer 64 bit Dell Data Protection | Access Dell Data Protection | Access | Drivers Dell Data Protection | Access | Middleware Dell System Manager Dell Touchpad Dell Webcam Central DellAccess DirectX 9 Runtime Dropbox EMBASSY Security Center f.lux Gemalto GetDiz Google Talk Plugin GoToMeeting 5.4.0.1083 Intel® Processor Graphics iTunes Java 7 Update 21 Java Auto Updater Junk Mail filter update Kudos Chat Search Agent Kudos Chat Search v2 LG United Mobile Driver Live! Cam Avatar Creator LogoMaker 3.0 Malwarebytes Anti-Malware version 1.75.0.1300 Market Samurai Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual Basic PowerPacks 10.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 mIRC Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Notepad++ NTRU TCG Software Stack NVIDIA 3D Vision Driver 268.83 NVIDIA Control Panel 268.83 NVIDIA Graphics Driver 268.83 NVIDIA Install Application NVIDIA nView 135.85 NVIDIA nView Desktop Manager NVIDIA Optimus 1.0.23 NVIDIA Stereoscopic 3D Driver NVIDIA Update Components ozTitleGenerator PC-CCID PDF Settings CS5 PhotoShowExpress Preboot Manager Private Information Manager RBVirtualFolder64Inst RoboForm 7-7-4 (All Users) Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SEO PowerSuite Skype Click to Call Skype™ 6.10 Sonic CinePlayer Decoder Pack SPBA 5.9 TeamViewer 7 Trend Micro Client/Server Security Agent Trusted Drive Manager TurboTax 2011 TurboTax 2011 wgaiper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Upek Touchchip Fingerprint Reader VLC media player 1.1.11 Wave Infrastructure Installer Wave Support Software Installer Wicked Article Creator 2.7.0.0 Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR 4.01 (64-bit) WinZip 16.0 . ==== Event Viewer Messages From Past Week ======== . 11/11/2013 9:40:14 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/11/2013 9:33:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 11/11/2013 12:48:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 11/11/2013 12:44:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/11/2013 12:44:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/11/2013 12:44:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/11/2013 12:44:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/11/2013 12:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047} 11/11/2013 12:44:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi Wanarpv6 11/11/2013 12:44:15 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:44:14 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 11/11/2013 12:43:06 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 11/11/2013 12:25:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk. 11/11/2013 12:25:03 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 11/11/2013 12:22:42 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/11/2013 12:22:42 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 11/11/2013 12:22:42 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 11/11/2013 12:22:42 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 11/11/2013 12:22:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The operation completed successfully. 11/11/2013 12:10:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:10:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/11/2013 12:10:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/11/2013 12:09:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vwififlt Wanarpv6 WfpLwf ws2ifsl 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/11/2013 12:09:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. ------------------------ dds.txt---------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.21.2 Run by Matt at 12:47:55 on 2013-11-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.7228 [GMT -5:00] . AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\WUDFHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:49267;https=127.0.0.1:49267 uProxyOverride = <-loopback> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll uRun: [Kudos Chat Search] C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [f.lux] "C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[s2].txt mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: DisableCAD = dword:1 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\14454583435353 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\16474777966696 : DHCPNameServer = 192.168.5.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\341666563333 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\54E434F42554934434534443 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\84E2D4E235E20265963647F62797 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\C4964747C65602D4963737024556373716 : DHCPNameServer = 172.16.12.1 TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\D41647479723 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{FD275379-40AE-4E0D-94E5-2ED7A0734DEA} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll AppInit_DLLs= c:\windows\syswow64\nvinit.dll x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll x64-Notify: igfxcui - igfxdev.dll x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\ FF - prefs.js: network.proxy.http - 173.213.90.71 FF - prefs.js: network.proxy.http_port - 55555 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Matt\AppData\Local\Citrix\Plugins\79\npappdetector.dll FF - plugin: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-26 25960] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-26 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-26 21616] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-11-8 196688] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-26 27760] R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\o2mdrxpx64.sys [2011-9-26 74400] R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjxpx64.sys [2011-9-26 83560] S2 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimi~1\OptProCrash.exe" --> c:\progra~2\optimi~1\OptProCrash.exe [?] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-26 89600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680] S2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] S2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488] S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-27 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-1 701512] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472] S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-22 2848168] S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-3-24 310032] S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-3-24 42768] S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-11-8 338000] S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-10-26 19456] S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-10-26 27648] S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-10-26 27136] S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-10-26 34304] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-26 172704] S3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-9-26 38440] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-26 158976] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-27 25928] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-26 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-26 181248] S3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;C:\Windows\System32\drivers\nwdelgobi3kfilter.sys [2011-9-26 34304] S3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\nwdelserial.sys [2011-9-26 234112] S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-9-26 72808] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-30 1255736] S4 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-4-7 50704] S4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2010-7-21 596032] S4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-7-21 917840] . =============== File Associations =============== . FileExt: .txt: GetDiz.TextFile=C:\Program Files (x86)\GetDiz\GetDiz.exe "%1" FileExt: .ini: GetDiz.IniFile=C:\Program Files (x86)\GetDiz\GetDiz.exe "%1" . =============== Created Last 30 ================ . 2013-11-11 15:27:12 -------- d-----w- C:\AdwCleaner 2013-11-11 15:12:34 -------- d-----w- C:\Users\Matt\AppData\Local\BrowserSafeguard 2013-11-11 14:42:26 -------- d-sh--w- C:\$RECYCLE.BIN 2013-11-11 14:32:58 98816 ----a-w- C:\Windows\sed.exe 2013-11-11 14:32:58 256000 ----a-w- C:\Windows\PEV.exe 2013-11-11 14:32:58 208896 ----a-w- C:\Windows\MBR.exe 2013-10-18 10:06:25 -------- d-----w- C:\Users\Matt\AppData\Local\FluxSoftware . ==================== Find3M ==================== . 2013-10-10 14:32:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-10 14:32:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-30 15:12:51 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-08-20 11:02:14 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll 2013-08-20 11:02:14 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll 2013-08-20 11:02:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-08-20 11:02:12 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys . ============= FINISH: 12:48:48.40 =============== malwarebytes: --- -------------Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.11.07 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 10.0.9200.16686 Matt :: MININT-AH1V0P8 [administrator] 11/11/2013 12:51:56 PM mbam-log-2013-11-11 (12-51-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231507 Time elapsed: 3 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.