Jump to content

reecers

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by reecers

  1. ComboFix 14-08-15.01 - Reece 08/16/2014 10:58:49.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3414 [GMT -5:00] Running from: c:\users\Reece\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\s.bat . . ((((((((((((((((((((((((( Files Created from 2014-07-16 to 2014-08-16 ))))))))))))))))))))))))))))))) . . 2014-08-16 02:00 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E5D6439-4FE8-4F2D-8EB9-291F0EE459B7}\mpengine.dll 2014-08-14 22:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-14 22:03 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-14 22:03 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-14 22:03 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-14 22:03 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-14 22:03 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-14 22:03 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-14 22:03 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-14 22:03 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-14 01:01 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll 2014-08-14 01:01 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-08-13 02:01 . 2014-05-02 17:01 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECECF1D5-B25C-49CD-82AA-67226335A099}\gapaengine.dll 2014-08-04 20:22 . 2014-08-15 00:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-04 20:22 . 2014-08-04 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-04 20:22 . 2014-08-04 20:22 -------- d-----w- c:\programdata\Malwarebytes 2014-08-04 20:22 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-04 20:22 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-04 20:22 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-23 03:27 . 2014-07-23 03:27 -------- d-----w- c:\program files (x86)\ESET 2014-07-23 02:34 . 2014-08-08 00:04 -------- d-----w- C:\AdwCleaner 2014-07-23 02:17 . 2014-07-23 02:17 -------- d-----w- c:\windows\ERUNT 2014-07-22 22:22 . 2014-07-24 01:57 -------- d-----w- c:\programdata\RogueKiller 2014-07-22 22:01 . 2014-07-24 01:57 -------- d-----w- c:\program files (x86)\ERUNT 2014-07-22 00:13 . 2014-07-22 00:16 -------- d-----w- C:\FRST . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-14 22:09 . 2013-05-28 04:32 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-09 23:50 . 2013-03-21 22:36 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-09 23:50 . 2011-07-22 15:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-09 23:50 . 2014-07-09 23:50 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-06-20 20:14 . 2014-07-09 23:04 266424 ----a-w- c:\windows\system32\iedkcs32.dll 2014-06-19 01:39 . 2014-07-09 23:04 23464448 ----a-w- c:\windows\system32\mshtml.dll 2014-06-19 01:06 . 2014-07-09 23:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-06-19 01:06 . 2014-07-09 23:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-06-19 00:48 . 2014-07-09 23:04 2768384 ----a-w- c:\windows\system32\iertutil.dll 2014-06-19 00:42 . 2014-07-09 23:04 548352 ----a-w- c:\windows\system32\vbscript.dll 2014-06-19 00:42 . 2014-07-09 23:04 66048 ----a-w- c:\windows\system32\iesetup.dll 2014-06-19 00:41 . 2014-07-09 23:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-06-19 00:41 . 2014-07-09 23:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-06-19 00:32 . 2014-07-09 23:04 51200 ----a-w- c:\windows\system32\jsproxy.dll 2014-06-19 00:31 . 2014-07-09 23:04 33792 ----a-w- c:\windows\system32\iernonce.dll 2014-06-19 00:26 . 2014-07-09 23:04 598016 ----a-w- c:\windows\system32\ieui.dll 2014-06-19 00:24 . 2014-07-09 23:04 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2014-06-19 00:24 . 2014-07-09 23:04 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-06-19 00:23 . 2014-07-09 23:04 752640 ----a-w- c:\windows\system32\jscript9diag.dll 2014-06-19 00:14 . 2014-07-09 23:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-06-19 00:09 . 2014-07-09 23:04 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2014-06-18 23:59 . 2014-07-09 23:04 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 23:56 . 2014-07-09 23:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-06-18 23:53 . 2014-07-09 23:04 195584 ----a-w- c:\windows\system32\msrating.dll 2014-06-18 23:51 . 2014-07-09 23:04 5721088 ----a-w- c:\windows\system32\jscript9.dll 2014-06-18 23:50 . 2014-07-09 23:04 85504 ----a-w- c:\windows\system32\mshtmled.dll 2014-06-18 23:48 . 2014-07-09 23:04 292864 ----a-w- c:\windows\system32\dxtrans.dll 2014-06-18 23:39 . 2014-07-09 23:04 608768 ----a-w- c:\windows\system32\ie4uinit.exe 2014-06-18 23:38 . 2014-07-09 23:04 455168 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-06-18 23:37 . 2014-07-09 23:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-06-18 23:36 . 2014-07-09 23:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-06-18 23:35 . 2014-07-09 23:04 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-06-18 23:33 . 2014-07-09 23:04 631808 ----a-w- c:\windows\system32\msfeeds.dll 2014-06-18 23:27 . 2014-07-09 23:04 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-06-18 23:27 . 2014-07-09 23:04 2040832 ----a-w- c:\windows\system32\inetcpl.cpl 2014-06-18 23:23 . 2014-07-09 23:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-06-18 23:22 . 2014-07-09 23:04 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-06-18 23:06 . 2014-07-09 23:04 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-06-18 22:58 . 2014-07-09 23:04 2266112 ----a-w- c:\windows\system32\wininet.dll 2014-06-18 22:52 . 2014-07-09 23:04 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-06-18 22:51 . 2014-07-09 23:04 13527040 ----a-w- c:\windows\system32\ieframe.dll 2014-06-18 22:46 . 2014-07-09 23:04 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-06-18 22:45 . 2014-07-09 23:04 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-06-18 22:34 . 2014-07-09 23:04 1393664 ----a-w- c:\windows\system32\urlmon.dll 2014-06-18 22:15 . 2014-07-09 23:04 846336 ----a-w- c:\windows\system32\ieapfltr.dll 2014-06-18 22:13 . 2014-07-09 23:04 1791488 ----a-w- c:\windows\SysWow64\wininet.dll 2014-06-18 02:18 . 2014-07-09 23:04 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 23:04 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-18 01:10 . 2014-07-09 23:04 3157504 ----a-w- c:\windows\system32\win32k.sys 2014-06-06 10:10 . 2014-07-09 23:04 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 23:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 23:03 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 23:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 23:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-09 23:04 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 23:04 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 23:04 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 23:04 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 23:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 23:04 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 23:04 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 23:04 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 23:04 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 23:04 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 23:04 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 23:04 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 23:04 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 23:04 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-09 23:04 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-08-13 1937600] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096] "VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-12-13 383344] "PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-05-23 329056] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-24 224352] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-09 296056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130515.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [x] R1 djdnietn;djdnietn;c:\windows\system32\drivers\djdnietn.sys;c:\windows\SYSNATIVE\drivers\djdnietn.sys [x] R1 gkaoqrsn;gkaoqrsn;c:\windows\system32\drivers\gkaoqrsn.sys;c:\windows\SYSNATIVE\drivers\gkaoqrsn.sys [x] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\Ironx64.SYS [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\SYMEFA64.SYS [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130524.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130524.001\IDSvia64.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1207010.003\SYMNETS.SYS [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x] S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 23:50] . 2014-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000Core.job - c:\users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28 22:13] . 2014-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000UA.job - c:\users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28 22:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2011-05-23 16:41 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-01 1617920] "TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-05-23 9769888] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-05-23 5908928] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-23 114688] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] . ------- Supplementary Scan ------- . uStart Page = www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=070413&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_USERS\S-1-5-21-4252227465-4188545308-1514396572-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4252227465-4188545308-1514396572-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2014-08-16 11:13:41 - machine was rebooted ComboFix-quarantined-files.txt 2014-08-16 16:13 . Pre-Run: 412,337,123,328 bytes free Post-Run: 411,624,173,568 bytes free . - - End Of File - - 08C67293AEFF77B25322DBDF20B8CEEA
  2. nothing came out in either scan, but there was java deleted and temp files were deleted.
  3. well just happend again. Login and goes black. I am going to run malware bytes again and see if it finds anything.
  4. well yesterday it wouldn't let me in normal mode, but now it does. Very confusing. Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Norton AntiVirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 21 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. k i cleaned it out with adware cleaner. By the way I have not lost ability to log in normally at this point, but i can tell computer still feels sluggish again. Should I run malwarebytes again to see if it finds something?
  6. # AdwCleaner v3.216 - Report created 22/07/2014 at 21:35:17 # Updated 17/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Reece - REECE-PC # Running from : C:\Users\Reece\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\searchplugins\bingp.xml Folder Found : C:\Program Files (x86)\InternetHelper1.5 Folder Found : C:\Users\Reece\AppData\Local\Conduit Folder Found : C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Folder Found : C:\Users\Reece\AppData\Local\Ilivid Player Folder Found : C:\Users\Reece\AppData\Local\Zoom_Downloader Folder Found : C:\Users\Reece\AppData\LocalLow\InternetHelper1.5 Folder Found : C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\bflixtoolbar Folder Found : C:\windows\SysWOW64\BrowserProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\5a578f8de56ebd44 Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Found : HKCU\Software\AppDataLow\Software\InternetHelper1.5 Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Found : HKCU\Software\InternetHelper1.5 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKCU\Software\InternetHelper1.5 Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\5a578f8de56ebd44 Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\Software\InternetHelper1.5 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C9B482-DD59-4F5A-A3FE-AC183DF70931} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC963CA6-A094-4767-BB4C-D988250AC6CF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar Key Found : HKLM\Software\Trymedia Systems Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\utic4n2c.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Found : user_pref("browser.search.order.1", "Claro Search"); Line Found : user_pref("browser.search.selectedEngine", "Claro Search"); Line Found : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=HP_ss&mntrId=1aadaba500000000000064d4da5492b4"); [ File : C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js ] Line Found : user_pref("extensions.claro.admin", false); Line Found : user_pref("extensions.claro.aflt", "babsst"); Line Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Line Found : user_pref("extensions.claro.dfltLng", "en"); Line Found : user_pref("extensions.claro.excTlbr", false); Line Found : user_pref("extensions.claro.id", "1aadaba500000000000064d4da5492b4"); Line Found : user_pref("extensions.claro.instlDay", "15697"); Line Found : user_pref("extensions.claro.instlRef", "sst"); Line Found : user_pref("extensions.claro.prdct", "claro"); Line Found : user_pref("extensions.claro.prtnrId", "claro"); Line Found : user_pref("extensions.claro.tlbrId", "claro"); Line Found : user_pref("extensions.claro.vrsn", "1.8.3.10"); Line Found : user_pref("extensions.claro.vrsni", "1.8.3.10"); Line Found : user_pref("extensions.claro_i.smplGrp", "none"); Line Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:35:03"); -\\ Google Chrome v [ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=287&systemid=406&sr=0&q={searchTerms} Found [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201 Found [search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=117452&tt=5112_3&babsrc=SP_ss&mntrId=1aadaba500000000000064d4da5492b4 Found [Extension] : fgkbmedckhcibhkdhaokebnllokeokek ************************* AdwCleaner[R0].txt - [7200 octets] - [22/07/2014 21:35:17] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7260 octets] ########## # AdwCleaner v3.303 - Report created 06/08/2014 at 18:35:36 # Updated 06/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Reece - REECE-PC # Running from : C:\Users\Reece\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js Folder Found : C:\Program Files (x86)\bflixtoolbar Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\InternetHelper1.5 Folder Found : C:\ProgramData\Anti-phishing Domain Advisor Folder Found : C:\Users\Reece\AppData\Local\Conduit Folder Found : C:\Users\Reece\AppData\Local\Zoom_Downloader Folder Found : C:\Users\Reece\AppData\LocalLow\bflixtoolbar Folder Found : C:\Users\Reece\AppData\LocalLow\Conduit Folder Found : C:\Users\Reece\AppData\LocalLow\InternetHelper1.5 Folder Found : C:\Users\Reece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect ***** [ Scheduled Tasks ] ***** Task Found : BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\5a578f8de56ebd44 Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\InternetHelper1.5 Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\InternetHelper1.5 Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKCU\Software\Zugo Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\InternetHelper1.5 Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\5a578f8de56ebd44 Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\Software\InternetHelper1.5 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C9B482-DD59-4F5A-A3FE-AC183DF70931} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC963CA6-A094-4767-BB4C-D988250AC6CF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar Key Found : HKLM\Software\Trymedia Systems Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\utic4n2c.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Found : user_pref("browser.search.order.1", "Claro Search"); Line Found : user_pref("browser.search.selectedEngine", "Claro Search"); Line Found : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=HP_ss&mntrId=1aadaba500000000000064d4da5492b4"); [ File : C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js ] Line Found : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=HP_ss&mntrId=1aadaba500000000000064d4da5492b4"); Line Found : user_pref("avg.install.userSPSettings", "Claro Search"); Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Line Found : user_pref("browser.search.defaultenginename", "Claro Search"); Line Found : user_pref("browser.search.order.1", "Claro Search"); Line Found : user_pref("browser.search.selectedEngine", "Claro Search"); Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Line Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=010712_3"); Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "1aadaba500000000000064d4da5492b4"); Line Found : user_pref("extensions.BabylonToolbar_i.id", "1aadaba500000000000064d4da5492b4"); Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15525"); Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=NT_ss&mntrId=1aadaba500000000000064d4da5492b4"); Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:57:42"); Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Line Found : user_pref("extensions.claro.admin", false); Line Found : user_pref("extensions.claro.aflt", "babsst"); Line Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); Line Found : user_pref("extensions.claro.dfltLng", "en"); Line Found : user_pref("extensions.claro.excTlbr", false); Line Found : user_pref("extensions.claro.id", "1aadaba500000000000064d4da5492b4"); Line Found : user_pref("extensions.claro.instlDay", "15697"); Line Found : user_pref("extensions.claro.instlRef", "sst"); Line Found : user_pref("extensions.claro.prdct", "claro"); Line Found : user_pref("extensions.claro.prtnrId", "claro"); Line Found : user_pref("extensions.claro.tlbrId", "claro"); Line Found : user_pref("extensions.claro.vrsn", "1.8.3.10"); Line Found : user_pref("extensions.claro.vrsni", "1.8.3.10"); Line Found : user_pref("extensions.claro_i.smplGrp", "none"); Line Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:35:03"); -\\ Google Chrome v [ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [19068 octets] - [22/07/2014 21:35:17] AdwCleaner[s0].txt - [7411 octets] - [22/07/2014 21:59:24] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19189 octets] ########## do i want to keep any of this?
  7. k this came back Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/5/2014 Scan Time: 9:21:12 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.05.09 Rootkit Database: v2014.08.04.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Reece Scan Type: Threat Scan Result: Completed Objects Scanned: 339982 Time Elapsed: 17 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Babylon.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [08f5c002f98281b5789b3e2505fdc739], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 17 PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst"), ,[feff536fa1da53e346c6a64d3ec6aa56] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babExt", ""), ,[14e90cb682f9a096f01c7380f0146e92] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=010712_3"), ,[47b68b3785f6ad89af5d28cb966e32ce] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.hardId", "1aadaba500000000000064d4da5492b4"), ,[6c91c101d3a840f665a7d41fda2ae917] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.id", "1aadaba500000000000064d4da5492b4"), ,[21dc3e8499e20f27f7158370d62e06fa] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlDay", "15525"), ,[b04d20a288f350e6be4ec33059ab2fd1] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst"), ,[6598725009720a2c0804b142b84cc63a] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTab", true), ,[f9047b47e3987cbaf319b14220e46f91] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=NT_ss&mntrId=1aadaba500000000000064d4da5492b4"), ,[7885853db3c851e5e923ba398d774bb5] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"), ,[1fde81413e3dc076aa62eb085aaa916f] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"), ,[26d78a38b2c90c2a7894955e8f75d927] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none"), ,[a657a0220c6fb77f40ccd81b23e1ce32] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss"), ,[32cb239f3447d264729a9b586b99966a] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base"), ,[708d536f0a7146f09d6ff102e123669a] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"), ,[4fae19a96813b38341cb49aa2bd907f9] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:57:42"), ,[738adae8bdbe03336d9f25ce39cb9e62] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"), ,[a15c6a58aad1310517f59d56cd37a45c] Physical Sectors: 0 (No malicious items detected) (end)
  8. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/4/2014 Scan Time: 3:23:02 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.04.07 Rootkit Database: v2014.08.01.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Reece Scan Type: Threat Scan Result: Completed Objects Scanned: 339508 Time Elapsed: 12 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [bcdbcff31b60fc3a39d167fb09f9f709], PUP.Optional.Babylon.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, , [bcdbcff31b60fc3a39d167fb09f9f709], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [9403239f4d2e1d1995049f414cb660a0], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [bfd8685ab6c5fd392475d60ae61c47b9], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, , [84138b375b2068cecfa37e9502028e72], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [484fc9f9601bcd69f8798c8746bee818], PUP.Optional.BProtector.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [cec941813c3f4fe72c978591fb09bd43], PUP.Optional.BProtector.A, HKU\S-1-5-21-4252227465-4188545308-1514396572-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\BPROTECTSETTINGS, , [4156f1d188f364d2fcc76fa74fb5cb35], Registry Values: 4 PUP.BProtector, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=HP_ss&mntrId=1aadaba500000000000064d4da5492b4, , [cbccecd6fc7f5adc155e39da7d87a25e] PUP.BProtector, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [67301da513686ccadb99878cc73db64a] PUP.Optional.Conduit, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Reece\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, , [f99eab17077455e1dec9e53c04005fa1] PUP.BProtector, HKU\S-1-5-21-4252227465-4188545308-1514396572-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [cbcca022710a24126c081bf8eb19bc44] Registry Data: 1 PUP.Optional.Conduit, HKU\S-1-5-21-4252227465-4188545308-1514396572-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com?SearchSource=10&ctid=CT3247201&CUI=UN51764802862213041, Good: (www.google.com), Bad: (http://search.conduit.com?SearchSource=10&ctid=CT3247201&CUI=UN51764802862213041),,[01962f93e9922115e45009b7fb09c63a] Folders: 2 PUP.Optional.OpenCandy, C:\Users\Reece\AppData\Roaming\OpenCandy, , [0b8cb60c7407cc6a824c9717788aaa56], PUP.Optional.OpenCandy, C:\Users\Reece\AppData\Roaming\OpenCandy\5EFBB448BD31441FA7B8EC731F3A62B3, , [0b8cb60c7407cc6a824c9717788aaa56], Files: 38 PUP.Optional.InstallIQ.A, C:\Users\Reece\Downloads\7zip_installer_1650.exe, , [93049b272358d5611201e13ff809ef11], PUP.Optional.InstallIQ.A, C:\Users\Reece\Downloads\jenkatarcade_d315013.exe, , [f5a22c96dc9fe74ffc1797890ff2ca36], PUP.Optional.BProtector.A, C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\utic4n2c.default\bprotector_prefs.js, , [85120eb42a51b0865a45876b53af37c9], PUP.Optional.BProtector.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\bprotector_prefs.js, , [17806d557803a88e4e51fcf67e84758b], PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, , [c1d6c7fbfa819a9cb156b96563a14bb5], PUP.Optional.OpenCandy, C:\Users\Reece\AppData\Roaming\OpenCandy\5EFBB448BD31441FA7B8EC731F3A62B3\RealPlayerR71POC5_p2v1.exe, , [0b8cb60c7407cc6a824c9717788aaa56], PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst"), ,[f3a4338fd8a37abc1b1030c13bc9649c] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babExt", ""), ,[a2f5f2d0fd7e44f2200b31c0f0146f91] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=010712_3"), ,[7e19b9097a01c175be6d3ab7d13306fa] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.hardId", "1aadaba500000000000064d4da5492b4"), ,[a9eeaf133843bc7acd5eef0217ed0af6] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.id", "1aadaba500000000000064d4da5492b4"), ,[593eb21083f882b4200b995880849c64] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlDay", "15525"), ,[edaa79490e6dd75f60cb767b26de32ce] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst"), ,[d6c17d45e7943df938f33fb2ff0552ae] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTab", true), ,[5b3c2c96bbc0231360cb2bc6ea1a8080] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.claro-search.com/?affID=117452&tt=5112_3&babsrc=NT_ss&mntrId=1aadaba500000000000064d4da5492b4"), ,[098e784aadce77bf240736bb5ca8e31d] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"), ,[6f28d6ecb2c99e981f0c33bebf4513ed] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"), ,[b0e70eb4f685201626051fd2af55e11f] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none"), ,[d0c76a58512aac8a86a5e01127dd7e82] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss"), ,[5f387052bcbf42f473b8e70a21e38779] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base"), ,[bed9d2f0b7c452e4ff2cf3fe32d2dc24] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"), ,[d4c33f83c1ba8da9fa31668b19eb9d63] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:57:42"), ,[1087a71b87f42c0a9a910de4ee16916f] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"), ,[7225fdc52259c86ec46701f027ddc33d] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=010712_3"), ,[cbcc09b9ee8d4aec119c688842c2e719] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babExt", ""), ,[593e92302655d2649f0e0ee2f50f2fd1] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss"), ,[6136e5dd116ae84e55586789a4607d83] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.id", "1aadaba500000000000064d4da5492b4"), ,[ddba3d851e5d3501f6b7628ed92b07f9] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.hardId", "1aadaba500000000000064d4da5492b4"), ,[37606e5452299b9b09a402ee22e2d927] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlDay", "15525"), ,[85123a88c1bade58981580706a9af20e] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"), ,[6334dce668139c9af8b5ab458c7836ca] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"), ,[badd1da5403bb1859c119f513bc9b64a] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:57:42"), ,[791e21a19edd67cf7637c22e39cb51af] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"), ,[3364f6ccaecd79bd426b0fe1ca3a9f61] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"), ,[326529996e0dd066dfce856b28dcc53b] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst"), ,[890e8042adce33031d90f00054b029d7] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none"), ,[17801fa3f6859a9c6548f9f71be9a35d] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base"), ,[0493a61ce49745f1d1dc4ba57c88cd33] PUP.Optional.Babylon.A, C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst"), ,[55427d459ae1cc6ae5c87f7135cfe818] Physical Sectors: 0 (No malicious items detected) (end) So sorry I had some family matters that happend. I came back to my computer and it started up. I had to uninstall malwarebytes and reinstall to get it to work. When I did a scan this is what happend. I have not done anything just scanned and reported the logs. Thank you for your help
  9. i tried both ways of downloading and installing the ESET program and both times it failed to install.
  10. Ok I believe I followed everything. Here is what happend. Rkill 2.6.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/22/2014 04:59:02 PM in x64 mode. (Safe Mode) Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/22/2014 05:02:55 PM Execution time: 0 hours(s), 3 minute(s), and 52 seconds(s) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/22/2014 Scan Time: 5:06:55 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.22.11 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Reece Scan Type: Threat Scan Result: Completed Objects Scanned: 332227 Time Elapsed: 13 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Reece [Admin rights] Mode : Scan -- Date : 07/22/2014 17:28:10 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 17 ¤¤¤ [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Anti-phishing Domain Advisor : "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSVia64 -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> FOUND ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 5 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ [EAT:Addr] (explorer.exe) DAVHLPR.dll - DllCanUnloadNow : C:\Program Files\EgisTec IPS\IPS.dll @ 0x7fef6b61560 [EAT:Addr] (explorer.exe) DAVHLPR.dll - DllGetClassObject : C:\Program Files\EgisTec IPS\IPS.dll @ 0x7fef6b61590 [EAT:Addr] (explorer.exe) DAVHLPR.dll - DllInstall : C:\Program Files\EgisTec IPS\IPS.dll @ 0x7fef6b61930 [EAT:Addr] (explorer.exe) DAVHLPR.dll - DllRegisterServer : C:\Program Files\EgisTec IPS\IPS.dll @ 0x7fef6b618f0 [EAT:Addr] (explorer.exe) DAVHLPR.dll - DllUnregisterServer : C:\Program Files\EgisTec IPS\IPS.dll @ 0x7fef6b61910 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++ --- User --- [MBR] 6890b8ac39ae79e9e2756001241c9845 [bSP] f0be88fb55b04a1f1268e526f7694ba8 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 565478 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1158510592 | Size: 29692 MB 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1219319808 | Size: 15109 MB User = LL1 ... OK User = LL2 ... OK
  11. I ran maleware bytes on my Lenovo laptop. Running Microsoft security essentials. Running Windows 7 64 bit. I installed and ran your farbar tool. this is what it came up with. It looks pretty bad Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Reece (administrator) on REECE-PC on 21-07-2014 19:15:09 Running from C:\Users\Reece\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation) HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-01] (Intel® Corporation) HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-05-23] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-05-23] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-23] (Lenovo) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. ) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-23] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-05-08] (RealNetworks, Inc.) HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT HKLM-x32\...\Run: [Anti-phishing Domain Advisor] => C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security)) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-4252227465-4188545308-1514396572-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-4252227465-4188545308-1514396572-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-10] (Valve Corporation) HKU\S-1-5-21-4252227465-4188545308-1514396572-1000\...\Run: [Google Update] => C:\Users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-28] (Google Inc.) HKU\S-1-5-21-4252227465-4188545308-1514396572-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-4252227465-4188545308-1514396572-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ URLSearchHook: HKLM-x32 - InternetHelper1.5 Toolbar - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.) URLSearchHook: HKCU - InternetHelper1.5 Toolbar - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {5D36C9E6-3284-4AF4-8A68-AA259B0450EB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201 SearchScopes: HKCU - {5D36C9E6-3284-4AF4-8A68-AA259B0450EB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247201 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_en SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: InternetHelper1.5 Toolbar -> {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -> C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - InternetHelper1.5 Toolbar - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - C:\Program Files (x86)\InternetHelper1.5\prxtbInte.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - No File DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default FF DefaultSearchEngine: Claro Search FF SearchEngineOrder.1: Claro Search FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Claro Search FF Homepage: https://www.google.com/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=070413&q= FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Reece\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Reece\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Reece\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Reece\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\user.js FF Plugin ProgramFiles/Appdata: C:\Users\Reece\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Reece\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\searchplugins\bing-zugo.xml FF SearchPlugin: C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Reece\AppData\Roaming\Mozilla\Firefox\Profiles\1man27sq.default\searchplugins\Search_Results.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-28] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-28] FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-05-23] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn [2011-07-09] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-08] FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48" CHR DefaultSearchKeyword: search.conduit.com CHR DefaultSearchProvider: Conduit CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll No File CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-02] CHR Extension: (Google Search) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-02] CHR Extension: (InternetHelper1.5) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek [2012-10-12] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02] CHR Extension: (Skype Click to Call) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-02] CHR Extension: (Gmail) - C:\Users\Reece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-02] CHR HKCU\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Reece\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx [2012-09-19] CHR HKLM-x32\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Reece\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx [2012-09-19] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-08] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2013-05-14] ==================== Services (Whitelisted) ================= S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed] S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed] S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] () S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-01] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130524.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20130524.009\ENG64.SYS [126040 2013-05-21] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20130524.009\EX64.SYS [2098776 2013-05-21] (Symantec Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-09] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-03-30] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) U3 BcmSqlStartupSvc; U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; S1 djdnietn; \??\C:\windows\system32\drivers\djdnietn.sys [X] U2 DriverService; S1 gkaoqrsn; \??\C:\windows\system32\drivers\gkaoqrsn.sys [X] U2 IAStorDataMgrSvc; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SoftwareService; U3 SQLWriter; U2 Stereo Service; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-21 19:15 - 2014-07-21 19:16 - 00027676 _____ () C:\Users\Reece\Downloads\FRST.txt 2014-07-21 19:13 - 2014-07-21 19:15 - 00000000 ____D () C:\FRST 2014-07-21 19:13 - 2014-07-21 19:13 - 02090496 _____ (Farbar) C:\Users\Reece\Downloads\FRST64.exe 2014-07-20 20:13 - 2014-07-20 20:13 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-20 20:13 - 2014-07-20 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-20 20:13 - 2014-07-20 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-20 20:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-20 20:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-09 18:50 - 2014-07-09 18:50 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-09 18:05 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-07-09 18:05 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-07-09 18:04 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 18:04 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 18:04 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 18:04 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-07-09 18:04 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-07-09 18:04 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 18:04 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-07-09 18:04 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-07-09 18:04 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-07-09 18:04 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-07-09 18:04 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-07-09 18:04 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-07-09 18:04 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-07-09 18:04 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-07-09 18:04 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-07-09 18:04 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-07-09 18:04 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 18:04 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-07-09 18:04 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 18:04 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 18:04 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-07-09 18:04 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-07-09 18:04 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 18:04 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 18:04 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 18:04 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 18:04 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-07-09 18:04 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-07-09 18:04 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-07-09 18:04 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-07-09 18:04 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 18:04 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 18:04 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-07-09 18:04 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-07-09 18:04 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 18:04 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-07-09 18:04 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-07-09 18:04 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-07-09 18:04 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-07-09 18:04 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 18:04 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 18:04 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-07-09 18:04 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 18:04 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 18:04 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 18:04 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 18:04 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 18:04 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 18:04 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-07-09 18:04 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 18:04 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 18:04 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 18:04 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 18:04 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 18:04 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 18:04 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 18:04 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 18:04 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 18:04 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 18:04 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 18:04 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-07-09 18:04 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-07-09 18:04 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-07-09 18:04 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 18:03 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 18:03 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-07-09 18:03 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= 2014-07-21 19:16 - 2014-07-21 19:15 - 00027676 _____ () C:\Users\Reece\Downloads\FRST.txt 2014-07-21 19:15 - 2014-07-21 19:13 - 00000000 ____D () C:\FRST 2014-07-21 19:13 - 2014-07-21 19:13 - 02090496 _____ (Farbar) C:\Users\Reece\Downloads\FRST64.exe 2014-07-21 19:13 - 2009-07-14 00:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-21 19:10 - 2011-05-23 11:55 - 00194063 _____ () C:\windows\system32\fastboot.set 2014-07-21 19:08 - 2011-05-23 11:41 - 04731927 _____ () C:\FaceProv.log 2014-07-21 19:07 - 2014-06-20 18:48 - 00000504 _____ () C:\windows\setupact.log 2014-07-21 19:07 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-20 20:52 - 2011-05-23 11:45 - 01234816 _____ () C:\windows\system32\TPHDLOG0.LOG 2014-07-20 20:44 - 2014-06-20 18:48 - 00008874 _____ () C:\windows\PFRO.log 2014-07-20 20:43 - 2011-05-23 11:07 - 01359122 _____ () C:\windows\WindowsUpdate.log 2014-07-20 20:42 - 2011-02-22 06:19 - 00000000 ____D () C:\windows\Panther 2014-07-20 20:13 - 2014-07-20 20:13 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-20 20:13 - 2014-07-20 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-20 20:13 - 2014-07-20 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-20 20:13 - 2013-05-27 14:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-20 20:13 - 2013-05-26 20:17 - 00000000 ____D () C:\Users\Reece\AppData\Roaming\Malwarebytes 2014-07-20 20:13 - 2013-05-26 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-20 20:11 - 2013-04-28 17:13 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000UA.job 2014-07-20 20:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF 2014-07-20 19:50 - 2013-03-21 17:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-20 15:54 - 2013-04-28 17:13 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000Core.job 2014-07-20 15:47 - 2011-05-23 11:41 - 00000000 ____D () C:\ProgramData\VeriFace 2014-07-19 08:58 - 2011-07-19 18:48 - 00000000 ____D () C:\Users\Reece\AppData\Local\CrashDumps 2014-07-18 22:40 - 2013-06-16 19:42 - 00000000 ____D () C:\Users\Reece\AppData\Roaming\TS3Client 2014-07-18 22:17 - 2013-04-27 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-18 17:52 - 2013-06-16 19:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-07-17 19:41 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-17 19:41 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-12 09:55 - 2011-05-23 11:45 - 05247424 _____ () C:\windows\system32\TPAPSLOG.LOG 2014-07-11 17:37 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache 2014-07-11 17:06 - 2012-10-12 20:27 - 00000000 ____D () C:\ProgramData\Anti-phishing Domain Advisor 2014-07-11 17:04 - 2009-07-13 23:45 - 00282960 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-11 17:02 - 2014-05-07 17:34 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-07-11 17:02 - 2011-02-22 06:42 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 17:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism 2014-07-11 17:02 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism 2014-07-10 17:12 - 2013-07-13 10:12 - 00000000 ____D () C:\windows\system32\MRT 2014-07-10 17:10 - 2013-05-27 23:32 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 18:50 - 2014-07-09 18:50 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-09 18:50 - 2013-03-21 17:36 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 18:50 - 2013-03-21 17:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 18:50 - 2011-07-22 10:47 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-30 18:30 - 2013-05-04 14:50 - 00007598 _____ () C:\Users\Reece\AppData\Local\Resmon.ResmonCfg 2014-06-29 21:09 - 2014-07-09 18:05 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-29 21:04 - 2014-07-09 18:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Jami\AppData\Local\Temp\contentDATs.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 19:02 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by Reece at 2014-07-21 19:16:31 Running from C:\Users\Reece\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Norton AntiVirus (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} AS: Norton AntiVirus (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} ==================== Installed Programs ====================== Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.1.0.1 - Visicom Media Inc. (Powered by Panda Security)) Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.) BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.1.3623 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Intel PROSet Wireless (Version: - ) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation) InternetHelper1.5 Toolbar (HKLM-x32\...\InternetHelper1.5 Toolbar) (Version: 6.9.0.16 - InternetHelper1.5) Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo) Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 18.7.1.3 - Symantec Corporation) PCFriendly (HKLM-x32\...\PCFriendly) (Version: - ) Petz 5 (HKLM-x32\...\{0959198E-9CB6-4BF2-905A-D275DDDED3DC}) (Version: 5.00.000 - ) Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.) Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) Wondershare Video Converter Ultimate(Build 5.7.6.7) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: - Wondershare Software) ==================== Restore Points ========================= 03-07-2014 00:57:55 Windows Update 06-07-2014 16:17:36 Windows Update 10-07-2014 22:06:32 Windows Modules Installer 10-07-2014 22:26:43 Windows Update 14-07-2014 21:41:36 Windows Update 18-07-2014 22:29:47 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {11D3A1FA-ABA5-406C-9F11-92EA0E228DDF} - \BackgroundContainer Startup Task No Task File <==== ATTENTION Task: {1D600185-F83D-4979-8656-67F3D9439265} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {2479B10C-7C77-4BCB-B050-F712F5C750F8} - System32\Tasks\Symantec\Norton Error Processor 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation) Task: {2FB6DEF5-F0B4-4D82-8A91-B6DE2611F06B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000Core => C:\Users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.) Task: {7678642F-0806-4DC7-AD9F-F2CBBC10CBAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {837FBB68-D8DA-423B-B1DB-1D622E38FBF7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4252227465-4188545308-1514396572-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {8BE86A19-C33C-4EC3-90B9-4DF7BCA1C3F1} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.1.3 => C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\SymErr.exe [2012-03-27] (Symantec Corporation) Task: {A067EBCA-74E0-41D6-AFAE-041F1886BF92} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4252227465-4188545308-1514396572-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.) Task: {A36F1C52-5F36-4611-8F9E-CC35DD6C1B5A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink) Task: {A76A6D85-886C-416F-803A-C862B882EAB0} - System32\Tasks\{7D731200-2223-4D53-85E4-ED4F6E157912} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar Task: {C6DEAA8E-D40F-46DE-B362-D4B058FA6354} - System32\Tasks\{24420996-8D52-4DDE-9436-380956848AE3} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar Task: {CD4A05B8-AC6F-4F59-B748-8FFF3EB90083} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000UA => C:\Users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000Core.job => C:\Users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252227465-4188545308-1514396572-1000UA.job => C:\Users\Reece\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-02 07:58 - 2010-11-02 07:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-05-23 11:41 - 2011-05-23 11:41 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll 2014-03-28 21:05 - 2014-06-18 18:35 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2014 07:11:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 09:01:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 08:53:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 08:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 04:12:56 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error: (07/19/2014 08:58:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: jusched.exe, version: 2.1.9.4, time stamp: 0x513f4a9a Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0004866a Faulting process id: 0x1554 Faulting application start time: 0xjusched.exe0 Faulting application path: jusched.exe1 Faulting module path: jusched.exe2 Report Id: jusched.exe3 Error: (07/12/2014 10:20:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PmmUpdate.exe, version: 1.1.39.0, time stamp: 0x4cd3e104 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x08002900 Faulting process id: 0x124c Faulting application start time: 0xPmmUpdate.exe0 Faulting application path: PmmUpdate.exe1 Faulting module path: PmmUpdate.exe2 Report Id: PmmUpdate.exe3 Error: (07/12/2014 09:52:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: visicom_antiphishing.exe, version: 1.0.1.30, time stamp: 0x4e2dbbf2 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x00039342 Faulting process id: 0x14e8 Faulting application start time: 0xvisicom_antiphishing.exe0 Faulting application path: visicom_antiphishing.exe1 Faulting module path: visicom_antiphishing.exe2 Report Id: visicom_antiphishing.exe3 Error: (07/11/2014 05:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 05:06:18 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). System errors: ============= Error: (07/21/2014 07:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:16:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:13:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/21/2014 07:11:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (07/21/2014 07:11:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 09:01:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 08:53:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 08:47:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/20/2014 04:12:56 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error: (07/19/2014 08:58:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jusched.exe2.1.9.4513f4a9aole32.dll6.1.7601.175144ce7b96fc00000050004866a155401cf9d5458d1fd97C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\windows\syswow64\ole32.dllc4f90a9d-0f4c-11e4-84a8-f0def1607cae Error: (07/12/2014 10:20:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PmmUpdate.exe1.1.39.04cd3e104unknown0.0.0.000000000c000000508002900124c01cf9d544fda4d6dC:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeunknown986e14c1-0a3c-11e4-84a8-f0def1607cae Error: (07/12/2014 09:52:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: visicom_antiphishing.exe1.0.1.304e2dbbf2ole32.dll6.1.7601.175144ce7b96fc00000050003934214e801cf9d54587c8a8fC:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exeC:\windows\syswow64\ole32.dll2f850220-09d4-11e4-84a8-f0def1607cae Error: (07/11/2014 05:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 05:06:18 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.