Jump to content

TCooks2007

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Another Update: A slew of suspicious processes have become active: NPStat.exe dvdupgrd.exe fixmapi.exe shrpubw.exe msfeedssync.exe shrpubw.exe upnpcont.exe dllhst3g.exe BFNService.exe I read at least one of these could be related to Trojan Siggen4
  2. Update: I am now receiving warnings from Norton 360 Premier stating it is blocking Trojan:AdClicker, Magnitude, and Trojan:Powelik.
  3. About two months ago, my computer had problems with various viruses and the Poweliks Trojan. I was helped here thankfully, and it appeared my computer was clean. Just a side note: My nephews use my computer quite a bit and I don't know what some of the programs on the computer are. Yesterday the icons on my desktop started blinking, and I noticed many processes showing up as kqjkghfb.exe. In addition, suddenly my programmable gaming keyboard seemed messed up. With no caps lock on, it acted like cap locks was on. I had to put cap locks on to type in lower case, and take it off to type in caps. In addition, it would not type the numbers or periods. On those keys, it would only type the upper row (special characters, etc.). It was like it had been remapped. I tried Ctrl Shift, but that didn't work. I ran malwarebytes anti-malware and the blinking of the icons stopped and the processes showing as kqjkghfb.exe were gone. The keyboard still wasn't acting correctly, so I got a new one that I'm using to type this. It seems to be working fine. I ran the Farbar Recovery Scan Tool, and was wondering if someone could take a look to see if it looked clean or if I have more I should do to clean this up. One thing to note is that I am running windows off my backup on the Recovery Image E: as my windows on the C drive is not working. It won't boot and throws an error. I have looked up how to make a repair disk to repair windows on the C drive, but am still not quite sure how to do it. I say this for two reasons: 1. if you see errors relating to that, then you know what it is, and 2. If you can help me sometime make a repair disc for windows 7 ultimate (steps for dummies) I would appreciate it. If not, I'll figure it out someday or upgrade to 8 or whatever comes next. Thank you for any help or advice you can offer! Toni Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by Owner (administrator) on OWNER-PC on 28-12-2014 08:52:57 Running from C:\Users\Owner\Downloads Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser & DefaultAppPool) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe (Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NETGEAR) D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe (Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Windows\system\3DG4me.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (http://tortoisesvn.net) D:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Acronis) C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor) HKLM\...\Run: [iSW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390736 2010-08-21] (Acronis) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation) HKLM-x32\...\Run: [sAOB Monitor] => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536448 2010-08-20] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5458848 2010-08-21] (Acronis) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [976896 2012-11-28] (Creative Technology Ltd) HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.) HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.) HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-03] (Google Inc.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-02-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148528 2014-02-08] (NVIDIA Corporation) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4204319336-479839968-307364420-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKU\S-1-5-21-4204319336-479839968-307364420-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869 BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File Toolbar: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.) Toolbar: HKU\S-1-5-21-4204319336-479839968-307364420-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) Winsock: Catalog9-x64 15 C:\Windows\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX -> D:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4204319336-479839968-307364420-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF Plugin HKU\S-1-5-21-4204319336-479839968-307364420-1000: ubisoft.com/uplaypc -> D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-28] Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20] CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-22] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-20] (Perfect World Entertainment Inc) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed] R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-04-22] (Creative Technology Ltd) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NETGEARGenieDaemon; D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed] R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-22] () [File not signed] R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [X] S3 Creative Audio Engine Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [X] S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [77648 2012-03-22] (Bigfoot Networks, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-04-22] (Creative Technology Ltd) S3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-22] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-05-19] () R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141226.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation) S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-03-19] (Intel® Corporation) [File not signed] R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-22] (Qualcomm Atheros, Inc.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation) R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] () R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141227.007\ENG64.SYS [129752 2014-12-18] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141227.007\EX64.SYS [2137304 2014-12-18] (Symantec Corporation) R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-07-24] (CACE Technologies, Inc.) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-05-06] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-05-06] () S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-02-20] () R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-03] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) R3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 08:52 - 2014-12-28 08:53 - 00031806 _____ () C:\Users\Owner\Downloads\FRST.txt 2014-12-28 08:49 - 2014-12-28 08:52 - 00000000 ____D () C:\FRST 2014-12-28 08:48 - 2014-12-28 08:48 - 02122752 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe 2014-12-28 08:47 - 2014-12-28 08:47 - 02122752 _____ (Farbar) C:\Users\Owner\Downloads\frst64.exe 2014-12-28 08:47 - 2014-12-28 08:47 - 01114624 _____ (Farbar) C:\Users\Owner\Downloads\frst.exe 2014-12-28 06:05 - 2014-12-28 06:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE 2014-12-27 20:30 - 2014-12-27 20:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-27 11:55 - 2014-12-27 11:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf 2014-12-17 21:59 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 21:59 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-11 03:18 - 2014-12-11 03:18 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 03:00 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 03:00 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 03:00 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-11 03:00 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-11 03:00 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-11 03:00 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-11 03:00 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-11 03:00 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-11 03:00 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-11 03:00 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 17:48 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 17:48 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 17:48 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 17:48 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 17:48 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 17:48 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 17:48 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 17:48 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 17:48 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 17:48 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 17:48 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 17:48 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 17:48 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 17:48 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 17:48 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 17:48 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 17:48 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 17:48 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 17:48 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 17:48 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 17:48 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 17:48 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 17:48 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 17:48 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 17:48 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 17:48 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 17:48 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 17:48 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 17:48 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 17:48 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 17:48 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 17:48 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 17:48 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 17:48 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 17:48 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 17:48 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 17:48 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 17:48 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 17:48 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 17:48 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 17:48 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 17:48 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 17:48 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 17:48 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 17:48 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 17:48 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 17:48 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 17:48 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 17:48 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 17:48 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 17:48 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 17:48 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 17:48 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 17:48 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 17:48 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 17:48 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 17:48 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 17:48 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 17:48 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 17:48 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 17:48 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 17:48 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 17:48 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 17:48 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 17:48 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 17:48 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 17:48 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 17:48 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 17:48 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 17:48 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 17:48 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 17:48 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 17:48 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 17:48 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-28 08:53 - 2013-08-16 21:06 - 00000112 _____ () C:\Windows\seqlog 2014-12-28 08:53 - 2013-08-16 21:02 - 00000512 _____ () C:\Windows\SysWOW64\za_mv_raid.ev 2014-12-28 08:52 - 2013-08-16 21:06 - 74737484 _____ () C:\Windows\backend.log 2014-12-28 08:43 - 2012-01-02 16:22 - 02082420 _____ () C:\Windows\WindowsUpdate.log 2014-12-28 08:30 - 2012-05-15 20:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-28 08:02 - 2012-01-02 20:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-28 06:15 - 2009-07-13 23:13 - 00879192 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-28 05:54 - 2014-11-01 05:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-28 05:54 - 2009-07-13 22:45 - 00028416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-28 05:54 - 2009-07-13 22:45 - 00028416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-28 05:47 - 2013-11-19 16:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment 2014-12-28 05:47 - 2013-08-16 21:06 - 00068290 _____ () C:\Windows\Tray.log 2014-12-28 05:47 - 2013-08-16 21:01 - 00055584 _____ () C:\Windows\SysWOW64\mvaccelerator.log 2014-12-28 05:47 - 2013-08-16 21:01 - 00000241 _____ () C:\Windows\SysWOW64\mvcli.ini 2014-12-28 05:46 - 2014-03-16 11:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Blizzard 2014-12-28 05:46 - 2012-01-17 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-28 05:46 - 2012-01-02 20:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-28 05:46 - 2012-01-02 16:58 - 00414850 _____ () C:\Windows\PFRO.log 2014-12-28 05:46 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-28 05:46 - 2009-07-13 22:51 - 00115026 _____ () C:\Windows\setupact.log 2014-12-28 05:22 - 2014-11-01 05:50 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-28 05:22 - 2014-11-01 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-28 05:19 - 2014-08-17 14:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\TSVNCache 2014-12-27 20:31 - 2014-03-16 11:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net 2014-12-27 20:28 - 2012-01-02 16:22 - 00000000 ____D () C:\Users\Owner 2014-12-23 04:25 - 2013-12-03 19:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps 2014-12-17 07:27 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 03:18 - 2014-05-06 19:11 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 03:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 03:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 03:02 - 2013-08-17 11:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 03:01 - 2012-01-02 15:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 19:30 - 2012-12-29 03:30 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-12-10 19:30 - 2012-05-15 20:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 19:30 - 2012-05-15 20:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 19:30 - 2012-05-15 20:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 17:50 - 2014-03-16 11:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-12-10 17:44 - 2013-11-20 05:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-04 04:56 - 2014-07-29 15:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Package Cache 2014-12-04 04:56 - 2014-07-29 15:09 - 00000000 ____D () C:\ProgramData\Package Cache Files to move or delete: ==================== C:\Users\Owner\IP_Log_Data.js C:\Users\Owner\Network_Meter_Data.js ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-22 03:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014 Ran by Owner at 2014-12-28 08:53:10 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE) 3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation) 3TB+Unlock B11.0919.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE) Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5105 - Acronis) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Archeage Alpha (HKLM-x32\...\Glyph Archeage Alpha) (Version: - Trion Worlds, Inc.) Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.) Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.) AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.) AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.) AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.) AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.) AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.) AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.) AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.) AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.) AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.) AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.) AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.) AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.) AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.) AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.) AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.) Bad Rats (HKLM-x32\...\Steam App 34900) (Version: - Invent4 Entertainment) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version: - Threaks) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None) Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) Company of Heroes (HKLM-x32\...\Steam App 4560) (Version: - Relic Entertainment) Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment) Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version: - Relic Entertainment) Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version: - Relic Entertainment) CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Curse Client - 1 (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited) DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited) Dungeons and Dragons Online (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\DDO_highres_en) (Version: - ) Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software) EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes) EVE Online (HKLM-x32\...\Steam App 8500) (Version: - CCP) EVGA Precision X 4.0.0 (HKLM-x32\...\PrecisionX) (Version: 4.0.0 - EVGA Corporation) Fallout (HKLM-x32\...\Steam App 38400) (Version: - Interplay Inc.) Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios) Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version: - 14° East) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Freelancer (HKLM-x32\...\Freelancer 1.0) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Giana Sisters: Twisted Dreams - Rise of the Owlverlord (HKLM-x32\...\Steam App 246960) (Version: - Black Forest Games) Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Godus (HKLM-x32\...\Steam App 232810) (Version: - ) Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Happy Cloud Client (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\HappyCloud) (Version: 3.41 - Happy Cloud, Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Honorbuddy (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\{5bf9819e-910a-43b3-b906-e9ddc172d672}) (Version: 2.5.12203.759 - Bossland GmbH) Honorbuddy (x32 Version: 2.5.12203.759 - Bossland GmbH) Hidden iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson) InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - ) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel® Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) K-Lite Mega Codec Pack 8.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Landmark Beta (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\SOE-Landmark Beta) (Version: - Sony Online Entertainment) Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version: - TT Games) LEGO Harry Potter: Years 5-7 (HKLM-x32\...\Steam App 204120) (Version: - Traveller's Tales ) LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version: - Traveller's Tales) Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.2013 - Marvell) Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare) Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSI Kombustor 2.2.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.) Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation) NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation) NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation) NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Planet Explorers (HKLM-x32\...\Steam App 237870) (Version: - Pathea Games) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version: - ) PortraitPro 12.2 (HKLM-x32\...\PortraitPro12_is1) (Version: 12.2 - Anthropics Technology Ltd.) PortraitPro 12.2 Trial (HKLM-x32\...\PortraitPro12Trial_is1) (Version: 12.2 - Anthropics Technology Ltd.) PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.317 - Qualcomm Atheros) Qualcomm Atheros Killer Network Manager (Version: 6.1.0.317 - Qualcomm Atheros) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden RUSH (HKLM-x32\...\Steam App 38720) (Version: - Two Tribes) Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - ) SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Sound Blaster Recon3Di (HKLM-x32\...\{FA7F652F-48CA-4932-AE48-CA72FC5EEF99}) (Version: 1.01.00 - Creative Technology Limited) Sound Blaster Recon3Di Extras (HKLM-x32\...\{5C12B035-6632-431F-93AA-E8CB8421E507}) (Version: 1.0 - Creative Technology Limited) Spotify (HKU\S-1-5-21-4204319336-479839968-307364420-1000\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art) The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios) The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames) The Lord of the Rings Online™ v03.02.05.8032 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.02.05.8032 - Turbine, Inc.) The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version: - Frogwares) The Whispered World (HKLM-x32\...\Steam App 18490) (Version: - Daedalic Entertainment) The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED) Toki Tori (HKLM-x32\...\Steam App 38700) (Version: - Two Tribes) Toki Tori 2+ (HKLM-x32\...\Steam App 201420) (Version: - Two Tribes) TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN) TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT) Windborne (HKLM-x32\...\Steam App 221560) (Version: - Hidden Path Entertainment) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Woody Two-Legs Attack of the Zombie Pirates (HKLM-x32\...\Steam App 49320) (Version: - Nitro Games ) World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team) ZoneAlarm Toolbar (Version: - Check Point Software Technologies) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4204319336-479839968-307364420-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4204319336-479839968-307364420-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4204319336-479839968-307364420-1000_Classes\CLSID\{a8c8f39e-66fb-4b86-8418-c5bab9c4f40f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= 26-12-2014 03:00:10 Windows Update 27-12-2014 03:00:10 Windows Update 28-12-2014 05:23:19 Windows Update 28-12-2014 06:11:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2014-11-01 13:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {253392DC-521C-403A-AA67-838A2B852570} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {2E439956-063F-4F8B-9DE2-CDBECA631A39} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {2E8D8E8C-6C81-441A-B304-801CBF3E8291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {3D31D4D4-8666-4A1F-94CA-9DA567954630} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {40C3F41F-F440-462D-A50D-ACDD156AF859} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe Task: {62CFF741-398B-4A58-AB4D-25060905907D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {62F4903E-63C0-4968-8601-FE4872947E06} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {88406EC7-14C2-4076-AB06-ADE8F5E27DC9} - System32\Tasks\{4963A96F-7283-4AE5-A7A3-E574F6E0E7FB} => D:\Program Files (x86)\Steam\Steam.exe [2014-05-29] (Valve Corporation) Task: {88F39BF3-64E3-43BA-84AC-C22E490A8FFB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {9B8178CF-ABD7-49D0-99CF-6E2FDF1E5E74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {9E38F386-2E7D-4258-B9C6-24B84F2E6B4F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {A207002A-6337-4F79-BA8E-DDC093E06109} - System32\Tasks\{922009D0-4409-43CF-AACA-2FF9516DD019} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNTPJ5YI\20141114-002-i32.exe" -d C:\Users\Owner\Desktop Task: {A62B1AF7-04C1-4192-A809-6BD4899C5617} - System32\Tasks\{543C4E68-01CB-4662-BA23-4DE0C8F777ED} => pcalua.exe -a "X:\Software Install\EVGA_PrecisionX_Setup_303.exe" -d "X:\Software Install" Task: {A85175A9-5A4D-405C-95C4-5A548730B847} - System32\Tasks\{FF60708A-27B3-4C96-AD33-6FE8BB32ACCA} => pcalua.exe -a "C:\Program Files (x86)\EVGA Precision\uninstall.exe" Task: {AF39DDD4-356A-4638-BCFE-24EAC160770C} - System32\Tasks\{BA93D62E-34D2-4E57-93F5-722B2E519F17} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NU8OX2U2\MP3CONVERSIONTOOL.EXE" -d C:\Users\Owner\Desktop Task: {B646036D-B1F7-4FB7-8DE6-7906667C0B64} - System32\Tasks\{04AC5C39-50EF-49C8-886F-32FC2545C488} => pcalua.exe -a "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zauninst.exe" Task: {C7682AA1-0706-417E-BD5D-B8B249DA2960} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {D8C5BD2F-2DD7-4790-9761-C19A02031F3A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EC8636F8-C1AF-4A75-82F6-D99E5FB07213} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {F7754B26-29C4-41FD-9EF7-5EFBD0203833} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {F8A85AF2-8CDD-4E11-8F9A-8E1142217D19} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe Task: {F8CB087B-137E-4C83-A9AE-7270510D1ADB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-17 23:57 - 2014-02-08 11:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-08-10 15:10 - 2014-08-10 15:10 - 00076032 _____ () D:\Program Files\TortoiseSVN\bin\TortoiseStub.dll 2013-11-19 08:47 - 2012-03-08 19:45 - 00088856 _____ () D:\Program Files\TortoiseSVN\bin\libsasl.dll 2012-01-03 03:59 - 2009-06-02 02:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2012-03-22 12:23 - 2012-03-22 12:23 - 00492032 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe 2011-05-09 21:46 - 2011-05-09 21:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll 2011-05-09 21:56 - 2011-05-09 21:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll 2011-05-09 21:47 - 2011-05-09 21:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll 2012-03-22 12:23 - 2012-03-22 12:23 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll 2011-05-10 13:32 - 2011-05-10 13:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll 2011-05-09 21:48 - 2011-05-09 21:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll 2012-01-02 16:52 - 2011-04-09 20:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-07-01 18:22 - 2013-05-28 10:56 - 00151552 ____R () C:\Windows\system\3DG4me.exe 2012-06-12 20:34 - 2012-06-12 20:34 - 01213952 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-11-21 20:48 - 2011-11-21 20:48 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll 2014-07-01 18:22 - 2012-06-06 03:56 - 00143360 ____R () C:\Windows\system\3DG4me.dll 2013-08-16 20:56 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-08-10 14:40 - 2014-08-10 14:40 - 00065792 _____ () D:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll 2013-11-19 08:47 - 2012-03-08 19:11 - 00070424 _____ () D:\Program Files\TortoiseSVN\bin\libsasl32.dll 2014-12-11 21:04 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-11 21:04 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-11 21:04 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-11 21:04 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-11 21:04 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24106993.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24106993.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Qualcomm Atheros Killer Network Manager.lnk => C:\Windows\pss\Qualcomm Atheros Killer Network Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui MSCONFIG\startupreg: Dxtory Update Checker 2.0 => D:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-4204319336-479839968-307364420-500 - Administrator - Disabled) ASPNET (S-1-5-21-4204319336-479839968-307364420-1007 - Limited - Enabled) Guest (S-1-5-21-4204319336-479839968-307364420-501 - Limited - Disabled) Owner (S-1-5-21-4204319336-479839968-307364420-1000 - Administrator - Enabled) => C:\Users\Owner UpdatusUser (S-1-5-21-4204319336-479839968-307364420-1005 - Limited - Enabled) => C:\Users\UpdatusUser.Owner-PC ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Qualcomm Atheros AR5BWB222 Wireless Network Adapter #3 Description: Qualcomm Atheros AR5BWB222 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/28/2014 06:07:24 AM) (Source: MouseKeyboardCenter) (EventID: 0) (User: ) Description: Unknown Node:#text --> Error: (12/28/2014 05:46:57 AM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Error: (12/28/2014 05:19:38 AM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Error: (12/27/2014 08:28:53 PM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Error: (12/27/2014 07:53:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000222d2 Faulting process id: 0x17390 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (12/26/2014 08:21:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000222d2 Faulting process id: 0x15e04 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (12/23/2014 05:03:52 PM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Error: (12/23/2014 03:39:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Honorbuddy.exe, version: 2.5.12479.763, time stamp: 0x54989f60 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x11274 Faulting application start time: 0xHonorbuddy.exe0 Faulting application path: Honorbuddy.exe1 Faulting module path: Honorbuddy.exe2 Report Id: Honorbuddy.exe3 Error: (12/21/2014 06:40:33 AM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . Error: (12/19/2014 05:08:35 PM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName . System errors: ============= Error: (12/28/2014 06:14:37 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (12/28/2014 06:14:37 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (12/28/2014 06:14:36 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (12/28/2014 06:14:36 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (12/28/2014 06:14:35 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (12/28/2014 06:12:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2972107). Error: (12/28/2014 06:12:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2979578). Error: (12/28/2014 06:12:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2972216). Error: (12/28/2014 06:12:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2894854). Error: (12/28/2014 06:12:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2978128). Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-11-01 13:58:05.529 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-01 13:58:05.458 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-03 17:12:52.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-03 16:35:18.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-03 05:57:00.413 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-03 05:48:16.806 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-03 05:16:06.377 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-02 20:06:39.352 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-02 19:06:39.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-02 18:39:11.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHz Percentage of memory in use: 21% Total physical RAM: 16271.64 MB Available physical RAM: 12733.79 MB Total Pagefile: 16269.82 MB Available Pagefile: 12410.82 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (OS and Programs) (Fixed) (Total:111.74 GB) (Free:27.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: ( Data) (Fixed) (Total:1757.12 GB) (Free:394.35 GB) NTFS Drive e: (Recovery Image) (Fixed) (Total:105.89 GB) (Free:70.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8C037E2E) Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55 MB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D7B6E72C) Partition 1: (Active) - (Size=1757.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=105.9 GB) - (Type=05) ==================== End Of Log ============================ FRST.txt Addition.txt
  4. MrCharlie helped me clean up a computer with lots of viruses! His isntructions were so easy to follow, and his replies were so fast! Thank you!!!

  5. For some reason it won't let me copy and paste or even Ctl C and Ctl V to this... I apologize; I'm sure it must be operator error. I'll type it in. I hope that's ok. Results of screen317's security check version 0.99.89 Windows Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 Antivirus/Firewall Check: Windows Firewall Enabled! Norton 360 Premier Edition WMI entry may not exist for antivirus; attempting automatic update. Anti-malware/Other Utilities Check: AVS Registry Cleaner 2.3.3.258 Adobe Flash Player 15.0.0.152 Adobe Reader XI Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 Process Check: Objlist.exe by Laurent Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamschedular.exe System Health Check: Total fragmentation on Drive C: 29% Defragment your drive soon! (Do not defrag if SSD!) P.S. My C Drive is SSD.
  6. Attached are the Addition and FRST logs. One thing I forgot to mention is that I also have windows on my D drive. It appears the scans were mainly of the C drive? I have windows on C and a recovery version of that same windows on my D drive. I have been booting with the recovery version off the D drive. Do I need to do anything else to make sure that windows on the D drive is clean? Everything seems to be working well now. Thank you! Addition After Clean 11012014n1.txt FRST After Clean 11012014n1.txt
  7. Thank you so very much! I followed your instructions, and attached are my logs. TDSS killer didn't find any threats. Do the logs look good? My computer seems clean; is it? Is there anything else I need to do? I really appreciate all your help; your instructions were very clear and easy to follow! Fixlog.txt combofix log 11012014n1.txt
  8. I should add that all I did was prior to finding these forums. So, if I did something I shouldn't have done, I apologize, but I didn't know any better.
  9. I really need some help. After my nephew visited and downloaded some games and other things onto my computer so he could play while he was visiting, I started having problems with a slow computer. My Norton 360 kept saying it was blocking a Poweliks Trojan. I show many processes with dllhost.exe and kqikghfb.exe. If they are deleted/ended, they simply come back. I downloaded Malwarebytes, scanned, and quarantined all that showed up as needing fixed. Now, Malwarebytes is constantly blocking attacks and/or intrusions from the following: honeymods.com dllhost.exe appsruors.com Trojan.Gen.2 ffsee.com Attached are my FRST and Addition files. I would really appreciate some help! Thank you! Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.