Jump to content

Search the Community

Showing results for tags 'Google'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Good Afternoon All! I have another home computer that has taken on a pretty awful beast. Long story short, CPU is being overworked by MANY "Google Chrome" described items.. The catch - I don't have google chrome installed! I attached FRST scan and addition to this thread.. Thanks for the help in advance.. FRST.txt Addition.txt
  2. We are running Windows7 Home Edition and have found some suspicious processes running eating up a lot of memory. The process is named Advpiep.exe. It is a 32 bit process and masks itself as part of Google Chrome. We have de-installed GC and see no changes. We see multiple copies of it running at the same time, from 3 to 9 at any given time. Has anyone heard of this program and how does one get rid of it?
  3. I read another post where the poster had the same issues I am dealing with. Gringo was assisting him and told him to download DDS and post the logs. I have done that as well and am wondering if I should post them here or attach as files? Please advise.
  4. I am having trouble with the "PUP.Optional.Trovi.A" virus. Malware bytes find it and I can remove it but it keeps on popping up. It is in my google chrome preferences somehow. I think it might come back b/c of google's cloud system. I tried this guide to remove this exact virus but it didn't work. I also have norton installed but it isn't doing anythign as far as this one goes. guide link: http://malwaretips.com/blogs/pup-optional-trovi-a-virus/#adwcleaner FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014Ran by Jan (administrator) on JANHP on 18-06-2014 14:11:10Running from C:\Users\Jan\DownloadsPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Windows\SysWOW64\PnkBstrB.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Flux Software LLC) C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe(Dropbox, Inc.) C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe() C:\Program Files\Sublime Text 3\sublime_text.exe() C:\Program Files\Sublime Text 3\plugin_host.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-10] (IDT, Inc.)HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\Run: [f.lux] => C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\MountPoints2: {51504baa-7c77-11e3-94d7-806e6f6e6963} - "H:\Install Navigator.exe"HKU\S-1-5-21-4204994677-4138567341-266406142-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-11-28] (Microsoft Corporation) <==== ATTENTION IFEO\epmstartloader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)==================== Internet (Whitelisted) ====================ProxyServer: 192.168.100.100:9999SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8m1b8mck.defaultFF NewTab: about:newtabFF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No FileFF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No FileFF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-15]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-18]Chrome: =======CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=M7E42B965-0888-400B-8A4D-CAC349558988&SearchSource=55&CUI=&UM=5&UP=SP1EE93341-5855-4181-B8DA-C82190EF7F7E&SSPV=CHR Extension: (Magic Actions for YouTube™) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-18]CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-17]CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18]CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-06-17]CHR Extension: (HTTPS Everywhere) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-18]CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-17]CHR Extension: (Ghostery) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-18]CHR Extension: (Cloud9) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-06-18]CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-17]CHR Extension: (Thin Scroll Bar) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmmnceaidnmminjjffpndcbdibelgam [2014-06-18]CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-17]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-18]==================== Services (Whitelisted) =================S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-06] ()R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-06] ()R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)==================== Drivers (Whitelisted) ====================R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-15] (Symantec Corporation)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-15] (Symantec Corporation)S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140617.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.024\ENG64.SYS [126040 2014-02-14] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140617.024\EX64.SYS [2099288 2014-02-14] (Symantec Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-28] ()R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-06-18 14:05 - 2014-06-18 14:11 - 00018063 _____ () C:\Users\Jan\Downloads\FRST.txt2014-06-18 14:05 - 2014-06-18 14:11 - 00000000 ____D () C:\FRST2014-06-18 14:05 - 2014-06-18 14:09 - 00022039 _____ () C:\Users\Jan\Downloads\Addition.txt2014-06-18 14:05 - 2014-06-18 14:05 - 02081280 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe2014-06-18 13:49 - 2014-06-18 13:52 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-18 13:45 - 2014-06-18 13:47 - 10971424 _____ (SurfRight B.V.) C:\Users\Jan\Downloads\HitmanPro_x64.exe2014-06-18 13:44 - 2014-06-18 13:44 - 00001506 _____ () C:\Users\Jan\Desktop\JRT.txt2014-06-18 13:38 - 2014-06-18 13:38 - 01016261 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe2014-06-18 13:38 - 2014-06-18 13:38 - 00000000 ____D () C:\Windows\ERUNT2014-06-18 13:35 - 2014-06-18 13:36 - 00000000 ____D () C:\AdwCleaner2014-06-18 13:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-18 13:34 - 2014-06-18 13:34 - 01333465 _____ () C:\Users\Jan\Downloads\adwcleaner_3.212.exe2014-06-18 10:15 - 2014-06-18 10:15 - 00033177 _____ () C:\Users\Jan\Desktop\DxDiag.txt2014-06-17 20:30 - 2014-06-17 20:39 - 00000000 ____D () C:\Users\Jan\AppData\Local\NPE2014-06-17 20:06 - 2014-06-18 13:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-17 20:06 - 2014-06-17 20:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-06-17 20:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-06-17 20:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-06-16 10:40 - 2014-06-17 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com2014-06-16 10:07 - 2014-06-16 10:07 - 00000000 ____D () C:\Users\Jan\AppData\Local\backburner2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList2014-06-15 08:45 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-06-15 08:45 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-06-15 08:45 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-06-15 08:45 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-06-15 08:45 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-06-15 08:45 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-06-15 08:45 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-06-15 08:45 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-06-15 08:45 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-06-15 08:45 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-06-15 08:45 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-06-15 08:45 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-06-15 08:45 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-06-15 08:45 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-06-15 08:45 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-06-15 08:45 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-06-15 08:45 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-06-15 08:45 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-06-15 08:45 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-06-15 08:45 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-06-15 08:45 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-06-15 08:45 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-06-15 08:45 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-06-15 08:45 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-06-15 08:45 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-06-15 08:45 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-06-15 08:45 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-06-15 08:45 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-06-15 08:45 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-06-15 08:45 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-06-15 08:45 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-06-15 08:45 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-06-15 08:45 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-06-15 08:45 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-06-15 08:45 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-06-15 08:45 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-06-15 08:45 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-06-15 08:45 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-06-15 08:45 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-06-15 08:45 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-06-15 08:45 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-06-15 08:45 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-06-15 08:45 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-06-15 08:45 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-06-15 08:45 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-06-15 08:45 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-06-15 08:45 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-06-15 08:45 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-06-15 08:45 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-06-15 08:45 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-06-15 08:45 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-06-15 08:45 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-06-15 08:45 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-06-15 08:45 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2014-06-15 08:45 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-06-15 08:45 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-06-15 08:45 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-06-15 08:45 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-06-15 08:45 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2014-06-15 08:45 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-06-15 08:45 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2014-06-15 08:45 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-06-15 08:45 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2014-06-15 08:45 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-06-15 08:45 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-06-10 20:30 - 2014-06-10 20:30 - 00000000 ____D () C:\Windows\pss2014-06-07 18:13 - 2014-06-07 18:13 - 00003212 _____ () C:\Windows\System32\Tasks\{135558F8-48E4-415E-AEBF-FB3A84896461}2014-06-07 18:08 - 2014-06-07 18:08 - 00003112 _____ () C:\Windows\System32\Tasks\{8CC68473-5F95-493E-B7D3-DCEC85662B9A}2014-06-06 10:56 - 2014-06-06 10:57 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-04 10:38 - 2014-06-04 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razorworks2014-06-04 10:00 - 2014-06-04 13:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Skype2014-06-04 10:00 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Local\Skype2014-06-02 19:44 - 2014-05-29 19:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-06-02 19:44 - 2014-05-29 19:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-06-02 13:47 - 2014-06-06 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality2014-06-02 13:28 - 2014-06-04 10:39 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-05-31 15:11 - 2014-05-19 19:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-05-31 15:10 - 2014-05-19 22:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-05-31 15:10 - 2014-05-19 22:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-05-31 15:10 - 2014-05-19 22:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-05-31 15:10 - 2014-05-19 22:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-05-31 15:10 - 2014-05-19 22:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-05-31 15:10 - 2014-05-19 22:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-05-31 15:10 - 2014-05-19 22:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-05-31 15:10 - 2014-05-19 22:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-05-31 15:10 - 2014-05-19 22:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-05-31 15:10 - 2014-05-19 22:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-05-31 15:10 - 2014-05-19 22:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-05-31 15:10 - 2014-05-19 22:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-05-31 15:10 - 2014-05-19 22:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll2014-05-31 15:10 - 2014-05-19 22:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-05-31 15:10 - 2014-05-19 22:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-05-24 19:25 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2014-05-24 19:25 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2014-05-23 17:45 - 2014-05-24 12:50 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-05-23 16:58 - 2014-06-06 10:56 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-05-23 16:49 - 2014-05-23 16:49 - 00000533 _____ () C:\Windows\KB893803v2.log2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\Program Files (x86)\Clementine2014-05-19 18:45 - 2014-05-20 08:44 - 00000000 _____ () C:\Users\Jan\Documents\pymel.log2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains==================== One Month Modified Files and Folders =======2014-06-18 14:11 - 2014-06-18 14:05 - 00018063 _____ () C:\Users\Jan\Downloads\FRST.txt2014-06-18 14:11 - 2014-06-18 14:05 - 00000000 ____D () C:\FRST2014-06-18 14:11 - 2014-01-13 10:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Temp2014-06-18 14:09 - 2014-06-18 14:05 - 00022039 _____ () C:\Users\Jan\Downloads\Addition.txt2014-06-18 14:09 - 2011-11-28 12:20 - 01201920 _____ () C:\Windows\WindowsUpdate.log2014-06-18 14:05 - 2014-06-18 14:05 - 02081280 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe2014-06-18 13:57 - 2014-03-13 12:22 - 00000370 _____ () C:\Windows\Tasks\WpsNotifyTask_Jan.job2014-06-18 13:54 - 2014-03-13 12:22 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_Jan.job2014-06-18 13:52 - 2014-06-18 13:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-06-18 13:47 - 2014-06-18 13:45 - 10971424 _____ (SurfRight B.V.) C:\Users\Jan\Downloads\HitmanPro_x64.exe2014-06-18 13:44 - 2014-06-18 13:44 - 00001506 _____ () C:\Users\Jan\Desktop\JRT.txt2014-06-18 13:44 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI2014-06-18 13:44 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-18 13:44 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-18 13:38 - 2014-06-18 13:38 - 01016261 _____ (Thisisu) C:\Users\Jan\Downloads\JRT.exe2014-06-18 13:38 - 2014-06-18 13:38 - 00000000 ____D () C:\Windows\ERUNT2014-06-18 13:38 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Dropbox2014-06-18 13:37 - 2014-06-17 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-18 13:37 - 2014-03-05 08:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-18 13:37 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\DropboxMaster2014-06-18 13:37 - 2011-11-28 12:14 - 00000000 ____D () C:\ProgramData\NVIDIA2014-06-18 13:37 - 2010-11-20 23:47 - 01375506 _____ () C:\Windows\PFRO.log2014-06-18 13:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-18 13:37 - 2009-07-14 00:51 - 00079308 _____ () C:\Windows\setupact.log2014-06-18 13:36 - 2014-06-18 13:35 - 00000000 ____D () C:\AdwCleaner2014-06-18 13:35 - 2014-02-17 19:14 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\KeePass2014-06-18 13:34 - 2014-06-18 13:34 - 01333465 _____ () C:\Users\Jan\Downloads\adwcleaner_3.212.exe2014-06-18 13:13 - 2014-03-05 08:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-18 12:49 - 2014-01-13 10:33 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1958405C-B2A4-43C7-B4D5-D5955E44AE42}2014-06-18 11:29 - 2014-05-14 17:37 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps2014-06-18 10:55 - 2011-02-11 16:29 - 00772558 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-06-18 10:54 - 2011-11-28 12:29 - 00446658 _____ () C:\Windows\DirectX.log2014-06-18 10:15 - 2014-06-18 10:15 - 00033177 _____ () C:\Users\Jan\Desktop\DxDiag.txt2014-06-18 07:34 - 2014-02-12 20:29 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe2014-06-18 07:28 - 2014-02-13 14:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\vlc2014-06-18 07:27 - 2014-01-13 10:33 - 00000000 ___RD () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-06-17 20:39 - 2014-06-17 20:30 - 00000000 ____D () C:\Users\Jan\AppData\Local\NPE2014-06-17 20:32 - 2014-01-13 10:32 - 00070888 _____ () C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT2014-06-17 20:31 - 2009-07-14 00:45 - 04975456 _____ () C:\Windows\system32\FNTCACHE.DAT2014-06-17 20:30 - 2011-11-28 12:31 - 00000000 ____D () C:\ProgramData\Norton2014-06-17 20:13 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media2014-06-17 20:06 - 2014-06-17 20:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-06-17 20:06 - 2014-06-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-17 16:05 - 2014-05-01 18:08 - 00000000 ____D () C:\Windows\Minidump2014-06-17 16:05 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061714-8533-01.dmp2014-06-17 14:52 - 2014-06-16 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com2014-06-17 11:18 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061714-8595-01.dmp2014-06-17 10:08 - 2014-03-05 08:46 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-06-17 10:08 - 2014-03-05 08:46 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-06-16 12:23 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-06-16 10:07 - 2014-06-16 10:07 - 00000000 ____D () C:\Users\Jan\AppData\Local\backburner2014-06-16 10:07 - 2014-02-12 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk2014-06-16 10:01 - 2014-02-17 11:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-06-16 10:00 - 2014-02-13 12:56 - 00000000 ____D () C:\Program Files\Adobe2014-06-16 10:00 - 2014-02-13 11:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-06-16 10:00 - 2014-01-13 10:34 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe2014-06-16 10:00 - 2011-11-28 12:27 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-06-15 16:56 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061514-8143-01.dmp2014-06-15 16:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList2014-06-15 13:57 - 2014-06-15 13:57 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList2014-06-15 13:39 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061514-8299-01.dmp2014-06-10 20:30 - 2014-06-10 20:30 - 00000000 ____D () C:\Windows\pss2014-06-10 18:29 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061014-8314-01.dmp2014-06-10 18:16 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\061014-8751-01.dmp2014-06-09 11:38 - 2014-02-17 11:13 - 00000000 ____D () C:\Users\Jan\Documents\Camtasia Studio2014-06-08 15:23 - 2014-05-04 15:38 - 00000000 ____D () C:\Program Files\Unlocker2014-06-08 15:15 - 2011-11-28 12:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-06-07 18:13 - 2014-06-07 18:13 - 00003212 _____ () C:\Windows\System32\Tasks\{135558F8-48E4-415E-AEBF-FB3A84896461}2014-06-07 18:08 - 2014-06-07 18:08 - 00003112 _____ () C:\Windows\System32\Tasks\{8CC68473-5F95-493E-B7D3-DCEC85662B9A}2014-06-07 09:14 - 2014-02-19 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft2014-06-06 10:57 - 2014-06-06 10:56 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-06 10:56 - 2014-06-02 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality2014-06-06 10:56 - 2014-05-23 16:58 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-06-04 13:46 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Skype2014-06-04 10:52 - 2014-06-04 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razorworks2014-06-04 10:39 - 2014-06-02 13:28 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-06-04 10:00 - 2014-06-04 10:00 - 00000000 ____D () C:\Users\Jan\AppData\Local\Skype2014-06-02 19:44 - 2011-11-28 12:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-05-31 15:12 - 2014-01-13 10:40 - 00000000 ____D () C:\Temp2014-05-31 15:11 - 2014-01-13 14:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-05-30 06:21 - 2014-06-15 08:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-30 06:02 - 2014-06-15 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-30 06:02 - 2014-06-15 08:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-05-30 05:45 - 2014-06-15 08:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-05-30 05:39 - 2014-06-15 08:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-05-30 05:39 - 2014-06-15 08:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-05-30 05:38 - 2014-06-15 08:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-05-30 05:28 - 2014-06-15 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-05-30 05:27 - 2014-06-15 08:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-05-30 05:24 - 2014-06-15 08:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-05-30 05:21 - 2014-06-15 08:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-05-30 05:21 - 2014-06-15 08:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-05-30 05:20 - 2014-06-15 08:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-05-30 05:18 - 2014-06-15 08:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-30 05:11 - 2014-06-15 08:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-05-30 05:08 - 2014-06-15 08:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-05-30 05:06 - 2014-06-15 08:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-05-30 05:02 - 2014-06-15 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-30 04:55 - 2014-06-15 08:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-05-30 04:49 - 2014-06-15 08:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-05-30 04:46 - 2014-06-15 08:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-30 04:44 - 2014-06-15 08:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-05-30 04:44 - 2014-06-15 08:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-05-30 04:43 - 2014-06-15 08:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-05-30 04:42 - 2014-06-15 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-05-30 04:38 - 2014-06-15 08:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-05-30 04:35 - 2014-06-15 08:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-05-30 04:34 - 2014-06-15 08:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-05-30 04:33 - 2014-06-15 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-05-30 04:30 - 2014-06-15 08:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-05-30 04:29 - 2014-06-15 08:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-05-30 04:28 - 2014-06-15 08:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-05-30 04:27 - 2014-06-15 08:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-05-30 04:24 - 2014-06-15 08:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-05-30 04:23 - 2014-06-15 08:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-05-30 04:16 - 2014-06-15 08:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-05-30 04:10 - 2014-06-15 08:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-05-30 04:06 - 2014-06-15 08:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-05-30 04:04 - 2014-06-15 08:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-30 04:02 - 2014-06-15 08:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-05-30 03:56 - 2014-06-15 08:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-05-30 03:56 - 2014-06-15 08:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-05-30 03:54 - 2014-06-15 08:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-05-30 03:50 - 2014-06-15 08:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-05-30 03:49 - 2014-06-15 08:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-05-30 03:43 - 2014-06-15 08:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-05-30 03:40 - 2014-06-15 08:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-05-30 03:30 - 2014-06-15 08:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-05-30 03:21 - 2014-06-15 08:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-05-30 03:15 - 2014-06-15 08:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-05-30 03:13 - 2014-06-15 08:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-05-30 03:13 - 2014-06-15 08:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-05-29 19:07 - 2014-06-02 19:44 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-05-29 19:07 - 2014-06-02 19:44 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-05-29 19:07 - 2014-01-13 14:37 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2014-05-29 19:07 - 2014-01-13 14:37 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2014-05-25 16:50 - 2014-02-27 15:57 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner2014-05-24 19:25 - 2014-01-13 14:39 - 00000000 ____D () C:\Users\Jan\AppData\Local\NVIDIA Corporation2014-05-24 19:25 - 2011-11-28 12:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-05-24 19:13 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\052414-8018-01.dmp2014-05-24 18:36 - 2014-01-13 13:22 - 00338605 ____N () C:\Windows\Minidump\052414-8424-01.dmp2014-05-24 17:00 - 2014-03-30 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-24 12:50 - 2014-05-23 17:45 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-05-24 07:42 - 2014-02-04 16:59 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-23 16:49 - 2014-05-23 16:49 - 00000533 _____ () C:\Windows\KB893803v2.log2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine2014-05-21 11:57 - 2014-05-21 11:57 - 00000000 ____D () C:\Program Files (x86)\Clementine2014-05-21 11:57 - 2014-01-13 10:29 - 00000000 ____D () C:\Users\Jan2014-05-21 08:12 - 2014-02-16 22:31 - 00000132 _____ () C:\Users\Jan\AppData\Roaming\Adobe PNG Format CC Prefs2014-05-20 08:58 - 2014-02-15 11:03 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program2014-05-20 08:44 - 2014-05-19 18:45 - 00000000 _____ () C:\Users\Jan\Documents\pymel.log2014-05-19 22:44 - 2014-05-31 15:10 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-05-19 22:44 - 2014-05-31 15:10 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-05-19 22:44 - 2014-05-31 15:10 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-05-19 22:44 - 2014-05-31 15:10 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-05-19 22:44 - 2014-05-31 15:10 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-05-19 22:44 - 2014-05-31 15:10 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-05-19 22:44 - 2014-05-31 15:10 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-05-19 22:44 - 2014-05-31 15:10 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-05-19 22:44 - 2014-05-31 15:10 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-05-19 22:44 - 2014-05-31 15:10 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-05-19 22:44 - 2014-05-31 15:10 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-05-19 22:44 - 2014-05-31 15:10 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-05-19 22:44 - 2014-05-31 15:10 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll2014-05-19 22:44 - 2014-05-31 15:10 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-05-19 22:44 - 2014-05-31 15:10 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-05-19 22:44 - 2014-01-13 14:35 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-05-19 22:44 - 2014-01-13 14:35 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-05-19 22:44 - 2011-11-28 12:11 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-05-19 22:44 - 2011-11-28 12:11 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-05-19 22:44 - 2011-11-28 12:11 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-05-19 22:44 - 2011-11-28 12:11 - 00026069 _____ () C:\Windows\system32\nvinfo.pb2014-05-19 21:25 - 2011-05-03 04:09 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2014-05-19 21:25 - 2011-05-03 04:09 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2014-05-19 21:25 - 2011-05-03 04:09 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2014-05-19 21:25 - 2011-05-03 04:09 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2014-05-19 21:25 - 2011-05-03 04:09 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2014-05-19 19:10 - 2014-05-31 15:11 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-05-19 13:17 - 2014-05-19 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains2014-05-19 13:17 - 2014-02-04 16:51 - 00000000 ____D () C:\Program Files (x86)\JetBrains2014-05-19 10:02 - 2014-02-12 20:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-19 10:02 - 2014-02-12 20:39 - 00000000 ____D () C:\ProgramData\AdobeSome content of TEMP:====================C:\Users\Jan\AppData\Local\Temp\AcDeltree.exeC:\Users\Jan\AppData\Local\Temp\FNP_ACT_InstallerCA.dllC:\Users\Jan\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-06-18 08:11==================== End Of Log ============================Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014Ran by Jan at 2014-06-18 14:11:24Running from C:\Users\Jan\DownloadsBoot Mode: Normal============================================================================== Security Center ========================AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}==================== Installed Programs ======================802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Flash Player 10 ActiveX (HKLM-x32\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) HiddenBonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)Clementine (HKLM-x32\...\Clementine) (Version: 1.2.3 - Clementine)Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)f.lux (HKCU\...\Flux) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT)Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJetBrains PyCharm 3.1.3 (HKLM-x32\...\PyCharm 3.1.3) (Version: 133.1347 - JetBrains s.r.o.)KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)Kingsoft Office 2013 (9.1.0.4514) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4514 - Kingsoft Corp.)Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) HiddenLogitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Python 2.7 PIL-1.1.7 (HKLM-x32\...\PIL-py2.7) (Version: - )Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) HiddenSamsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) HiddenSublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.296 - TuneUp Software) HiddenTuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) HiddenUnlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)Visual C++ 11.0 CRT (x64) (Version: 11.0 - Microsoft Corporation) HiddenVLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)==================== Restore Points ============================================= Hosts content: ==========================2009-07-13 22:34 - 2014-02-17 11:07 - 00001192 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 lmlicenses.wip4.adobe.com127.0.0.1 lm.licenses.adobe.com127.0.0.1 na1r.services.adobe.com127.0.0.1 hlrcv.stage.adobe.com127.0.0.1 activation.cloud.techsmith.com==================== Scheduled Tasks (whitelisted) =============Task: {03833AC3-CD83-436E-81A9-B4DEDE33189F} - System32\Tasks\WpsNotifyTask_Jan => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-05] (Zhuhai Kingsoft Office Software Co.,Ltd)Task: {1417D688-19C7-4E3A-83C9-78657D6CBC72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {271C8454-DB5B-4952-AAC7-7FAF51328B09} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeTask: {2E62830E-0991-4FCF-90FD-E4E343F56FEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)Task: {32912948-9E31-4D68-A4BA-326BF52379BF} - System32\Tasks\WpsUpdateTask_Jan => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-05] (Zhuhai Kingsoft Office Software Co.,Ltd)Task: {3489E967-D12E-47E5-A038-5FB3E3492F4F} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exeTask: {6470F8B9-4D49-4D3E-85BC-D16098E4AE4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)Task: {662E4B46-22F6-4500-898E-ADB8ECCE0912} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)Task: {6C0EA258-62B0-49A1-A0E6-4636C0A9295C} - System32\Tasks\AdobeAAMUpdater-1.0-JanHP-Jan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)Task: {755A3679-B6CC-4F23-A3BB-1F75C0A79DAB} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {8B5DD9C7-0AD9-4B9A-BE78-9A3C474027D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exeTask: {8EB8B5AD-4990-4A72-92C7-B25C4EB187E1} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {A8375188-C5A7-4545-88E7-F03DEEA6C09A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {B599FFC6-603E-4ACA-B9E3-A07DF1570AAB} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)Task: {C78C1011-8DB1-4413-8A28-A879CA287B0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-08] (Hewlett-Packard)Task: {D8E87C56-2C9B-4B0A-BD49-FA107E191CEF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)Task: {DF386CA3-5B2A-4D4A-80FE-F11288368BC8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {E75C3B35-2B4C-4742-9E4A-B8AB6D06C2D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeTask: {FD286B6C-3830-465E-92F8-0139BC09EAB2} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\WpsNotifyTask_Jan.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exeTask: C:\Windows\Tasks\WpsUpdateTask_Jan.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe==================== Loaded Modules (whitelisted) =============2014-01-13 14:36 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-06-06 10:56 - 2014-06-06 10:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-06-06 10:56 - 2014-06-06 10:57 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2014-04-15 09:59 - 2014-04-15 09:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll2014-02-04 17:08 - 2014-02-12 10:55 - 05482384 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe2014-02-04 17:08 - 2013-12-17 15:22 - 00594432 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe2014-02-04 17:08 - 2013-02-18 17:59 - 01065472 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00108032 _____ () C:\Program Files\Sublime Text 3\_ctypes.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00051200 _____ () C:\Program Files\Sublime Text 3\_socket.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 01702400 _____ () C:\Program Files\Sublime Text 3\_ssl.pyd2014-02-12 11:15 - 2014-02-11 08:32 - 01212416 _____ () C:\Users\Jan\AppData\Roaming\Sublime Text 3\Packages\SublimeCodeIntel\arch\_win64_py33\_SilverCity.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00165376 _____ () C:\Program Files\Sublime Text 3\_elementtree.pyd2014-02-04 17:08 - 2013-02-18 17:59 - 00168448 _____ () C:\Program Files\Sublime Text 3\pyexpat.pyd2014-02-12 11:15 - 2014-02-11 08:32 - 00220672 _____ () C:\Users\Jan\AppData\Roaming\Sublime Text 3\Packages\SublimeCodeIntel\arch\_win64_py33\_ielementtree.pyd2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll2014-06-18 13:37 - 2014-06-18 13:37 - 00043008 _____ () g:\tmp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwjxft.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Jan\AppData\Roaming\Dropbox\bin\libcef.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll2014-06-15 09:06 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-15 09:06 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-15 09:06 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= EXE Association (whitelisted) ================================= MSCONFIG/TASK MANAGER disabled items ============================= Faulty Device Manager Devices =============Name: Microsoft Teredo Tunneling AdapterDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2014-02-14 09:44:59.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:44:59.783 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:23.910 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:23.883 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:22.151 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:43:22.123 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:41:43.131 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:41:43.102 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:22:28.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-02-14 09:22:28.632 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Percentage of memory in use: 21%Total physical RAM: 12268.31 MBAvailable physical RAM: 9601.37 MBTotal Pagefile: 24534.8 MBAvailable Pagefile: 21238.01 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:111.69 GB) (Free:64.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive d: (HP_RECOVERY) (Fixed) (Total:12.24 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: () (Fixed) (Total:111.79 GB) (Free:111.7 GB) NTFSDrive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive g: (HDD) (Fixed) (Total:1080.24 GB) (Free:976.1 GB) NTFSDrive i: (Data) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive n: (ADATA UFD) (Removable) (Total:14.7 GB) (Free:14.7 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: AD0EBD5D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=-1039124135936) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=305 GB) - (Type=83)========================================================Disk: 1 (Size: 112 GB) (Disk ID: 0005169E)Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 112 GB) (Disk ID: 5F923E2E)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 3 (Size: 15 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Addition.txt FRST.txt
  5. Installed Anti Exploit free edition with the hopes of eliminating the constant reinstallment of the pup "conduit" into Google's Chrome. This conduit has the attention of many as it cannot be blocked. Malware Bytes detects it plenty and quarantines the "preferences" file in Chrome, no problem. Upon restart the "conduit" appears again and continues with its interference of mouse and keyboard function. When conduit is removed from Chrome function normalizes somewhat but the best action is to not even open Chrome it seems. Tried all the remedies nothing works. Hoping Anti Exploit gets to this pervasive problem or I will have to give up on the relatively fast Chrome browser.
  6. Dear wonderful expert helpers, I've suspect I have a rootkit infection that is redirecting links to google.com to google.com/webhp instead. This occurs in all 4 browsers (IE, Chrome, Firefox, Opera). I also think it is creating pop-ups. I tried scanning with MalwareBytes Free and Microsoft Security Essentials (with latest definitions on both)—no hits. I also ran CCleaner, adwcleaner and aswMBR but no hits again (CCleaner cleaned some standard junk like Temp Internet Files). I have the aswMBR log but I closed adwcleaner before I realized it does not automatically make a log. I suspect this came from MP3 Skype Recorder (you'll see the program in my logs below), despite being careful to make sure it wasn't installing some 3rd party garbage. The requested FRST64 logs are below. I added the aswMBR log just in case it is useful. I put headers FRST.txt, Addition.txt, and aswMBR.txt to help you Ctrl+F to each quickly. Thank you for your help. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Ro (administrator) on WAYNETECH on 29-04-2014 19:23:54 Running from C:\Users\Ro\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Flux Software LLC) C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [F.lux] => C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [spotify Web Helper] => C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-06-13] (Spotify Ltd) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {5f305cce-0ee6-11e2-96fe-90e6ba104d07} - E:\setup.exe HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {7e36c833-761c-11e3-ba49-90e6ba104d07} - F:\LG_PC_Programs.exe Startup: C:\Users\Rack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ro\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop_List_View_Win7_x64.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.evidera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDF48039BEE3CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 FireFox: ======== FF ProfilePath: C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Extension: LastPass - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\support@lastpass.com [2014-03-21] FF Extension: Facebook Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\facebook@disconnect.me.xpi [2014-04-13] FF Extension: Google Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\google@disconnect.me.xpi [2014-04-13] FF Extension: Remove Cookies for Site - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-23] FF Extension: Download Status Bar - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-24] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-28] CHR Extension: (Google Drive) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28] CHR Extension: (YouTube) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28] CHR Extension: (Adblock Plus) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-28] CHR Extension: (Google Search) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-28] CHR Extension: (Facebook Disconnect) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-06-28] CHR Extension: (AdBlock) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-28] CHR Extension: (JavaScript Popup Blocker) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-06-28] CHR Extension: (Google Wallet) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28] ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-05] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 19:23 - 2014-04-29 19:24 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:22 - 2014-04-29 19:23 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:40 - 2014-04-29 18:57 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-22 12:05 - 2014-04-22 12:06 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2013-08-20 22:23 - 00001159 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-04 14:31 - 2014-04-04 14:35 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-03 10:55 - 2014-04-03 11:04 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2014-04-03 18:59 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-02 20:33 - 2009-05-14 09:26 - 00015416 _____ () C:\Windows\system32\Drivers\ASACPI.sys 2014-04-02 20:33 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys 2014-04-02 20:33 - 2006-01-10 16:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll 2014-04-02 20:33 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll 2014-04-02 20:33 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:27 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-02 20:27 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics ==================== One Month Modified Files and Folders ======= 2014-04-29 19:24 - 2014-04-29 19:23 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:23 - 2014-04-29 19:22 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 19:21 - 2012-09-18 21:59 - 01056408 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 19:19 - 2012-09-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-29 19:19 - 2012-09-19 01:53 - 00000000 ____D () C:\Windows\Panther 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:02 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 19:01 - 2012-10-15 23:26 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-29 18:58 - 2013-09-15 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-29 18:58 - 2012-10-15 23:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-29 18:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-29 18:57 - 2014-04-29 18:40 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-28 12:12 - 2012-09-20 21:12 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\vlc 2014-04-26 15:12 - 2012-11-26 12:51 - 00000000 ____D () C:\Users\Ro\AppData\Local\Black_Tree_Gaming 2014-04-26 15:12 - 2012-09-19 18:00 - 00000000 ____D () C:\Games 2014-04-26 15:11 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-26 09:35 - 2012-11-26 11:55 - 00000000 ____D () C:\Users\Ro\AppData\Local\Skyrim 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-25 19:38 - 2014-02-10 15:43 - 00000000 ____D () C:\Users\Ro\AppData\Local\Paint.NET 2014-04-25 19:27 - 2013-01-20 19:54 - 00000000 ____D () C:\Users\Ro\Desktop\ZOMGPLZ 2014-04-25 07:42 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-24 20:17 - 2012-09-18 21:59 - 00001413 _____ () C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:38 - 2012-11-21 14:41 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Skype 2014-04-24 19:33 - 2014-01-12 19:58 - 00000000 ____D () C:\Users\Ro\AppData\Local\Unity 2014-04-24 19:33 - 2012-10-28 15:52 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins 2014-04-24 08:39 - 2013-10-13 23:06 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll 2014-04-23 08:47 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro 2014-04-22 12:06 - 2014-04-22 12:05 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-18 11:15 - 2012-11-04 17:20 - 00000000 ____D () C:\Users\Ro\Documents\My Games 2014-04-18 08:45 - 2012-11-03 00:36 - 00000000 ____D () C:\Users\Ro\Documents\ZOMGPLZ 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Users\Ro\AppData\Local\Ubisoft Game Launcher 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2012-10-15 23:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-11 19:00 - 2012-10-26 10:21 - 00000000 ____D () C:\Users\Rack\AppData\Roaming\Dropbox 2014-04-11 10:56 - 2012-10-26 10:22 - 00000000 ___RD () C:\Users\Rack\Dropbox 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-10 08:20 - 2012-09-19 17:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-04-08 18:59 - 2014-03-13 22:50 - 00000000 ____D () C:\Users\Ro\AppData\Local\Battle.net 2014-04-08 18:44 - 2014-03-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-04-06 22:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-04 14:35 - 2014-04-04 14:31 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-04 08:18 - 2014-03-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-03 18:59 - 2014-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-03 18:59 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro\AppData\Local\VirtualStore 2014-04-03 15:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-03 11:04 - 2014-04-03 10:55 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2013-07-15 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:28 - 2012-09-19 17:45 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-02 20:27 - 2012-09-19 17:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-04-02 20:27 - 2012-09-19 17:45 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics Some content of TEMP: ==================== C:\Users\Ro\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 09:12 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Ro at 2014-04-29 19:24:11 Running from C:\Users\Ro\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) f.lux (HKCU\...\Flux) (Version: - ) FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX) Folder Size 2.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.8.0.0 - MindGems, Inc.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden LaCie Network Assistant 1.5.16.73 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.16.73 - LaCie) Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.0.128.g3134f863 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - ) ==================== Restore Points ========================= 29-04-2014 22:24:27 Removed MP3 Skype recorder ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-07-07 12:22 - 00575906 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 csh.actiondesk.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 cms.ad2click.nl 127.0.0.1 ad2games.com 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu 127.0.0.1 cl21.v4.adaction.se 127.0.0.1 adadvisor.net 127.0.0.1 tag1.adaptiveads.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {1AA70187-E072-43FE-96D7-ECCA44D4E629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {74A43562-AA48-4BA0-BC29-37D9E1B0BC2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {E3A46183-6069-4025-9C84-33035E3B7DCA} - System32\Tasks\{3A3CA8E3-12CF-4236-A870-C7E512BB18F9} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing Task: {F0C6C727-04A8-4F4E-9759-D6E30473E95F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69526344-1342381157-3629351510-1001Core1cd96b12d111dff.job => C:\Users\Ro\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-15 14:24 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-10-28 15:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-03-29 11:12 - 2014-03-29 11:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-21 19:04 - 2014-03-21 19:04 - 01020928 _____ () C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:02 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4602 System errors: ============= Error: (04/28/2014 00:33:28 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort5. Error: (04/27/2014 08:18:56 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (04/26/2014 06:43:27 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error: (04/26/2014 09:21:09 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/24/2014 08:39:39 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 11:39:40 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 06:35:18 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 08:44:35 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (04/22/2014 11:40:08 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3344 seconds with 1320 seconds of active time. This session ended with a crash. Error: (02/06/2014 10:57:40 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 425 seconds with 240 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 8191.05 MB Available physical RAM: 6384.79 MB Total Pagefile: 16380.29 MB Available Pagefile: 14451.53 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:27.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 56F7885B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ aswMBR.txt aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-04-29 18:45:18 ----------------------------- 18:45:18.680 OS Version: Windows x64 6.1.7601 Service Pack 1 18:45:18.680 Number of processors: 2 586 0x170A 18:45:18.681 ComputerName: WAYNETECH UserName: Ro 18:45:18.835 Initialize success 18:46:23.046 AVAST engine defs: 14042901 18:46:49.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6 18:46:49.724 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 3 18:46:49.728 Disk 0 MBR read successfully 18:46:49.730 Disk 0 MBR scan 18:46:49.737 Disk 0 Windows 7 default MBR code 18:46:49.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:46:49.773 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848 18:46:49.821 Disk 0 scanning C:\Windows\system32\drivers 18:46:55.046 Service scanning 18:47:08.961 Modules scanning 18:47:08.961 Disk 0 trace - called modules: 18:47:08.961 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800704a2c0]<<spjf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 18:47:08.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007679060] 18:47:08.977 3 CLASSPNP.SYS[fffff88001a3e43f] -> nt!IofCallDriver -> [0xfffffa80071b8520] 18:47:08.977 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0xfffffa80071c7060] 18:47:08.992 \Driver\atapi[0xfffffa8007198610] -> IRP_MJ_CREATE -> 0xfffffa800704a2c0 18:47:09.211 AVAST engine scan C:\Windows 18:47:09.788 AVAST engine scan C:\Windows\system32 18:49:02.296 AVAST engine scan C:\Windows\system32\drivers 18:49:07.912 AVAST engine scan C:\Users\Ro 18:51:18.157 AVAST engine scan C:\ProgramData 18:52:57.756 Scan finished successfully 18:56:04.219 Disk 0 MBR has been saved successfully to "C:\Users\Ro\Documents\MBR.dat" 18:56:04.252 The log file has been saved successfully to "C:\Users\Ro\Documents\aswMBR.txt"
  7. Hi, For the last few days Google has been persistently redirecting me to CAPTCHA pages and the like citing "illegal traffic". So I guess my computer is infected? I've done a full scan with Malware Bytes and found a few things (log attached), but the problem hasn't stopped so I don't think I got it. Also attached: DDS log and HJT log Any help would be greatly appreciated, thank you! Tom attach.txt dds.txt hijackthis.log mbam-log-2014-03-18 (14-18-19).txt
  8. Hi there, I recently installed Malwarebyte under a friend's recommendation. I have also started using Google Input Tools on Chrome. On my first try, I noticed that I got a pop up stating that something was blocked successfully on Chrome at the same time I turned on the extension on chrome. The input tool could not be used. I tried installing the extension and the same thing happened. How do I go about unblocking the item that was unblocked? Thanks in advance.
  9. For some reason every time i start up Google Chrome it comes up with a Yahoo search bar page with this in the address bar : http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ch so i Googled Spigot and i found it is some sort of virus (of some description). How do i get rid of it? Please help
  10. Hello. I don't know where else to put this, so I will put it here. One day I was on Google chrome and when I opened a new tab, it went to the bing search engine. I got that fixed, but then my default search engine was bing. The next day(today) it said that someone tried to open my gmail. I just changed my password.The reason i am not scanning with DDS is because this is web malware. Please use web browser/hacker detector scanners instead of normal malware scanners like MBAM, RougeKiller, or ComboFix. Thanks, and I hope you can help. P.S: the email hacker's info and date was: Wednesday, February 19, 2014 11:54:57 PM UTC IP Address: 175.0.235.15 Location: Changsha, Hunan, China
  11. Hi, I have never had a virus before on my computer. Now I got my first virus though. The virus is opening a a webpage a lot: http://reader24h.com/architecture-hide/232-puerta-de-europa--philip-johnson-a-john-burgee%20-%20#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1389575397537&parent=http%3A%2F%2Fwww.travelandtransitions.com&pfname=&rpctoken=47397316 It opens about 20 tabs of this page in chrome (my current and default browser) it opens them as new tabs NOT as new windows. Also google chrome i using a lot of ram. I think it is maxed out at 1.5GB because of this
  12. Hello, I am recently unable to use either the google or yahoo search engine. Some research on another machine tells me this is malware of some sort, but I did a quick scan with my malwarebytes software and nothing came up. It seems mildly familiar to the google redirect virus, but it's not redirecting me. I just can't even get www.google.com to pull up at all on my PC. The google search function in my toolbar won't work either. I am able to get to www.yahoo.com, but once I'm there am unable to perform a search. It just sits there and looks like it's trying to load forever and then a page come up that says "unable to display web page" or something like that. How can I fix this? Thanks.
  13. Hi, I'm embarrassed to ask as this should be an easy one and part of my job is removing virus' from people's computers but I can't seem to kick this one. It's a regular google link hijack that only happens in Firefox when I start a new google search in a new window or sometimes tab. It redirects to another sponsored search of some kind - usually benign and simply annoying rather than dangerous - but of course you don't know what else is going on. All Malwarebytes scans come up clean, as so Windows Defender and Hitman Pro. I have a full copy of Malware bytes. here's the logs and thanks for any help: DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Robin at 22:07:22 on 2013-07-03 Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.16331.10818 [GMT 1:00] . AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Windows\system32\dashost.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\rundll32.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\Pidgin\pidgin.exe C:\Users\Robin\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe C:\Program Files (x86)\nerds.de\LoopBe2\loough.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Users\Robin\AppData\Roaming\Copy\CopyAgent.exe C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE C:\PROGRA~2\Intuit\QUICKB~2\QBDBMgr.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\PROGRA~2\Intuit\QUICKB~2\dbextclr11.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\wwahost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wwahost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [AdobeBridge] <no file> mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [Copy] "C:\Users\Robin\AppData\Roaming\Copy\CopyAgent.exe" StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe2\loough.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{4B1870CC-4438-44F5-AC05-7B76DFBE8295} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{DC7A1243-58A3-4ACA-B15C-681C0F1FA88E} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-mPolicies-System: PromptOnSecureDesktop = dword:0 x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned> x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> Hosts: 184.107.188.204 smithsonmartin.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\hpnratv8.default-1357556451162\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll FF - plugin: C:\Users\Robin\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll FF - plugin: C:\Users\Robin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-1 645952] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-11-13 56336] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-11-1 920736] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-11-1 951936] R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912] R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\Drivers\diginet.sys [2012-12-18 23976] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-11-1 233328] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-1 7168] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-1 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-27 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-27 701512] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-11-9 6370680] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-1-30 1900728] R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-5-18 2938880] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-4 4150112] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-1 365376] R3 bomebus;Bome's Virtual MIDI Port Bus Service;C:\Windows\System32\Drivers\bomebus.sys [2013-1-10 34376] R3 bomemidi;Bome's Virtual MIDI Port;C:\Windows\System32\Drivers\bomemidi.sys [2013-1-10 30792] R3 debutfilter;Debut Filter Driver v6.10.01;C:\Windows\System32\Drivers\debutfilterx64.sys [2012-11-8 32024] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\Drivers\LEqdUsb.sys [2012-9-18 78648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\Drivers\LHidEqd.sys [2012-9-18 15160] R3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);C:\Windows\System32\Drivers\loopbe30.sys [2011-2-26 16896] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-12-27 25928] R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-3 23552] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] R3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\Drivers\ysusb64.sys [2013-1-29 113960] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624] S3 gbxavs;Maschine Midi;C:\Windows\System32\Drivers\gbxavs.sys [2011-7-7 357968] S3 gbxusb_svc;Maschine Controller;C:\Windows\System32\Drivers\gbxusb.sys [2011-7-7 68688] S3 iLokDrvr;Usb Driver;C:\Windows\System32\Drivers\iLokDrvr.sys [2012-5-16 25752] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528] S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\System32\Drivers\mfwamidi64.sys [2012-9-6 32408] S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\System32\Drivers\mfwawave64.sys [2012-9-6 82584] S3 MotuFWA64;MotuFWA64;C:\Windows\System32\Drivers\MotuFWA64.sys [2012-9-6 609944] S3 rspLLL;rspLLL;C:\Windows\System32\Drivers\rspLLL64.sys [2013-6-4 23968] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 synusb64;eLicenser;C:\Windows\System32\Drivers\synusb64.sys [2012-11-1 30352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760] S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-07-03 10:33:55 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E40D2F26-F082-4733-A9DE-83D7BC0CD5AC}\mpengine.dll 2013-07-03 09:40:28 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-07-03 09:21:53 -------- d---a-w- C:\.Trash-999 2013-06-28 02:41:51 243888 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10208.bin 2013-06-26 20:19:56 -------- d-----w- C:\Program Files\Common Files\Intuit 2013-06-25 10:34:53 -------- d-----w- C:\ProgramData\Codemasters 2013-06-24 19:21:47 -------- d-----w- C:\Program Files (x86)\Infogrames 2013-06-24 19:19:09 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2013-06-24 19:19:09 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2013-06-24 19:19:09 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2013-06-24 19:19:09 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2013-06-24 19:19:09 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2013-06-24 19:19:01 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2013-06-24 19:19:00 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2013-06-24 18:41:10 315904 ----a-w- C:\Windows\IsUninst.exe 2013-06-24 17:47:13 2829 ----a-w- C:\Windows\War3Unin.pif 2013-06-24 17:47:13 126976 ----a-w- C:\Windows\War3Unin.exe 2013-06-23 10:58:06 -------- d-----w- C:\Users\Robin\AppData\Roaming\Open DVD Ripper 2013-06-17 14:14:20 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-06-17 14:14:20 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-06-17 14:13:49 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-06-17 14:13:49 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-06-17 14:13:49 542208 ----a-w- C:\Windows\System32\untfs.dll 2013-06-17 14:13:49 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-06-13 08:30:04 17271808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-06-13 08:30:04 16642560 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-06-11 10:33:15 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-06-11 10:33:03 -------- d-----w- C:\Users\Robin\AppData\Roaming\Copy 2013-06-04 10:37:22 23968 ----a-w- C:\Windows\System32\drivers\rspLLL64.sys 2013-06-04 10:37:22 -------- d-----w- C:\Program Files\LatencyMon . ==================== Find3M ==================== . 2013-06-17 13:50:19 223 ---ha-w- C:\Windows\samborombon.dll 2013-06-04 22:09:22 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-04 22:09:22 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe 2013-05-04 07:45:29 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-05-04 07:34:17 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS 2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe 2013-05-04 06:59:51 1483776 ----a-w- C:\Windows\System32\VSSVC.exe 2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe 2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll 2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll 2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll 2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll 2013-05-04 06:59:08 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll 2013-05-04 06:58:54 10116096 ----a-w- C:\Windows\System32\twinui.dll 2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll 2013-05-04 06:58:49 1332736 ----a-w- C:\Windows\System32\sysmain.dll 2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll 2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll 2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll 2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll 2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll 2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll 2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll 2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll 2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll 2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll 2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll 2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll 2013-05-04 06:57:00 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll 2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl 2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe 2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-05-04 04:57:49 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll 2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll 2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll 2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll 2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll 2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll 2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll 2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-04 04:55:58 389632 ----a-w- C:\Windows\SysWow64\intl.cpl 2013-05-04 04:51:38 14848 ----a-w- C:\Windows\System32\rars.rs 2013-05-04 04:48:33 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-05-04 04:48:26 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys 2013-05-04 04:47:02 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys 2013-05-04 04:10:47 14848 ----a-w- C:\Windows\SysWow64\rars.rs 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 02:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 02:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-04-28 22:28:00 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-27 05:20:12 733184 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-23 23:13:53 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-04-23 23:12:44 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-04-23 23:12:44 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-04-23 22:56:35 1255936 ----a-w- C:\Windows\System32\certutil.exe 2013-04-23 22:55:48 68096 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-04-23 22:55:48 1889280 ----a-w- C:\Windows\System32\crypt32.dll 2013-04-23 22:55:48 141312 ----a-w- C:\Windows\System32\cryptnet.dll 2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-13 12:56:32 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-04-13 12:56:32 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll 2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll 2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe 2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll 2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll 2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll 2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll 2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe 2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe 2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe 2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe 2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll . ============= FINISH: 22:07:30.63 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Pro with Media Center Boot Device: \Device\HarddiskVolume1 Install Date: 01/11/2012 10:54:51 System Uptime: 03/07/2013 10:40:17 (12 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V Processor: Intel® Core i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 20.98 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1417.853 GiB free. E: is FIXED (NTFS) - 1863 GiB total, 1572.628 GiB free. F: is FIXED (NTFS) - 932 GiB total, 445.823 GiB free. G: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP48: 24/06/2013 20:21:37 - Installed Enter The Matrix RP49: 03/07/2013 11:27:58 - Installed DirectX . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Ableton Live 9 Suite Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Creative Suite 6 Master Collection Adobe Download Assistant Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Reader XI Adobe Widget Browser Adobe® Content Viewer Amazon MP3 Downloader 1.0.18 Analog Laboratory v1_5_2 Apple Application Support Apple Mobile Device Support Apple Software Update ARP2600 V2 2.5.3 Artisteer 4 Assassin's Creed® III v1.03 Authorizer 1.0.5 Authorizer 2.0 Authorizer Ignition Key Support Avid Effects Avid HD Driver (x64) Avid Pro Tools Avid Virtual Instruments bl Bome's Virtual MIDI Port 1.0.0.11 Bonjour Borderlands 2 Canon MG6100 series MP Drivers Copy CS-80V2 2.5.3 D3DX10 Debut Video Capture Software Decimort 1.3.1 (64bit) DEFCON Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Devastor 1.3.1 (64bit) Dimension Pro 1.5 Dimension Pro Free Expansion Packs 1-3 Drumazon 1.5.1 (64bit) DVD-Cloner V10.00 Build 1202 DVD Architect Pro 5.2 eLicenser Control Emulator 1.4.4 Emulator 1.4.6 Emulator Modular 1.3 eReg Far Cry 3 Fazortan 1.3.1 (64bit) FL Studio 11 FlowStone FL 3.0 IL Download Manager IL Shared Libraries Intel® Management Engine Components Intel® Network Connections 17.2.153.0 Intel® Processor Graphics Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Trusted Connect Service Client iTunes Java 7 Update 21 Java Auto Updater Junk Mail filter update Jupiter-8V2 2.5.3 LatencyMon 5.00 License Support Line 6 Uninstaller Livid Cell Logitech SetPoint 6.51 LoopBe2 - Internal MIDI Ports LuSH-101 1.0.0 (64bit) Magic Bullet Suite 64-bit Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Home and Student 2013 - en-us Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MIDI-OX Mini V 2.5.4 Modular V 2.6.3 Movie Maker Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 Parser and SDK Native Instruments Abbey Road 60s Drums Native Instruments Abbey Road 60s Drums Vintage Native Instruments Abbey Road 70s Drums Native Instruments Abbey Road 80s Drums Native Instruments Abbey Road Modern Drums Native Instruments Absynth 5 Native Instruments Alicias Keys Native Instruments Balinese Gamelan Native Instruments Battery 3 Native Instruments Battery Library Importer for Maschine Native Instruments Berlin Concert Grand Native Instruments Controller Editor Native Instruments Evolve Mutations Native Instruments Evolve Mutations 2 Native Instruments FM8 Native Instruments George Duke Soul Treasures Native Instruments Guitar Rig 5 Native Instruments Guitar Rig Elements for Maschine Native Instruments Guitar Rig Mobile I/O Native Instruments Guitar Rig Pro Library for Maschine Native Instruments Guitar Rig Session I/O Native Instruments Komplete 8 Ultimate Native Instruments Komplete Elements Mk2 Native Instruments Kontakt 5 Native Instruments Kontakt Elements Selection R2 Native Instruments Kontakt Factory Library Native Instruments Maschine Native Instruments Maschine Controller Native Instruments Maschine Controller Driver Native Instruments Maschine Drum Selection Native Instruments Massive Native Instruments New York Concert Grand Native Instruments Rammfire Native Instruments Razor Native Instruments Reaktor 5 Native Instruments Reaktor Elements Selection Native Instruments Reaktor Prism Native Instruments Reaktor Spark R2 Native Instruments Reflektor Native Instruments Rig Kontrol 3 Native Instruments Scarbee Funk Guitarist Native Instruments Scarbee Jay-Bass Native Instruments Scarbee MM-Bass Native Instruments Scarbee MM-Bass Amped Native Instruments Scarbee Pre-Bass Native Instruments Scarbee Pre-Bass Amped Native Instruments Scarbee Vintage Keys Native Instruments Service Center Native Instruments Session Strings Pro Native Instruments Studio Drummer Native Instruments The Finger R2 Native Instruments The Mouth Native Instruments Traktors 12 Native Instruments Transient Master Native Instruments Upright Piano Native Instruments VC 160 Native Instruments VC 2A Native Instruments VC 76 Native Instruments Vienna Concert Grand Native Instruments Vintage Organs Native Instruments West Africa Nepheton 1.5.1 (64bit) Nithonat 1.5.1 (64bit) NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components Oberheim SEM V 1.1.2 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Open DVD Ripper 3.40 Build 508 PDF Settings CS6 ph Phoscyon 1.9.0 (64bit) Photo Common Photo Gallery Picasa 3 Pidgin PrimoPDF -- brought to you by Nitro PDF Software Prism Video File Converter Prophet-V2 2.5.3 PunkBuster Services QuickBooks QuickBooks Premier Edition 2008 QuickBooks Premier Edition 2013 QuickTime Rapture 1.2.2 Realtek High Definition Audio Driver Reason 6.0 Reason 6.5.1 Redoptor 1.3.1 (64bit) Resolume Avenue 4.1.3 SeaTools for Windows Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Sibelius Scorch (Firefox, Opera, Netscape only) SONAR X2 Producer x64 Sony Sound Forge 8.0d Spark Vintage Drum Machines 1.0.2 Spotify StageLight version 1.0 (3456) Steam Steinberg Cubase 6 64bit Steinberg Cubase 7 Steinberg Cubase 7 64bit Steinberg Dark Planet 64bit Steinberg Drum Loop Expansion 01 Steinberg Eucon Adapter 6.5 Steinberg Eucon Adapter 6.5 64bit Steinberg Groove Agent ONE Allen Morgan Signature Drums Steinberg Groove Agent ONE Content Steinberg Groove Agent ONE Vintage Beatboxes Steinberg HALion Sonic SE Steinberg HALion Sonic SE 64bit Steinberg HALion Sonic SE Content Steinberg HALionOne 64bit Steinberg HALionOne Expression Set Steinberg HALionOne GM Drum Set Steinberg HALionOne GM Set Steinberg HALionOne Pro Set Steinberg HALionOne Studio Drum Set Steinberg HALionOne Studio Set Steinberg Hypnotic Dance 64bit Steinberg Instrument Set Dark Planet Steinberg Instrument Set Hypnotic Dance Steinberg Instrument Set Triebwerk Steinberg Instrument Set Zero Gravity Steinberg LoopMash Content Steinberg LoopMash Content 2 Steinberg Midi Loop Library Steinberg Padshop Steinberg Padshop 64bit Steinberg Retrologue Steinberg Retrologue 64bit Steinberg REVerence Content 01 Steinberg Triebwerk 64bit Steinberg Upload Manager Steinberg UR28M Applications Steinberg VST Amp Rack Content 01 SupportSoft Assisted Service Syntorus 1.3.1 (64bit) TeamViewer 8 Toraverb 1.3.1 (64bit) TouchOSC Bridge version 1.0.1 Unity Web Player Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Uplay Vegas Pro 11.0 (64-bit) Vegas Pro 12.0 (64-bit) Visual C++ 64-bit Redistributables Visual C++ Redistributables Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wurlitzer V 1.0.2 Yamaha Steinberg USB Driver . ==== Event Viewer Messages From Past Week ======== . 03/07/2013 11:27:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 03/07/2013 11:27:20, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 03/07/2013 10:42:43, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 03/07/2013 10:42:43, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a log-on failure. 02/07/2013 09:39:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa80179da490, 0x0000007bb4f5000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070213-12187-01. . ==== End Of File ===========================
  14. Help, My first virus. I am freaking out. Whenever I do a google search from the search bar in Firefox/Chrome, my computer redirects to some random site trying to sell me some products. Also, Malwarebytes keeps telling me that it bocked suspicious activity to 109.236.82.107 through port:49242 from program iexplorer.exe. This happened over the last few days. I didn't do any searches on Saturday. So, I could have been infected from Friday to Today. I have been looking at numerous websites. But, I didn't download anything these past few days. I have activity logs from various malware programs that I ran. Please help. I can attach whatever logs you want. Abracadabra
  15. I attached my hijackthis.log. I use McAfee Anti-Virus, Malwarebytes, and Spybot Search and Destroy. None of these seem to find the problem. Thankfully McAfee blocks the sites when they pop up and ask me if I'm sure I want to vist them. The problem started several months ago before I installed Malwarebytes and Spybot. When I run Spybot it seems to clear up for a short while before returing. My understanding is it may bit a root kit virus and I've had no luck getting rid of it myself. I'm fairly tech savvy but I'm no expert and this driving me insane. The redirect seems to happen on several search engines but I normally use google. I use Firefox but have also experienced the problem in Google Chrome and IE. Help at this point would be greatly appreciated. hijackthis.log
  16. PLEASE HELP! i just got this virus which has blocked all of these sites ! and i cannot use those sites anymore! i used malwarebytes and it didnt help!!! PLEASE GIVE ME A SOLUTION! whenever i go to these sites , they redirect me to this! please view the image!
  17. I do not know a lot about computers I need help. I am get sent to all kinds of sites. I am getting pop ups. The Malwarebytes that I am a paying member is not fully protested nor will my firewall work. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Bobby at 9:13:37 on 2012-12-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1764 [GMT -6:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\system32\dldtcoms.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.gmail.com/ uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned> uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll Trusted Zone: $talisma_url$ DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{41F10B22-D76D-4363-A57C-27706C3364D3} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{54A4FC6A-9B22-4065-9589-834F34BF9278} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{C6EA4EC8-0A3A-41F9-B151-2F68B1DE9BD4} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C6EA4EC8-0A3A-41F9-B151-2F68B1DE9BD4}\2796368616274637E65677 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{C6EA4EC8-0A3A-41F9-B151-2F68B1DE9BD4}\E4544574541425 : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\ecxudfw3.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-8 98208] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 dldt_device;dldt_device;C:\Windows\System32\dldtcoms.exe -service --> C:\Windows\System32\dldtcoms.exe -service [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-2 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-2 676936] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-2-11 517632] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-2 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-9-8 1225832] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-15 57280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-8-23 40320] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-17 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== Created Last 30 ================ . 2012-12-06 06:40:57 -------- d-----w- C:\Users\Bobby\AppData\Local\Macromedia 2012-12-06 06:40:17 -------- d-----w- C:\Users\Bobby\AppData\Local\Mozilla 2012-12-02 13:42:20 0 ----a-w- C:\Windows\SysWow64\shoFAA8.tmp 2012-12-02 12:18:09 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-12-02 12:17:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-02 12:17:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-02 12:17:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-26 05:51:19 -------- d-----w- C:\ProgramData\Recovery 2012-11-26 04:31:00 -------- d-----w- C:\ProgramData\Grisoft 2012-11-26 04:08:41 -------- d-----w- C:\Program Files (x86)\Zone Labs 2012-11-26 04:06:48 -------- d-----w- C:\Windows\Internet Logs 2012-11-15 15:31:34 0 ----a-w- C:\Windows\SysWow64\sho24E0.tmp 2012-11-15 08:42:01 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 08:42:01 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 08:42:01 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 08:42:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:33:30 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 08:33:30 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 08:33:29 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 08:33:29 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-15 08:33:28 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 08:33:28 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 08:33:28 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 01:38:51 -------- d-----we C:\Windows\system64 2012-11-15 01:27:55 -------- d-----w- C:\Users\Bobby\AppData\Local\DownTango 2012-11-15 01:27:45 -------- d-----w- C:\Program Files (x86)\Red Sky . ==================== Find3M ==================== . 2012-11-17 19:38:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-17 19:38:11 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-24 20:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-24 20:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-20 22:02:06 1832760 ----a-w- C:\Windows\System32\LogiLDA.DLL 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 9:14:32.52 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/26/2010 12:04:09 PM System Uptime: 12/12/2012 6:37:25 AM (3 hours ago) . Motherboard: Hewlett-Packard | | 1605 Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 216 GiB total, 105.244 GiB free. D: is FIXED (NTFS) - 16 GiB total, 2.325 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP194: 11/28/2012 8:25:45 AM - Windows Update RP195: 12/5/2012 6:30:26 AM - Restore Operation . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 Apple Application Support Apple Software Update AT&T Service & Support Tool att.net Internet Mail att.net Toolbar Bejeweled 2 Deluxe Blackhawk Striker 2 Build-a-lot 2 calibre CCleaner Chuzzle Deluxe CinemaNow Media Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam D3DX10 Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 FATE Final Drive Nitro Flickr Uploadr 3.2.1 Google Drive Google Talk (remove only) Google Talk Plugin Google Update Helper Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.2.0 HP Advisor HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant HP Wireless Assistant HTC BMP USB Driver HTC Driver Installer HTC Sync Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 37 Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint LeapFrog Connect LeapFrog LeapPad Explorer Plugin Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Camera Codec Pack Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Movie Maker Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) NHRA Drag Racing 2 Opera 12.11 Paint.NET v3.5.10 Pandora Penguins! Photo Common Photo Gallery Photo Viewer PhotoNow! Picasa Web Albums Live Publisher Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver REALTEK Wireless LAN Software Recovery Manager Roxio CinemaNow 2.0 RtVOsd Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Shutterfly Express Uploader Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) Virtual Families Virtual Villagers - The Secret City Wheel of Fortune 2 Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/8/2012 7:40:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 12/6/2012 11:19:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service. 12/5/2012 4:35:25 AM, Error: Schannel [36887] - The following fatal alert was received: 42. 12/5/2012 2:00:41 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 12/12/2012 6:40:09 AM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s). 12/12/2012 6:37:47 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 12/12/2012 6:37:46 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 12/12/2012 6:37:45 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 12/11/2012 11:50:03 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80054bfb30, 0xfffffa80054bfe10, 0xfffff800031df460). A dump was saved in: C:\Windows\Minidump\121112-37955-01.dmp. Report Id: 121112-37955-01. 12/10/2012 9:01:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================
  18. Hi, I'm not a computer moron, but i have had no real luck removing the virus on this computer, and am begging for some assistance. This is my girlfriends laptop, so I have no real idea of how she got the virus, but it has been redirecting and on occasion causing pop-ups. I haven't run anything crazy like combofix, but have been using malwarebytes, the full version. I have read some of the other threads on the topic and have a basic idea of how the process works, but I have never actually posted on the forum. Any help would be greatly appreciated.
  19. I have been getting these "Google Detects Unusuall Traffic for your Network" messages on my computer. Other comptuers on our home network have also been getting these messages. I am not sure why I am getting these message but I have the paid version of Avast and I scanned all of our computers. It found a few infected files in the Temp Files folders but we still get these messages about once a week. At first I thought it could be our network was hacked, but I use a plugin called SEOQuake and read that can cause these Google messages. I disabled and uninstalled it this morning. Could this really be the issue? It would make sense as the plugin pulls info automatically and obviously much quicker from Google and other sources then what you would be able to do yourself. I just want to make sure our comptuers are not comprosied. Any advice or help would be appreciated.
  20. A plea from a very frustrated person. About me. I am computer literate but not too technically qualified. I am keen to learn but sometimes I don't understand all of the technical terms so forgive me. I apoligise. My home computer started to slow down about two weeks ago. I then noticed that Google was redirecting my searches to somewhere other than where I wanted to go. I was told this was the dreaded 'Google Hijack virus'. In the last week I have; * restored my computer to a previous restore point. * ran Mcafee's 'Stinger' and 'Rootkiller' software. *ran Malwarbytes software. Upgraded to Pro version. * tried numerous offerings from Mr Microsoft. What happens now is the computer appears to be working fine, if a little slow. The hard disk light shows a lot of activity. Google will search for individual items but now instead of redirecting to a rogue site it crashes. I then have to shut down Explorer and start again. I am running Windows 7, Inernet explorer 9. All suggestions would be gratefully accepted. I know there is lots of information and possible cures about this problem on this site already but I didn't want to go ahead and implement one without some advice first. Thanks for you comments and time.
  21. Hello All, I've been using this forum to try to rid my laptop of this Google Redirect Virus, but nothing seems to take. If someone could please help me out, it would be really appreciated. Here are my logs: DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by JOVY at 17:20:37 on 2012-10-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1421 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Canon\DIAS\CnxDIAS.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DCD8641A-2A95-4BA3-B3B4-D8100439DFDE}\0527573616346513 : DHCPNameServer = 75.49.64.94 68.94.156.1 192.168.40.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyy.dll FF - plugin: c:\program files\baidu\baiduplayer\1.12.0.11\npxbdyyreg.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\users\jovy\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-08-24 16:33; closetabstotheright@4kwh.net; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\closetabstotheright@4kwh.net.xpi FF - ExtSQL: 2012-08-24 17:08; firegestures@xuldev.org; c:\users\jovy\appdata\roaming\mozilla\firefox\profiles\qt30ff31.default\extensions\firegestures@xuldev.org.xpi . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-2 116648] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 115168] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] . =============== Created Last 30 ================ . 2012-10-16 22:33:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\offreg.dll 2012-10-16 22:32:38 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{927ce751-6edf-411f-bcf4-b7d56f452e64}\mpengine.dll 2012-10-16 22:23:19 -------- d-----w- C:\$RECYCLE.BIN 2012-10-16 22:21:50 -------- d-----w- c:\users\jovy\appdata\local\temp 2012-10-16 01:43:56 -------- d-----w- c:\users\jovy\appdata\local\Macromedia 2012-10-05 23:29:35 -------- d-----w- c:\program files\CCleaner 2012-10-05 22:43:23 98816 ----a-w- c:\windows\sed.exe 2012-10-05 22:43:23 256000 ----a-w- c:\windows\PEV.exe 2012-10-05 22:43:23 208896 ----a-w- c:\windows\MBR.exe 2012-10-05 22:38:35 -------- d-----w- c:\users\jovy\appdata\local\VirtualStore 2012-10-05 22:34:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-05 22:03:34 388096 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-10-05 22:03:34 -------- d-----w- c:\program files\Trend Micro 2012-10-05 22:03:06 -------- d-----w- c:\program files\VS Revo Group 2012-10-02 01:27:06 -------- d-----w- c:\users\jovy\appdata\local\webkit 2012-09-27 04:13:37 -------- d-----w- c:\programdata\RegRun 2012-09-27 04:13:24 2 --shatr- c:\windows\winstart.bat 2012-09-17 23:04:15 -------- d-----w- c:\programdata\Sophos 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:49 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-09-17 23:02:45 73728 ----a-r- c:\users\jovy\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-09-17 23:02:29 -------- d-----w- c:\program files\Sophos 2012-09-17 23:00:47 -------- d-----w- c:\users\jovy\appdata\roaming\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-17 23:00:15 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2012-10-15 23:54:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-15 23:54:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 22:34:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-05 22:34:37 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 17:21:01.15 =============== . ******** UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2/10/2012 2:35:59 AM System Uptime: 10/16/2012 3:22:28 PM (2 hours ago) . Motherboard: Dell Inc. | | 0WY040 Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1601/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 26 GiB total, 5.651 GiB free. D: is FIXED (NTFS) - 48 GiB total, 10.012 GiB free. E: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02281028&REV_12\4&39A5768A&0&0BF0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02281028&REV_12\4&39A5768A&0&0AF0 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Dell Wireless 1490 Dual Band WLAN Mini-Card Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Manufacturer: Broadcom Name: Dell Wireless 1490 Dual Band WLAN Mini-Card PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&4A128E6&0&00E1 Service: BCM43XX . ==== System Restore Points =================== . RP192: 10/16/2012 3:14:13 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI BaiduPlayer1.12.0.11 Canon MF Toolbox 4.9.1.1.mf12 Canon MF4320-4350 CCleaner Daum PotPlayer 1.5.31934 Dell Touchpad foobar2000 v1.1.11 GIMP 2.8.0 Google Chrome Google Update Helper HiJackThis Java 7 Update 7 Java Auto Updater JDownloader 0.9 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Antimalware Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service Revo Uninstaller 1.94 Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Sophos Virus Removal Tool Spotify SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VirtualCloneDrive XnView 1.98.8 . ==== Event Viewer Messages From Past Week ======== . 10/16/2012 3:18:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/16/2012 3:00:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 10/15/2012 4:58:28 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/15/2012 4:58:28 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 10/15/2012 4:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 10/12/2012 12:35:17 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/10/2012 9:06:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================
  22. Okay... I recently did a clean reinstall of windows for this exact reason. I have a rootkit.0acces/rootkit.0access.64 infection, as well as Trojan.BCMiner or dropper, I can't remember. The reinstall eliminated the problem for a while, but yesterday I began having issues with Google-related services again. As of now I can't even navigate to the main website. ( http://puu.sh/1ct8c ) I am also experienceing problems (as before) with windows services, Bonjour and the like no longer work correctly. I apologize for not following normal procedures (as far as checking for existing threads) but I'm freaking out about this because I need this laptop for school and work. I'll attach anything you may need here: GUI scan results: http://puu.sh/1ctdll (Duplicated because I didn't restart after scanning this time) Log : http://puu.sh/1ctca Thanks for any support. Note; TDSKiller failed to fix any of this before.
  23. I am not exactly sure where to put this since it could be a legitimate infection or a false positive. Microsoft security essentials active protection has been flagging chromeupdate.crx as a variant of the Medfos.B trojan. When I scan that file with SE, MalwareBytes, and ESET, nothing comes up, only in SE active protection. I have done a full system scan using all three AV's listed above, nothing. I have since uninstalled Microsoft SE and installed a trial of Nod32. Nod32 active protection does not flag this file as an issue, nor does a system scan come up with anything. Here is a list of suspcious files: C:\Users\Chris\AppData\Local\Google\Chrome\Application\22.0.1229.79\Extensions\chromeupdate.crx *\cdjbnddbclciabnckgeahmneohjlahdm.json C:\Users\Chris\AppData\Local\chromeupdate.crx The .json file was never flagged, but its registry key points to chromeupdate.crx None of these files are on my other computers that have Chrome installed. Uninstalling and reinstalling Google Chrome does not change anything. No other symptoms of an infection other than the flagged file. Lastly, in the Google Chrome browser extensions list there is an extension that is called GoogleChromeUpdater that I am 99% certain is not legitimate. This last bit is what convinced me that this is not a false positive, but in fact an infection that is evading major AV programs. Attached is a screen shot of the Google Chrome Extensions. Any help is apprectiated. Thank you.
  24. So, recently I started getting my Google and Yahoo links redirected when I opened them in a new window. It happens about 1/3 of the time. It appears to happen only in Firefox, not IE. I tried all the steps of resetting Firefox and removing cookies and add-ons, but it keeps coming back. I ran Malwarebytes when this first started and I also ran Malwarebytes just now. I updated in Safe Mode With Networking, then shut down and restarted in full Safe Mode just to be sure. No infections were found. I installed a redirect blocker add-on to Firefox, and it seems to be working but I don't want to leave whatever this is in my system. Oh, this has been going on for between 7-12 days I think. At first I thought it was problems with the websites, then I figured if I waited a few days Malwarebytes would be updated to fix it. Now I'm contacting you all. Here's the DDS stuff (I wasn't sure which part of McAfee was the Script Blocker, so I shut it all down when I ran the program. It's normally up): . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Blevins at 1:56:37 on 2012-10-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6534 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\mfevtps.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox mStart Page = hxxp://search.coupons.com/ mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626233021.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [wmpmic] "C:\Windows\System32\rundll32.exe" "C:\Users\Blevins\AppData\Roaming\wmpmic.dll",init_mmx_flags mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot StartupFolder: C:\Users\Blevins\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Impulse\Now\ImpulseNow.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 172.16.0.1 TCP: Interfaces\{0E202E70-4BCB-4752-9D6E-8F3E498104D5} : DhcpNameServer = 172.16.0.1 TCP: Interfaces\{76991D54-D520-42E3-BB98-C9A1B6F526AA} : DhcpNameServer = 172.16.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626233021.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll BHO-X64: TBSB07898 - No File BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Blevins\AppData\Roaming\Mozilla\Firefox\Profiles\61fkxzme.default-1348990963794\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Blevins\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13592] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-29 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-29 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-29 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-15 1258856] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-31 1692480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-15 250288] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-22 10:38:51 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-16 10:22:18 -------- d-----w- C:\Users\Blevins\AppData\Roaming\NVIDIA 2012-09-15 08:00:06 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-09-15 08:00:06 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-09-15 08:00:06 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-09-15 08:00:06 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-09-15 08:00:06 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-09-15 08:00:06 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-09-15 08:00:06 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-09-15 07:58:19 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-09-15 07:55:56 -------- d-----w- C:\NVIDIA 2012-09-14 12:49:12 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-09-13 08:56:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-13 08:56:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-12 10:19:37 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-09-11 11:28:16 -------- d-----w- C:\Users\Blevins\AppData\Roaming\Ad-Aware Antivirus 2012-09-11 07:39:08 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-11 07:37:05 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll 2012-09-11 07:36:57 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-09-11 07:36:53 150736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll 2012-09-11 07:36:51 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll 2012-09-08 11:30:57 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2012-09-08 11:30:57 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2012-09-08 11:30:57 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2012-09-05 23:57:08 -------- d-----w- C:\ProgramData\225932FD16A4C19BCDC3199BF875F002 2012-09-05 23:56:49 -------- d-----w- C:\Users\Blevins\AppData\Local\{54C1A0CC-F7B5-11E1-8270-B8AC6F996F26} . ==================== Find3M ==================== . 2012-09-22 10:38:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-22 10:38:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-20 23:27:09 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 23:27:09 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-11 07:36:48 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-09-11 07:36:48 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-30 17:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-08-22 08:28:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 08:28:32 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 08:28:32 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-14 07:11:14 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-08-14 07:11:12 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-07-28 05:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-28 05:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-28 05:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-28 05:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-28 05:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-28 05:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-28 05:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll . ============= FINISH: 1:57:08.92 =============== Attach.txt
  25. I have a virus where anytime I click a link from a Google search, I'm redirected to a spam website. I had this issue this past weekend, but Maniac helped me get rid of it (see: http://forums.malwarebytes.org/index.php?showtopic=116257). Unfortunately, the issue came back - I don't know how this happened. Can someone please help me permaneately remove this annoying, invasive virus? I've included the Malwarebytes Antivirus log, DDS.txt, and Attach.txt below. Thank you for your help and support! Malwarebytes Antivirus Log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bobby :: BOBBY-THINK [administrator] 9/26/2012 2:55:37 PM mbam-log-2012-09-26 (14-55-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200092 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Bobby\AppData\Local\Temp\0.48053279246894465 (Trojan.Happili) -> Quarantined and deleted successfully. (end) DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2 Run by Bobby at 20:34:17 on 2012-09-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3690.1624 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\SAsrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\BlueStacks\HD-Service.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\BlueStacks\HD-Network.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Bobby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [Absolute_Software] rundll32.exe "C:\Users\Bobby\AppData\Local\Apple\Absolute_Software\fqnqx.dll",DllRegisterServerW mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{30942EEA-CE1B-4449-8002-F3980D50D482} : DhcpNameServer = 0.0.0.0 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\25564625F6675627 : DhcpNameServer = 132.236.56.250 128.253.180.2 192.35.82.50 TCP: Interfaces\{95CD91B6-D923-4899-9AD3-4E2FE87348B9}\3603F6B4963302D603E653473327 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO-X64: IEPlugin - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun-x64: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\phgeso05.default-1348354658048\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Bobby\AppData\Local\Citrix\Plugins\60\npappdetector.dll FF - plugin: C:\Users\Bobby\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Bobby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-9-18 71032] R3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys --> C:\Windows\system32\DRIVERS\RtsP2Stor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys --> C:\Windows\system32\DRIVERS\tvtvcamd.sys [?] S3 Fastboot;Fastboot;C:\Windows\system32\DRIVERS\Fastboot.sys --> C:\Windows\system32\DRIVERS\Fastboot.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-09-25 01:31:11 -------- d-----w- C:\Program Files (x86)\Citrix 2012-09-25 01:30:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Citrix 2012-09-24 19:55:01 -------- d-----w- C:\ProgramData\BlueStacksSetup 2012-09-24 19:54:45 -------- d-----w- C:\ProgramData\BlueStacks 2012-09-24 19:54:45 -------- d-----w- C:\Program Files (x86)\BlueStacks 2012-09-24 18:57:24 -------- d-----w- C:\Users\Bobby\.android 2012-09-24 18:56:23 -------- d-----w- C:\Program Files (x86)\Android 2012-09-22 20:41:32 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes 2012-09-22 20:41:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-22 20:41:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-22 20:41:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-22 15:01:08 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics 2012-09-22 06:00:26 388096 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-22 06:00:26 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-09-22 05:09:39 -------- d-----w- C:\Users\Bobby\AppData\Roaming\AVG2013 2012-09-22 05:08:43 -------- d-----w- C:\Users\Bobby\AppData\Roaming\TuneUp Software 2012-09-22 05:08:10 -------- d--h--w- C:\$AVG 2012-09-22 05:08:10 -------- d-----w- C:\ProgramData\AVG2013 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\MFAData 2012-09-22 05:03:19 -------- d-----w- C:\Users\Bobby\AppData\Local\Avg2013 2012-09-17 22:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-09-14 09:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-09-12 15:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-12 15:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-09 17:28:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-09-03 02:06:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\offreg.dll 2012-08-31 12:37:27 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E09D6D33-4E5E-4663-94B3-5F4E721DF429}\mpengine.dll 2012-08-30 01:05:54 -------- d-----w- C:\Users\Bobby\AppData\Roaming\texstudio 2012-08-30 01:04:45 -------- d-----w- C:\Users\Bobby\AppData\Roaming\MiKTeX 2012-08-30 01:04:16 -------- d-----w- C:\Users\Bobby\AppData\Local\MiKTeX 2012-08-30 00:48:48 -------- d-----w- C:\ProgramData\MiKTeX 2012-08-30 00:46:21 -------- d-----w- C:\Program Files\MiKTeX 2.9 2012-08-30 00:44:23 -------- d-----w- C:\Program Files (x86)\TeXstudio 2012-08-30 00:29:11 2188288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe 2012-08-30 00:29:11 1502208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe 2012-08-30 00:29:10 2042368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe 2012-08-30 00:29:08 12592939 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe 2012-08-30 00:29:00 12317403 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe 2012-08-30 00:25:06 7360000 ------w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503.exe 2012-08-30 00:25:05 9728000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.4503-x64.exe 2012-08-30 00:25:04 16457073 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TeXstudio\texstudio23_win32.exe 2012-08-30 00:25:03 655872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll 2012-08-30 00:25:03 568832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll 2012-08-30 00:25:03 224768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll 2012-08-30 00:24:58 2303488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python27.dll 2012-08-30 00:24:57 133120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe 2012-08-29 14:28:59 92672 ----a-w- C:\Windows\System32\redmonnt.dll 2012-08-29 14:28:59 49664 ----a-w- C:\Windows\System32\unredmon.exe 2012-08-29 14:28:58 -------- d-----w- C:\Program Files\Cornell University 2012-08-29 14:28:37 40960 ----a-r- C:\Users\Bobby\AppData\Roaming\Microsoft\Installer\{5A6403D3-E177-42FD-AA16-2FBD441EA26E}\KerberosViewer.exe_2AF0AD33EBDF4A58B3D9A41DD1C1011D.exe 2012-08-28 14:47:50 -------- d-----w- C:\Users\Bobby\AppData\Local\Western Digital . ==================== Find3M ==================== . 2012-08-22 02:31:38 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-22 02:31:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-22 02:31:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-17 04:41:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-08-16 02:23:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-16 02:23:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-13 20:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-08-10 08:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-08-09 17:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-07-19 22:25:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-07-19 22:25:22 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-07-19 22:23:42 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-07-19 22:23:42 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-07-19 22:23:26 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-07-19 22:23:12 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-19 22:23:12 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-19 22:23:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-07-19 22:23:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-07-19 22:23:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-19 22:23:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-19 22:23:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb . ============= FINISH: 20:35:30.52 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/15/2012 9:14:14 AM System Uptime: 9/26/2012 5:49:21 PM (3 hours ago) . Motherboard: LENOVO | | 3254CTO Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 188.679 GiB free. D: is CDROM () Q: is FIXED (NTFS) - 18 GiB total, 6.576 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP41: 9/22/2012 12:54:08 AM - Removed AVG 2012 RP42: 9/22/2012 12:55:12 AM - Removed AVG 2012 RP43: 9/22/2012 1:07:28 AM - Installed AVG 2013 RP44: 9/22/2012 1:07:48 AM - Installed AVG 2013 RP45: 9/22/2012 2:00:13 AM - Installed HiJackThis RP46: 9/24/2012 3:54:08 PM - Installed BlueStacks . ==== Installed Programs ====================== . Absolute Reminder Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Android SDK Tools Apple Application Support Apple Software Update BlueStacks Burn.Now 4.5 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Corel Burn.Now Lenovo Edition Corel WinDVD Create Recovery Media D3DX10 Dropbox Evernote v. 4.5.8 Google Chrome Google Talk Plugin Google Update Helper GoToMeeting 5.3.0.1010 HiJackThis Integrated Camera Driver Installer Package Ver.1.2.1.18 Intel® Control Center Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® USB 3.0 eXtensible Host Controller Driver Java 7 Update 6 Java Auto Updater Java SE Development Kit 7 Update 6 Junk Mail filter update Kerberos Ticket Viewer Lenovo Patch Utility Lenovo Registration Lenovo User Guide Lenovo Warranty Information Malwarebytes Anti-Malware version 1.65.0.1400 Mesh Runtime Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetBeans IDE 7.2 Notepad++ Power Manager PowerISO QuickTime RapidBoot HDD Accelerator Realtek Ethernet Controller Driver Realtek PCIE Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Spotify SugarSync Manager System Update TeXstudio 2.3 ThinkPad Wireless LAN Adapter Software Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIP Access Visual Studio 2008 x64 Redistributables VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 9/26/2012 8:34:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVGIDSAgent service. 9/26/2012 3:03:07 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 9/26/2012 3:02:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 9/24/2012 12:23:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 9/24/2012 12:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 9/24/2012 12:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 9/22/2012 4:51:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.