Jump to content

Search the Community

Showing results for tags 'Installer'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 20 results

  1. I noticed a program listed in my uninstall list named "Installer" by "Default Company Name." When I begin to uninstall it, it asks me for admin permissions to C:\Windows\Installer\2ef2c531.msi in order to continue the uninstallation, but I'm afraid to do that, because I don't know what it is. There is no location listed for the program. In the registry, it's listed as being in my System32 folder, but I don't see it when I search the folder. My Malwarebytes scan of the folder found nothing malicious. Does anyone know what this could be? FRST.txt Addition.txt scan_report_8.1.2020.txt
  2. I noticed a program listed in my uninstall list named "Installer" by "Default Company Name." When I begin to uninstall it, it asks to give admin permissions to C:\Windows\Installer\2ef2c531.msi, but I'm afraid to do that, because I don't know what it is. There is no location listed for the program. I recently did a full system scan and it found nothing malicious. Does anyone know what this could be?
  3. I just downloaded malwarebytes and when i was trying to install it i realized that the green bar got stuck and wouldnt continue the installation.
  4. I need to be able to install Malwarebytes Anti-Malware to scan a Windows10 PC that cannot be connected to the Internet. Where can I download the full MBAM 4 offline installer, not just the MBSetup.exe stub? Also I need the offline Rules update zip file. Where can that be downloaded? TIA
  5. Is there a way to download a Malwarebytes offline installer or a standalone installer as I have a PC which do not have a internet connection? If yes, could you please provide me a method or the link to download the file? Thank you!
  6. Hello everyone, I just read this article and got a little worried: https://www.howtogeek.com/fyi/bing-is-pushing-malware-when-you-search-for-chrome/ I have three quick questions that I hope someone could help me with: 1. If you actually run that phony installer, will it still act as the official installer? As in everything will act normally but you actually have a hidden malware in your Chrome? 2. If I installed Chrome a while ago, how can I check that my installation is genuine and not a fake Google Chrome? I don' have the installer anymore. 3. Would a Malwarebytes scan detect a bad installation? I ran a scan and it didn't find anything. Thank you and have an awesome day!
  7. Lately MBAM has become more obnoxious popping up nag boxes to upgrade. If I clicked "no" to this 14 days in a row, why would I will click "yes" on day 15? But putting that aside for a second, I was informed that a new version needs to be downloaded and installed. In other programs this happens seamlessly. In MBAM, I click 'agree and install', it attempts a fresh installation of the whole program, and immediately I get a long error about "could not overwrite mbam.exe"... now, I'm aware of what's happening, it doesn't have permission to shut down and overwrite the main MBAM process, which is currently running. I know enough about computers to deal with it. But a lot of people will just be confused, my parents or grandparents won't know what that error means or what do with it, so they won't upgrade. After being around 12 years, how do you not predict this obvious problem with the installation, and figure out a way to ensure it doesn't happen, instead of just leaving the user to click ok to a confusing error dialogue with no further hints? Maybe this is a lot of complaining to do for a free product, but if you want any hope of getting money from me, I have to know the program will not be intrusive, and that updates will go 100% smoothly, otherwise it's worth what I'm currently paying.
  8. I use AVG paid for and MBAM free. All programs are the latest versions, and both have the latest databases. This morning when I logged onto my computer, to my horror, I found that AVG had popped up a dialog saying that the installer program for 7zip, 7z1604-x64.exe, harbors the Trojan horse Atros5.AYO. Check out the attached screen shot. So, I opened MBAM, updated its database, and then scanned my entire directory where I store all installer files. MBAM found no issues whatsoever. See attached screen shot. I then went to https://www.virustotal.com and uploaded 7z1604-x64.exe and forced it to re-analyse it. Virustotal likewise found nothing, including, bizarrely, its version of AVG! See attached screen shot. What are your recommendations on how I should handle this? Is AVG known for false alarms, or are they among the first to identify new threats? I note a related but distinct inquiry on this forum about 3.5 years ago:
  9. Hey guys so when i install any program i get application installer that installs the same bloatware on all of my applications.
  10. Hi, all, Just got a popup regarding the newest Free Download Manager 5.1.6 Beta installer. During the installer it showed me a popup that it was ransomware, and killed the rest of the installation, but nothing shows in quarantine. I've added the installer to the exclusion list but ti still persists, because of a .tmp file created in the %TEMP% folder. Furthermore, after capturing the screenshot below, I went to look at the file, and it was still in the temp location, but as I was viewing it it abruptly disappeared. I am going to disable protection, run the installer, and capture the .tmp file to post as well. As I mentioned, neither time did it actually show up in the quarantine section of the app. What else do you need from me?
  11. Hi. I develop add-ins for Microsoft PowerPoint. A customer has just informed me that MBAM flags my software as malware. The specific software is available for inspection at: http://www.rdpslides.com/ftp/pptools/RESIZE.EXE and http://www.rdpslides.com/ftp/pptools/LANGUAGESELECTOR.EXE Both programs are add-ins for Microsoft PowerPoint. Since this is happening at the customer's site, I'm unable to create a log as requested. In the past, when there have been false positive reports, it's been because the software I use to create my installers has also been used by malware authors, so the installer EXE gets dinged. MBAM flags the uninstallers for my add-ins and the registry entries that tell Windows Control Panel where to find them. The installers/uninstallers are created with CreateInstall version 5 (http://www.createinstall.com/). I'll be happy to answer any additional questions you might have in an effort to get this sorted out. Thanks!
  12. I joined this forum when I found that had attached to a post a 7z file with a malware installer. I thought by registering it would give you the privilege to download it. So, do I need to have any title ar anything like that to download attachements? I hope I posted it at the correct place.
  13. I've got several machines (but still a very small % overall) that have this 'execution result' when I do a scan under the Client Push Install tab. What is the remedy for this message?
  14. Hi! Have not used this win7 desktop for some time. Did some updates which included a Java plug-in that carried a payload. Used several malware removers, including Malwarebytes. Windows Version Installer keeps popping up. Frst scan resulted in the following: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014 Ran by ING (administrator) on ING-B351 on 12-08-2014 17:14:23 Running from C:\Users\ING\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE () C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe (Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\XPgames\freecell.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bigDog305] => C:\Windows\VM305_STI.EXE [61440 2012-08-20] (Vimicro) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [Google Update] => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-05] (Google Inc.) HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware) HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\MountPoints2: {f218c740-3324-11e3-adb9-8c89a52c3a25} - I:\TL-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:13945;https=127.0.0.1:13945 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fscj.edu/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL = SearchScopes: HKCU - {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default FF Homepage: hxxp://users.hal-pc.org/~lang FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: CostMin - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net [2014-08-06] FF Extension: EPUBReader - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-08] FF Extension: WebSlingPlayer - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-05-09] FF Extension: NoScript - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-22] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-05] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-05] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05] FF HKCU\...\Firefox\Extensions: [{BF3CC464-7D6D-3AB7-38B3-069F211EB58B}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi Chrome: ======= CHR Extension: (Google Docs) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09] CHR Extension: (Google Drive) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-03] CHR Extension: (YouTube) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09] CHR Extension: (Google Search) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09] CHR Extension: (RealDownloader) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21] CHR Extension: (Skype Click to Call) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-07] CHR Extension: (Google Wallet) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) R2 HPSLPSVC; C:\Users\ING\AppData\Local\Temp\7zS75FD\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] () [File not signed] R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-12] () S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2012-08-20] (Vimicro Corporation) S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2012-08-20] (Vimicro Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 17:14 - 2014-08-12 17:14 - 00019914 _____ () C:\Users\ING\Downloads\FRST.txt 2014-08-12 17:14 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST 2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe 2014-08-12 15:13 - 2014-08-12 17:01 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps 2014-08-12 14:08 - 2014-08-12 14:15 - 00004063 _____ () C:\Users\ING\Desktop\RKreport_SCN_08122014_140803.log 2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys 2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-08-12 13:58 - 2014-08-12 13:59 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe 2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe 2014-08-09 09:28 - 2014-08-09 12:20 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt 2014-08-08 17:03 - 2014-08-12 17:00 - 00000672 _____ () C:\Windows\setupact.log 2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg 2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com 2014-08-07 21:48 - 2014-08-12 17:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe 2014-08-07 19:36 - 2014-08-07 19:40 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe 2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg 2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle 2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-06 12:51 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-06 12:51 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg 2014-08-06 12:09 - 2014-08-09 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-08-06 12:09 - 2014-08-07 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-08-06 12:09 - 2014-08-06 12:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-08-06 12:09 - 2014-08-06 12:34 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-08-06 12:09 - 2014-08-06 12:10 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results 2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp 2014-08-06 11:00 - 2014-08-06 12:52 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages 2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022 2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator 2014-08-06 10:56 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage 2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt 2014-08-06 10:55 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-06 10:52 - 2014-08-08 12:04 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device 2014-08-06 10:52 - 2014-08-07 22:09 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv 2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk 2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin 2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin 2014-08-05 15:42 - 2014-08-05 15:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin 2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX 2014-08-05 15:41 - 2014-08-05 15:44 - 00000000 ____D () C:\ProgramData\Garmin 2014-08-05 15:41 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-05 15:40 - 2014-08-05 15:42 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 15:35 - 2014-08-05 15:37 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe 2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files\iTunes 2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod 2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg 2014-08-04 12:10 - 2014-08-12 15:13 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip 2014-08-03 15:06 - 2014-08-12 17:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk 2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-03 15:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-03 15:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-03 14:08 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-03 14:08 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-03 14:08 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-03 14:08 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-03 14:08 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-03 14:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-03 14:08 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-03 14:08 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-03 14:08 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-03 14:08 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-03 14:08 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-03 14:08 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-03 14:08 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-03 14:08 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-03 14:08 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-03 14:08 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-03 14:08 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-03 14:08 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-03 14:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-03 14:08 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-03 14:08 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-03 14:08 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-03 14:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-03 14:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-03 14:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-03 14:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-03 14:08 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-03 14:08 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-03 14:08 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-03 14:08 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-03 14:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-03 14:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-03 14:08 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-03 14:08 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-03 14:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-03 14:08 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-03 14:08 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-03 14:08 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-03 14:08 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-03 14:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-03 14:08 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-03 14:08 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-03 14:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-03 14:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-03 14:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-03 14:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-03 14:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-03 14:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-03 14:08 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-03 14:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-03 14:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-03 14:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-03 14:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-03 14:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-03 14:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-03 14:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-03 14:07 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-03 14:07 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-03 14:07 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-03 14:07 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-08-03 14:07 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-03 14:07 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-03 14:07 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-08-03 14:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-03 14:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-08-03 14:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-03 14:07 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-08-03 14:07 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-08-03 14:07 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-03 14:07 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-03 14:07 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-08-03 14:07 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-03 14:07 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-03 14:07 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-03 14:07 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-03 14:07 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-08-03 14:07 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 17:14 - 2014-08-12 17:14 - 00019914 _____ () C:\Users\ING\Downloads\FRST.txt 2014-08-12 17:14 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST 2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe 2014-08-12 17:08 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 17:08 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 17:04 - 2011-09-05 21:18 - 01135824 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 17:01 - 2014-08-12 15:13 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps 2014-08-12 17:01 - 2014-08-07 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-12 17:01 - 2014-08-03 15:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 17:01 - 2013-03-21 00:29 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 2014-08-12 17:01 - 2013-01-03 14:09 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 2014-08-12 17:00 - 2014-08-08 17:03 - 00000672 _____ () C:\Windows\setupact.log 2014-08-12 17:00 - 2013-12-13 17:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 17:00 - 2011-10-19 03:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-08-12 17:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 15:13 - 2014-08-04 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 2014-08-12 15:13 - 2014-05-09 18:00 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 2014-08-12 14:15 - 2014-08-12 14:08 - 00004063 _____ () C:\Users\ING\Desktop\RKreport_SCN_08122014_140803.log 2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys 2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-08-12 13:59 - 2014-08-12 13:58 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe 2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe 2014-08-12 12:57 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-12 12:52 - 2012-07-21 18:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 12:30 - 2011-09-05 19:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job 2014-08-12 12:30 - 2011-09-05 19:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job 2014-08-12 12:29 - 2013-12-13 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-11 12:06 - 2012-07-24 21:38 - 00000000 ____D () C:\Users\ING\Documents\accts 2014-08-09 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-08-09 12:20 - 2014-08-09 09:28 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt 2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg 2014-08-08 12:11 - 2013-04-08 08:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\BitTorrent 2014-08-08 12:04 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device 2014-08-08 10:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-07 22:09 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv 2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com 2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe 2014-08-07 19:40 - 2014-08-07 19:36 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe 2014-08-07 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg 2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle 2014-08-06 12:54 - 2014-08-06 12:09 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-08-06 12:52 - 2014-08-06 11:00 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-06 12:51 - 2012-07-20 22:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-06 12:47 - 2011-05-05 11:38 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information 2014-08-06 12:46 - 2011-12-03 17:55 - 00038194 _____ () C:\Windows\Irremote.ini 2014-08-06 12:46 - 2011-12-03 17:55 - 00000000 ____D () C:\Users\Public\WinTV 2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg 2014-08-06 12:38 - 2012-07-29 04:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-06 12:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security 2014-08-06 12:34 - 2014-08-06 12:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-08-06 12:10 - 2014-08-06 12:09 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results 2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp 2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages 2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022 2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator 2014-08-06 10:57 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage 2014-08-06 10:57 - 2011-09-05 19:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google 2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt 2014-08-06 10:56 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-06 06:59 - 2011-09-06 23:14 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Skype 2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk 2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin 2014-08-05 15:49 - 2014-08-05 15:42 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin 2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin 2014-08-05 15:44 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Garmin 2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX 2014-08-05 15:42 - 2014-08-05 15:41 - 00000000 ____D () C:\Program Files (x86)\Garmin 2014-08-05 15:42 - 2014-08-05 15:40 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask 2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk 2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2014-08-05 15:37 - 2014-08-05 15:35 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe 2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iTunes 2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod 2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ____D () C:\ProgramData\Skype 2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg 2014-08-04 13:20 - 2012-07-22 07:44 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-04 13:20 - 2012-07-22 07:44 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-03 19:54 - 2012-07-24 21:41 - 00000000 ____D () C:\Users\ING\Documents\gcumcDocs 2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip 2014-08-03 16:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk 2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Malwarebytes 2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-08-03 15:00 - 2009-07-14 00:45 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-03 14:58 - 2014-05-06 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-03 14:58 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-08-03 14:13 - 2013-08-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-03 14:11 - 2013-03-21 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-03 13:52 - 2012-07-21 18:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-03 13:52 - 2012-07-21 18:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-03 13:52 - 2011-11-05 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-03 12:40 - 2011-09-05 19:29 - 00002366 _____ () C:\Users\ING\Desktop\Google Chrome.lnk 2014-08-03 12:25 - 2011-09-05 19:28 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA 2014-08-03 12:25 - 2011-09-05 19:28 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core 2014-08-03 12:24 - 2013-12-13 17:54 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-03 12:24 - 2013-12-13 17:54 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-25 12:55 - 2014-08-06 12:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-25 12:49 - 2014-08-06 12:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 09:34 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2014 Ran by ING at 2014-08-12 17:15:15 Running from C:\Users\ING\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.00 - Canon Inc.) Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation) Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation) Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LibreOffice 4.1 Help Pack (English (United States)) (HKLM-x32\...\{8A9813D3-562E-49A8-A67F-8FF6616CC699}) (Version: 4.1.5.3 - The Document Foundation) LibreOffice 4.1.5.3 (HKLM-x32\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4522 - Sling Media) SlingPlayer (x32 Version: 2.0.4522 - Sling Media) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden USB PC Camera VC305 (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}) (Version: 1.45.060824 - Vimicro Corporation) VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> C:\Windows\system32\webcheck.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 14-05-2014 10:53:32 Windows Update 15-05-2014 18:53:52 Windows Update 01-08-2014 21:12:24 Scheduled Checkpoint 03-08-2014 18:08:56 Windows Update 05-08-2014 19:40:28 Garmin Express 05-08-2014 19:41:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 06-08-2014 14:59:12 Installed Java 7 Update 45 06-08-2014 16:50:37 Installed Java 7 Update 67 07-08-2014 12:24:46 Windows Update 11-08-2014 16:02:18 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C0AE2CD-4F11-48AF-B4EC-AC9472A037D4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {31D25B00-0DCA-4E52-8844-B862C29CC04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.) Task: {47C2658C-6B56-4EA9-9E11-E537A7B96A95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] () Task: {4DB5900A-DBE1-4257-8D24-66BCD657D703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-03] (Adobe Systems Incorporated) Task: {59127C13-25A0-4C16-B23E-6794FB448474} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {674793A1-25E4-4E2E-A337-C89CD122B4C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {6AACC4C3-6477-4C5B-A4EF-3C73CE8A1C6A} - System32\Tasks\{72613726-4937-4B5B-8451-608BB51E0CBC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.) Task: {72E14497-9524-48B0-879E-6BC2C4F310C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.) Task: {7354FC8F-BB36-4F8B-8057-19AF2CB29B30} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {751895AF-ABF9-4CC0-BCCF-18E2EC1B91BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.) Task: {85CAC0E7-07CA-46BF-9482-DBAA4E5A0CCA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {8F70D501-A758-4F14-BDAF-A708E7B5AA96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A31C68D1-443B-4CAE-A065-4543503DABD1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {ABEEED44-3243-47A7-81F0-09CDD7822978} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {D06EBEF7-629D-4D87-A24F-6025FC75CE90} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {D570F5DE-C89A-4620-90A1-9A856AECE04C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {DB555FB1-5EC3-4689-A7FE-0D2ADA46B099} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {E6726401-1AA0-42B5-BF05-35C2B50AE1B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.) Task: {E908A772-E8FB-4989-A658-698EAD1B154E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-08-06 10:57 - 2014-08-06 10:57 - 00073728 _____ () C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe 2011-05-05 10:55 - 2011-03-26 15:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2014-08-05 20:41 - 2014-08-05 20:41 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-08-03 13:52 - 2014-08-03 13:52 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\ING\Downloads\noname (1).eml:OECustomProperty AlternateDataStreams: C:\Users\ING\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2014 05:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 05:01:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00620038 Faulting process id: 0xd0c Faulting application start time: 0xVM305_STI.EXE0 Faulting application path: VM305_STI.EXE1 Faulting module path: VM305_STI.EXE2 Report Id: VM305_STI.EXE3 Error: (08/12/2014 03:14:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 03:13:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00620038 Faulting process id: 0xea8 Faulting application start time: 0xVM305_STI.EXE0 Faulting application path: VM305_STI.EXE1 Faulting module path: VM305_STI.EXE2 Report Id: VM305_STI.EXE3 Error: (08/12/2014 01:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00620038 Faulting process id: 0xfe8 Faulting application start time: 0xVM305_STI.EXE0 Faulting application path: VM305_STI.EXE1 Faulting module path: VM305_STI.EXE2 Report Id: VM305_STI.EXE3 Error: (08/12/2014 00:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Vimicro because of this error. Program: Vimicro File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0 Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000096 Fault offset: 0x00620038 Faulting process id: 0xc20 Faulting application start time: 0xVM305_STI.EXE0 Faulting application path: VM305_STI.EXE1 Faulting module path: VM305_STI.EXE2 Report Id: VM305_STI.EXE3 Error: (08/12/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: ) Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/ Error: (08/12/2014 02:00:02 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/12/2014 01:53:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: ) Description: 0x800700b7 Microsoft Office Sessions: ========================= Error: (08/12/2014 05:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 05:01:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038d0c01cfb670839bfe81C:\Windows\VM305_STI.EXEunknownc9b9eada-2263-11e4-989f-8c89a52c3a25 Error: (08/12/2014 03:14:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 03:13:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038ea801cfb6616cee0c19C:\Windows\VM305_STI.EXEunknownaf112b7d-2254-11e4-a601-8c89a52c3a25 Error: (08/12/2014 01:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038fe801cfb6564168f8ebC:\Windows\VM305_STI.EXEunknown81ede8df-2249-11e4-bb03-8c89a52c3a25 Error: (08/12/2014 00:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: Vimicro000000000 Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000009600620038c2001cfb64da4db0069C:\Windows\VM305_STI.EXEunknowne5c64b89-2240-11e4-bb07-8c89a52c3a25 Error: (08/12/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8103.95 MB Available physical RAM: 5833.61 MB Total Pagefile: 16206.07 MB Available Pagefile: 13772.93 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:833.66 GB) (Free:390.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB128DA8) Please advise.
  15. Hi! After several months of non-use I updated a bunch of software including the Java plug-in. Tried to get rid of the pesky payload without success. Windows Version Installer keeps popping up. Have run Rogue Killer and have the following log: RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : ING [Admin rights]Mode : Scan -- Date : 08/12/2014 14:08:03 ¤¤¤ Bad processes : 1 ¤¤¤[suspicious.Path] (SVC) servervo -- C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe[-] -> STOPPED ¤¤¤ Registry Entries : 12 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE USB PC Camera VC305 -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13945;https=127.0.0.1:13945 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13945;https=127.0.0.1:13945 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3404179652-3976374348-2591870498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD10EALX-229BA0 ATA Device +++++--- User ---[MBR] 18b1fce4b2db1c4af291bab08f7bda61[bSP] dc96e5d8ffecd3a4f406bec3e2552dce : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 853667 MB2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1748723710 | Size: 100000 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) Have not deleted anything. Will appreciate advice on the next steps. RKreport_SCN_08122014_140803.log
  16. I ran the updated version of mbam and came up with a detection of possible malware located in the C: drive Windows files. it read Malware.Generic, C:\Windows\Installer\b6ea22c.msi, Quarantined, [04fcb34dc43ca957a4f36be558a8c33d] but now explorer is crashing a lot since it has been quarantined and so I am curious if this is a known piece of malware or a fp? mal2.txt
  17. I've been unable to update database since 1/4 Tried to reinstall but was told the installer was corrupted Same sort of message when trying to use DDR.com DDR.scr in silent mode was able to work DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 Run by David at 9:58:14 on 2014-01-25 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.5771 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Program Files (x86)\Internet Content Filter\UpdateService.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe C:\Program Files (x86)\Internet Content Filter\safeeyes.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = local BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.2.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{53B7799F-D4A5-4434-A38F-9432C7EB275D} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\ FF - prefs.js: browser.search.selectedEngine - MixiDJ V8 Customized Web Search FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2013-2-15 14848] R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-2-15 82560] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-2-15 42624] R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760] R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 207904] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-16 776168] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-16 343312] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-16 1034464] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-16 422216] R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-2-15 32400] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-2-15 149120] R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-2-15 1475744] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-16 78648] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-14 50344] R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-2-15 233328] R2 FortiSslvpnDaemon;FortiClient SSL VPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2009-9-17 703080] R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-16 219272] R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2013-2-16 2765968] R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2013-10-2 2316328] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-16 182752] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-2-16 310224] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-2-16 519064] R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-15 677480] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-2-15 56448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-16 46136] S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-14 79672] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-22 57856] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-23 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-23 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-16 1255736] . =============== Created Last 30 ================ . 2014-01-25 14:23:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\offreg.dll 2014-01-25 14:18:22 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\mpengine.dll 2014-01-15 20:54:18 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-15 20:54:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-15 20:54:18 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-15 20:54:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-15 20:54:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-15 20:54:18 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-15 20:54:18 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-15 20:54:18 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-15 20:54:17 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-14 21:44:08 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys . ==================== Find3M ==================== . 2014-01-25 14:08:17 1048576 ----a-w- C:\Windows\PE_Rom.dll 2014-01-18 18:07:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-01-18 18:07:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-14 21:44:07 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-01-14 21:44:07 43152 ----a-w- C:\Windows\avastSS.scr 2014-01-14 21:44:07 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-01-14 21:44:07 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll . ============= FINISH: 9:58:27.89 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume4 Install Date: 2/15/2013 11:01:08 AM System Uptime: 1/23/2014 5:37:25 PM (40 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | M5A99X EVO R2.0 Processor: AMD FX-6100 Six-Core Processor | Socket 942 | 3300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 168 GiB total, 79.31 GiB free. D: is CDROM () E: is FIXED (NTFS) - 326 GiB total, 224.868 GiB free. F: is FIXED (NTFS) - 298 GiB total, 215.385 GiB free. G: is FIXED (NTFS) - 9 GiB total, 1.194 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP134: 12/31/2013 12:45:37 PM - Windows Update RP135: 1/4/2014 9:57:12 AM - Windows Update RP136: 1/7/2014 2:45:11 PM - Windows Update RP137: 1/11/2014 9:55:37 AM - Windows Update RP138: 1/14/2014 4:42:48 PM - avast! antivirus system restore point RP139: 1/16/2014 3:00:17 AM - Windows Update RP140: 1/21/2014 7:32:49 PM - Windows Update RP141: 1/25/2014 9:18:12 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Flash Player 12 ActiveX Adobe Reader X (10.1.8) MUI AI Suite II AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia ASM106x SATA Host Controller Driver avast! Free Antivirus Bonjour Brother MFL-Pro Suite MFC-7340 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system CPUID ASUS CPU-Z 1.60.1 D3DX10 Elevated Installer FortiClient SSL VPN v4.0.2073 Garmin Express Garmin Express Tray Google Chrome Google Drive Google Talk Plugin Google Update Helper iTunes Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Money 2007 Microsoft Money Shared Libraries Microsoft Mouse and Keyboard Center Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Word 2002 Movie Maker Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 24.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OpenOffice.org 3.1 Photo Common Photo Gallery Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Safe Eyes Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Skype™ 6.3 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wnjiper TurboTax 2012 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.0 . ==== Event Viewer Messages From Past Week ======== . 1/22/2014 10:18:24 AM, Error: Service Control Manager [7034] - The McAfee Internet Content Filter Core Service service terminated unexpectedly. It has done this 1 time(s). 1/21/2014 7:21:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. . ==== End Of File ===========================
  18. high, i just ran Malware bytes on my GFs computer, it found that askInstallChecker-1.1.0.0.exe was a virus, i find this hard to belive since it was on the PC since she bought it. (Pre-dilivery) since then she's had it 3 months with no detection. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 User :: SARAHNEW-PC [administrator] 28/07/2013 11:28:23 MBAM-log-2013-07-28 (11-54-33).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390820 Time elapsed: 25 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\Desktop\askInstallChecker-1.1.0.0.exe (Trojan.Fakealert) -> No action taken. [c2e00b57f7758caa1561380e6e939769] (end) also attached the log file and a 7zip with the detection askInstallChecker-1.1.0.0.7z MBAM-log-2013-07-28 (11-54-33).txt
  19. InstallMate is a program for building software installers. I believe it must have been used by someone to build a malware program, and therefore temporary installation files created by InstallMate have been since marked as malware for no good reason. I believe this is a false positive, and - for what it's worth - the maker of InstallMate also thinks so. They say they've been trying to contact Malware Bytes for weeks, but no response or action on your part has been taken. Please advise if this is a false positive. MBAM-log-2013-03-18 (12-20-02).txt
  20. Hi there. MBAM found a trojan in Windows installer yesterday and deleted it. Restarted and everything. 8 minutes later I was infected again. Chrome has been hijacked (not sure about other browsers) and when I tried to get my email reg from this site my email account had been used to send spam. Um, plaese help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Sami at 12:33:12 on 2012-05-30 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1062 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sami\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=17 uSearch Bar = Preserve uInternet Settings,ProxyServer = http=127.0.0.1:53899 mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent uRun: [Google Update] "C:\Users\Sami\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D8B6452D-0957-4D34-885D-54B39BF6B603} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D8B6452D-0957-4D34-885D-54B39BF6B603}\3596D62616 : DhcpNameServer = 10.0.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO-X64: uTorrentBar - No File BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408] R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-5 1153368] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-5-14 18360] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-05-29 18:19:22 16200 ----a-w- C:\Windows\stinger.sys 2012-05-29 18:18:37 -------- d-----w- C:\Program Files (x86)\stinger 2012-05-29 03:31:56 -------- d-----w- C:\Users\Sami\AppData\Roaming\Orneon 2012-05-28 21:38:14 -------- d-----w- C:\Windows\System32\SPReview 2012-05-28 05:34:27 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-05-28 05:27:07 -------- d-----w- C:\Users\Sami\AppData\Roaming\Dark Dimensions - Wax Beauty Strategy Guide 2012-05-28 05:22:29 -------- d-----w- C:\Users\Sami\AppData\Roaming\Eipix 2012-05-27 23:34:31 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA148176-3F26-4739-9F0D-BD3B9430579F}\mpengine.dll 2012-05-26 19:33:14 -------- d-----w- C:\Users\Sami\AppData\Roaming\Octoshape 2012-05-26 18:09:34 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-24 04:08:36 -------- d-----w- C:\Users\Sami\AppData\Roaming\Friday's games 2012-05-24 04:03:12 -------- d-----w- C:\Program Files (x86)\Tiger Games 2012-05-23 01:12:06 -------- d-----w- C:\Windows\SysWow64\2080 2012-05-22 03:47:31 -------- d-----w- C:\Users\Sami\AppData\Roaming\SkyGoblin 2012-05-22 03:43:14 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-05-22 03:43:14 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-05-22 03:43:14 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-05-22 03:43:14 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-05-22 03:43:14 -------- d-----w- C:\Program Files (x86)\OpenAL 2012-05-22 03:41:26 -------- d-----w- C:\ProgramData\JustAdventure 2012-05-22 03:26:59 -------- d-----w- C:\Program Files (x86)\directx 2012-05-16 01:12:05 -------- d-----w- C:\Windows\SysWow64\1080 2012-05-15 05:37:53 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf 2012-05-15 05:37:52 -------- d-----w- C:\Program Files (x86)\Overwolf 2012-05-15 05:36:17 -------- d-----w- C:\Users\Sami\AppData\Local\Overwolf 2012-05-15 05:14:44 -------- d-----w- C:\Program Files (x86)\Runes of Magic 2012-05-15 03:11:30 -------- d-----w- C:\Users\Sami\AppData\Roaming\FOG Downloader 2012-05-11 23:46:05 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-11 23:46:04 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-11 23:46:04 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-11 23:46:04 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-11 23:46:04 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-11 23:46:04 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 23:46:03 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-11 23:46:03 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-11 23:46:03 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-11 23:46:03 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-11 23:45:20 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-11 23:45:17 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-11 23:45:16 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-05-11 23:45:15 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 23:45:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 23:45:11 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-11 23:45:07 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 23:45:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 02:47:54 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2012-05-10 02:47:50 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2012-05-09 01:12:08 -------- d-----w- C:\Windows\SysWow64\3013 2012-05-06 04:18:12 -------- d-----w- C:\Users\Sami\AppData\Roaming\LegacyGames 2012-05-05 15:49:21 -------- d-----w- C:\Users\Sami\AppData\Roaming\Black Sea Studios 2012-05-05 14:10:54 -------- d-----w- C:\Program Files (x86)\Common Files\Steam 2012-05-05 14:10:51 -------- d-----w- C:\Program Files (x86)\Steam 2012-05-02 01:12:05 -------- d-----w- C:\Windows\SysWow64\2046 2012-05-01 06:15:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client . ==================== Find3M ==================== . 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-03-07 05:39:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-06 04:21:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ============= FINISH: 12:35:06.35 =============== Do you want Attach.txt as well? This thing has me ripping my hair out. I looked at the properties of the file and found a previous version tucked into a restore point, too. Any help is greatly appreciated, thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.