Jump to content

Search the Community

Showing results for tags 'Redirect'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, I need help at removing tradeadexchange.com redirection. It seems to be blocked in google chrome and opera (extensions privacy badger, ublock origin), but affects other browsers like steam and arc browser. I click on a link and it tries to redirect to tradeadexchange.com. Happens not every time. Usually two times, then it stops for a time. Malwarebytes can't find anything. I manipulated my hosts file for this domain to 127.0.0.1 . Seems to work because in steam browser it says that it cannot connect. Windows 10 Pro (x64)Malwarebytes no resultstradeadexchangeadded rule in hosts file for tradeadexchange.com with kind regards Sebastian
  2. So, I've caught an awful redirect virus that just WON'T GO AWAY! Google results lead me here, and I've seen others get help with this, and I've already taken the liberty to do FRST on my computer. I'm just having a hard time generating a fixlist on my own, if someone could be kind enough to assist me >.< I've tried numerous anti-malware/virus programs, and I'm pretty sure you can tell by looking at my logs..... Thank you kindly in advance FRST_25-11-2015_01-31-05.txt Addition_25-11-2015_01-31-05.txt
  3. About an hour chrome started redirecting all my searches to Yahoo, as well as my home page. I checked the homepage and search setting in chrome and they are unchanged. I downloaded and ran CCleaner. Problem not solved. I downloaded Malwarebytes (I had McAfee installed already but I couldn't find a scan button on it) but it refused to open. I downloaded Malwarebytes Chameleon and it opened, ran through to when it asks to update MBAM and has been sat there for about 25 minutes. Is this normal? Is it working? What else can I try?
  4. Good evening! I am using my computer to attempt to solve popup and redirect issues on my daughter's computer. I am a homeschool mom. No computer whiz here. But... learning is lifelong. The issue: Any attempt to use the internet redirects to "pcfixing2.info" which requires a "quit task" from the task manager. Further, there is a continuous onslaught of popups plaguing the system. I'm usually pretty good at I.D.ing this crap in processes, but I can't find it this time. I attached a screenshot of the scallywag: An image of the virus.PNG Using safe mode yesterday I ran JRT and MBAR and MBAM and Adware Cleaner too, I think, following Double Headed Eagle's plans from other folks, one at a time and retrying the internet. But to no avail. Perhaps I did things in the wrong order. So I'm trying again. The fact that I'm posting means nothing worked, and I need more suggestions. The "order of operations" for today is below. Thank you for any assistance in advance. Sooooo.... The offending computer is windows 8.1. More of Viv's comp info is in the attached screen shot, titled Viv's comp info, because I couldn't copy and paste for some reason. 9/15/2015 5 p.m. MBAM I'm using version 2015.09.14.05 (which looks really like it might be up-to-date, but it says it needs updated.) Alas, safe mode. All disk checks are performed via download from my computer internet to a flash drive, except for MBAM as we're "fancy owners." 5:14 p.m. Ran MBAM w PUP & PUM set to the "terrible entity" setting. Nothing to quarantine. Realized I was supposed to show hidden files and learned how to do that. 5:45 pm Reran MBAM, showing hidden files. It looks REALLY short. Wonder if that's right. Anyway, File attached: VivsMBAM1.txt. 6:11 p.m Ran FRST, addition box checked. FRST.txt Addition.txt I was going to run RogueKiller, then I saw a note that followed about not doing anything further... not everything is bad... la de da de dah... and decided that instead of running anything else, I'll post the things I ran yesterday (before the NOT EEVERYTHING is BAD note) and see where to go from there. You'll see I have logs also attached from MBAR, titled: system-log.txt -- This is an older log when my husband started working on this mess on 9/3/15 JRT, oddly titled: JRT.txt--This is from yesterday AdwCleaner, titled: AdwCleaner C1.txt and S1.txt and also Quarantine. log -- Also from yesterday had to do a few mom things, then: 7pm Thought I had almost fixed it after doing all of the following steps. The pop up started immediately all over the top of my Chrome page, but I just clicked out and it didn't reappear. Then I managed to make it to a couple of sites before the redirect reared its ugly head. And now, since you scared me with the "not everything is bad," I'm going to post all this crap and hopefully you can make sense of it before I screw it up any further. Cyndi sorry the attachments come in all wonky, MBAM is off to the right... AdwCleanerC1.txtAdwCleanerS1.txtFRST.txtJRT.txtQuarantine.logVivsMBAM1.txtsystem-log.txtAddition.txt
  5. Yesterday I decided to try a Firefox extension called Whitelist Ninja and it works fairly well but when I tried to go to my add-ons Whitelist Ninja blocked and redirected me http://www.undefined.com/ and when I researched the website on Web of Trust, VirusTotal and Metascan-Online they said it wasn't malicious plus I have Noscript installed but I wanted to verify it here to find out more about this domain.
  6. Hello, I've recently been fighting some nasty malware that has creeped into my computer that I built a little over a year ago and was working flawlessly up until last month. It started when I noticed some intrusive ads in my Google searches and an extension in my Chrome browser that I didn't recognize nor installed myself. Since then I've done a series of uninstalls and removals on the unwanted programs and extensions using several programs (Mostly Spybot Search & Destroy and Malwarebytes Anti-Malware). At first it looked like I got rid of everything unwanted but I noticed that every so many days the ads and malware kept returning, so I slowly but surely chipped away at finding the source of the problem and I seem to have gotten rid of the bulk of it presently but there's at least one malware that I just can't find and eliminate. It's something that causes my Chrome browser to redirect to an undesired web page when I open a new window in Chrome. It doesn't happen frequently; only once every hour or so. In the meantime, I can open dozens of new windows and tabs without any problems. For the most part, my browsing experience is pleasurable and I simply end the task on the Chrome window that occasionally gets redirected. Other than that, my computer's running fine, so I would simply like help trying to track down this piece of malware that's causing my Chrome to redirect please. Attached are the FRST.txt and Addition.txt files generated from Farbar's Recovery Scan Tool. The two security softwares I'm presently using are Microsoft Security Essentials and Spybot Search & Destroy. I've ran several threat scans in Malwarebytes Anti-Malware and it never detects any threats. Please let me know if there's any other additional system or setup information you guys need and I will be happy to provide it. FRST.txt Addition.txt
  7. When i open a website, suddenly this page redirects to adulttube.info. And it is very disturbing. I think this virus/malware has entered into our modem as i found it happening in my mobile(SONY Xperia ZL) too as soon as i connected to the Wifi. I appreciate a help urgently.
  8. Hi https://forums.malwarebytes.org/index.php?/topic/166809-webpage-redirect-to-ccebba93se-and-youradexchange-in-chrome/?p=952059 I already made a request in the above URL and I was recommended to start a new topic here along with the outputs of FRST (Farbar Recovery Scan Tool). As the contents of the file First.txt and Addition.txt is too large to accommodate in the text space I am attaching the file. Kindly help me in removing the malware that has been bugging me for the past few days. Also MBAM has returned there is no malware in my system. Regards A.Selva Kumar FRST.txt Addition.txt
  9. Hi I am using google chrome as my browser. Recently which ever page I go during browsing session the page by itself redirects to ccebba.se or youradexchaneg or ilivid. I have scanned with Malwarebytes Antimalware but it says nothing. Kindly assist me with this as it is annoying as ever. Regards A.Selva Kumar
  10. Hi, I'm cleaning up my daughter's machine that had a lot of malware on it. She reported a slow machine and most of her documents corrupted. (I've found that Cryptowall was once infecting this machine) I started with AVG which I had installed on this machine a year ago. Cleaned around 40 infected files. Downloaded and installed premium version of MalwareBytes and ran various scans until no more infections were found. Still getting some redirects. Based on previous posts, I've installed and run FRST64, tdsskiller, and RogueKiller. Logs are attached. I see likely things in the RogueKiller logs, but want advice on how to fully remove these things. Thanks for any help you can provide! Doug TDSSKiller.3.0.0.44_21.03.2015_11.37.27_log.txt FRST.txt Addition.txt RKreport_SCN_03212015_123502.log
  11. HI All - I have a feeling I"m really late to this topic, but what is the deal with cj.datomi grabbing my browser when I click a link in a known website. It goes nowhere, just stalls and opens a blank screen but I don't know what it's "trying" to do. Thanks presh
  12. Hello I was hoping to get some help on removal of a very annoying popup possably maleware I have tried running a complete avast scan including a boot scan avast said everything is good , did a complete spybot scan , all good , did a complete malwarebytes scan ..said all was good but this thing keeps popping up everytime I go to a site I frequent often Can anybody please help me get rid of this thing THANKS Randy
  13. Hey, I think my computer is infected with something I can't find. Randomly when I go to imgur.com, it redirects me to shopify.com and won't let me go back. Also, when I go to some websites (roosterteeth.com, netflix, facebook, etc.), it will randomly redirect to "invalid URL" for anywhere from 1 minute to several hours. I've done a full scan with MBAM and it shows nothing. Addition.txt FRST.txt
  14. My 13 son fancies himself an ace hacker. Unfortunately, he just knows how to find trouble. His computer seems to be infected with everything! I tried to run MalwareBytes. But it stopped at 80% and didn't move for three hours, so I gave up. I've attached the Farbar logs here. He really wanted to create his Minecraft YoTube show over the weekend. Any help would be appreciated. Shannon FRST.txt Addition.txt
  15. Hi all Over the past week i have been experiencing some annoying AdWare in all of my internet browsers What happens is When i go on any web site except Google within 15 seconds of the page loading the browser enters a redirect loop After about another 30 seconds the redirect loop stops and random music starts playing, and a new tab opens with an ad in it Because of this it is very difficult to do any work online, and as i am a Computer Science student whose work is mostly online and has deadlines to adhere to i can not do my work properly because of this and need to fix it as fast as possible. Things I have Tried scanning with MalwareBytes premium, which did not find anythingrunning ADWCleaner, which detected and removed some items but did not fix the problemscanning AVG Free 2015, which did not find anythingResetting all of my browsers to the default settingsRan ComboFix which did not do anythingRan Hijack This (Log is attached to this post)hijackthis.logRan RKill (Log is attached to this post)Rkill.txtBrowsing in incognito mode I have Also uploaded a video demonstrating what happens here https://www.youtube.com/watch?v=p42yRNLfA9w&feature=youtu.be But now i am fresh out of ideas I am hoping someone here will be able to help me Thanks In Advance Tom
  16. Dear wonderful expert helpers, I've suspect I have a rootkit infection that is redirecting links to google.com to google.com/webhp instead. This occurs in all 4 browsers (IE, Chrome, Firefox, Opera). I also think it is creating pop-ups. I tried scanning with MalwareBytes Free and Microsoft Security Essentials (with latest definitions on both)—no hits. I also ran CCleaner, adwcleaner and aswMBR but no hits again (CCleaner cleaned some standard junk like Temp Internet Files). I have the aswMBR log but I closed adwcleaner before I realized it does not automatically make a log. I suspect this came from MP3 Skype Recorder (you'll see the program in my logs below), despite being careful to make sure it wasn't installing some 3rd party garbage. The requested FRST64 logs are below. I added the aswMBR log just in case it is useful. I put headers FRST.txt, Addition.txt, and aswMBR.txt to help you Ctrl+F to each quickly. Thank you for your help. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Ro (administrator) on WAYNETECH on 29-04-2014 19:23:54 Running from C:\Users\Ro\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Flux Software LLC) C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [F.lux] => C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [spotify Web Helper] => C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-06-13] (Spotify Ltd) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {5f305cce-0ee6-11e2-96fe-90e6ba104d07} - E:\setup.exe HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {7e36c833-761c-11e3-ba49-90e6ba104d07} - F:\LG_PC_Programs.exe Startup: C:\Users\Rack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ro\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop_List_View_Win7_x64.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.evidera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDF48039BEE3CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 FireFox: ======== FF ProfilePath: C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Extension: LastPass - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\support@lastpass.com [2014-03-21] FF Extension: Facebook Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\facebook@disconnect.me.xpi [2014-04-13] FF Extension: Google Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\google@disconnect.me.xpi [2014-04-13] FF Extension: Remove Cookies for Site - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-23] FF Extension: Download Status Bar - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-24] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-28] CHR Extension: (Google Drive) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28] CHR Extension: (YouTube) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28] CHR Extension: (Adblock Plus) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-28] CHR Extension: (Google Search) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-28] CHR Extension: (Facebook Disconnect) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-06-28] CHR Extension: (AdBlock) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-28] CHR Extension: (JavaScript Popup Blocker) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-06-28] CHR Extension: (Google Wallet) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28] ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-05] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 19:23 - 2014-04-29 19:24 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:22 - 2014-04-29 19:23 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:40 - 2014-04-29 18:57 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-22 12:05 - 2014-04-22 12:06 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2013-08-20 22:23 - 00001159 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-04 14:31 - 2014-04-04 14:35 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-03 10:55 - 2014-04-03 11:04 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2014-04-03 18:59 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-02 20:33 - 2009-05-14 09:26 - 00015416 _____ () C:\Windows\system32\Drivers\ASACPI.sys 2014-04-02 20:33 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys 2014-04-02 20:33 - 2006-01-10 16:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll 2014-04-02 20:33 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll 2014-04-02 20:33 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:27 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-02 20:27 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics ==================== One Month Modified Files and Folders ======= 2014-04-29 19:24 - 2014-04-29 19:23 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:23 - 2014-04-29 19:22 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 19:21 - 2012-09-18 21:59 - 01056408 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 19:19 - 2012-09-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-29 19:19 - 2012-09-19 01:53 - 00000000 ____D () C:\Windows\Panther 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:02 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 19:01 - 2012-10-15 23:26 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-29 18:58 - 2013-09-15 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-29 18:58 - 2012-10-15 23:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-29 18:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-29 18:57 - 2014-04-29 18:40 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-28 12:12 - 2012-09-20 21:12 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\vlc 2014-04-26 15:12 - 2012-11-26 12:51 - 00000000 ____D () C:\Users\Ro\AppData\Local\Black_Tree_Gaming 2014-04-26 15:12 - 2012-09-19 18:00 - 00000000 ____D () C:\Games 2014-04-26 15:11 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-26 09:35 - 2012-11-26 11:55 - 00000000 ____D () C:\Users\Ro\AppData\Local\Skyrim 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-25 19:38 - 2014-02-10 15:43 - 00000000 ____D () C:\Users\Ro\AppData\Local\Paint.NET 2014-04-25 19:27 - 2013-01-20 19:54 - 00000000 ____D () C:\Users\Ro\Desktop\ZOMGPLZ 2014-04-25 07:42 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-24 20:17 - 2012-09-18 21:59 - 00001413 _____ () C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:38 - 2012-11-21 14:41 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Skype 2014-04-24 19:33 - 2014-01-12 19:58 - 00000000 ____D () C:\Users\Ro\AppData\Local\Unity 2014-04-24 19:33 - 2012-10-28 15:52 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins 2014-04-24 08:39 - 2013-10-13 23:06 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll 2014-04-23 08:47 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro 2014-04-22 12:06 - 2014-04-22 12:05 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-18 11:15 - 2012-11-04 17:20 - 00000000 ____D () C:\Users\Ro\Documents\My Games 2014-04-18 08:45 - 2012-11-03 00:36 - 00000000 ____D () C:\Users\Ro\Documents\ZOMGPLZ 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Users\Ro\AppData\Local\Ubisoft Game Launcher 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2012-10-15 23:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-11 19:00 - 2012-10-26 10:21 - 00000000 ____D () C:\Users\Rack\AppData\Roaming\Dropbox 2014-04-11 10:56 - 2012-10-26 10:22 - 00000000 ___RD () C:\Users\Rack\Dropbox 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-10 08:20 - 2012-09-19 17:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-04-08 18:59 - 2014-03-13 22:50 - 00000000 ____D () C:\Users\Ro\AppData\Local\Battle.net 2014-04-08 18:44 - 2014-03-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-04-06 22:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-04 14:35 - 2014-04-04 14:31 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-04 08:18 - 2014-03-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-03 18:59 - 2014-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-03 18:59 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro\AppData\Local\VirtualStore 2014-04-03 15:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-03 11:04 - 2014-04-03 10:55 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2013-07-15 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:28 - 2012-09-19 17:45 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-02 20:27 - 2012-09-19 17:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-04-02 20:27 - 2012-09-19 17:45 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics Some content of TEMP: ==================== C:\Users\Ro\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 09:12 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Ro at 2014-04-29 19:24:11 Running from C:\Users\Ro\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) f.lux (HKCU\...\Flux) (Version: - ) FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX) Folder Size 2.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.8.0.0 - MindGems, Inc.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden LaCie Network Assistant 1.5.16.73 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.16.73 - LaCie) Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.0.128.g3134f863 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - ) ==================== Restore Points ========================= 29-04-2014 22:24:27 Removed MP3 Skype recorder ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-07-07 12:22 - 00575906 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 csh.actiondesk.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 cms.ad2click.nl 127.0.0.1 ad2games.com 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu 127.0.0.1 cl21.v4.adaction.se 127.0.0.1 adadvisor.net 127.0.0.1 tag1.adaptiveads.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {1AA70187-E072-43FE-96D7-ECCA44D4E629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {74A43562-AA48-4BA0-BC29-37D9E1B0BC2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {E3A46183-6069-4025-9C84-33035E3B7DCA} - System32\Tasks\{3A3CA8E3-12CF-4236-A870-C7E512BB18F9} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing Task: {F0C6C727-04A8-4F4E-9759-D6E30473E95F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69526344-1342381157-3629351510-1001Core1cd96b12d111dff.job => C:\Users\Ro\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-15 14:24 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-10-28 15:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-03-29 11:12 - 2014-03-29 11:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-21 19:04 - 2014-03-21 19:04 - 01020928 _____ () C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:02 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4602 System errors: ============= Error: (04/28/2014 00:33:28 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort5. Error: (04/27/2014 08:18:56 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (04/26/2014 06:43:27 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error: (04/26/2014 09:21:09 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/24/2014 08:39:39 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 11:39:40 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 06:35:18 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 08:44:35 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (04/22/2014 11:40:08 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3344 seconds with 1320 seconds of active time. This session ended with a crash. Error: (02/06/2014 10:57:40 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 425 seconds with 240 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 8191.05 MB Available physical RAM: 6384.79 MB Total Pagefile: 16380.29 MB Available Pagefile: 14451.53 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:27.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 56F7885B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ aswMBR.txt aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-04-29 18:45:18 ----------------------------- 18:45:18.680 OS Version: Windows x64 6.1.7601 Service Pack 1 18:45:18.680 Number of processors: 2 586 0x170A 18:45:18.681 ComputerName: WAYNETECH UserName: Ro 18:45:18.835 Initialize success 18:46:23.046 AVAST engine defs: 14042901 18:46:49.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6 18:46:49.724 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 3 18:46:49.728 Disk 0 MBR read successfully 18:46:49.730 Disk 0 MBR scan 18:46:49.737 Disk 0 Windows 7 default MBR code 18:46:49.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:46:49.773 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848 18:46:49.821 Disk 0 scanning C:\Windows\system32\drivers 18:46:55.046 Service scanning 18:47:08.961 Modules scanning 18:47:08.961 Disk 0 trace - called modules: 18:47:08.961 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800704a2c0]<<spjf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 18:47:08.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007679060] 18:47:08.977 3 CLASSPNP.SYS[fffff88001a3e43f] -> nt!IofCallDriver -> [0xfffffa80071b8520] 18:47:08.977 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0xfffffa80071c7060] 18:47:08.992 \Driver\atapi[0xfffffa8007198610] -> IRP_MJ_CREATE -> 0xfffffa800704a2c0 18:47:09.211 AVAST engine scan C:\Windows 18:47:09.788 AVAST engine scan C:\Windows\system32 18:49:02.296 AVAST engine scan C:\Windows\system32\drivers 18:49:07.912 AVAST engine scan C:\Users\Ro 18:51:18.157 AVAST engine scan C:\ProgramData 18:52:57.756 Scan finished successfully 18:56:04.219 Disk 0 MBR has been saved successfully to "C:\Users\Ro\Documents\MBR.dat" 18:56:04.252 The log file has been saved successfully to "C:\Users\Ro\Documents\aswMBR.txt"
  17. FRST log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014 Ran by Nikolas Kosse (administrator) on NIKOLAS on 07-05-2014 13:03:57Running from C:\Users\Nikolas Kosse\DesktopWindows 8.1 Pro (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\System32\vmms.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe(Beepa P/L) F:\Fraps\fraps.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe(ASUSTeK Computer Inc.) F:\Program Files (x86)\AI Suite II\AsRoutineController.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Beepa P/L) F:\Fraps\fraps64.dat(Flux Software LLC) C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe(Akamai Technologies, Inc.) C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe(Akamai Technologies, Inc.) C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\WhatPulse2\whatpulse.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dropbox, Inc.) C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox\bin\Dropbox.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) F:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Advanced Micro Devices, Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices, Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe(ASUSTeK Computer Inc.) F:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [LGODDFU] => F:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-03-20] (Bitleader)HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] => F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [F.lux] => C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [DAEMON Tools Ultra Agent] => F:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3054592 2014-04-17] ()HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [F.lux] => C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Ultra Agent] => F:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3054592 2014-04-17] ()Startup: C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> F:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A70DDAFE6B2CE01SearchScopes: HKCU - {150DC209-6D8B-40E7-9A82-1D060BEEE62F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 172.16.1.1 FireFox:========FF ProfilePath: C:\Users\Nikolas Kosse\AppData\Roaming\Mozilla\Firefox\Profiles\awesg5dg.default-1393998567899FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.2 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No FileFF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: vmware.com/client-support-plugin - C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll (VMware, Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nikolas Kosse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-04]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-04]FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - F:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\FF Extension: Freemake Video Converter Plugin - F:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-03] Chrome: =======CHR Extension: (Entanglement Web App) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-05-06]CHR Extension: (reddit companion) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-05-06]CHR Extension: (Google Docs) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]CHR Extension: (Google Drive) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-06]CHR Extension: (YouTube) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]CHR Extension: (Honey) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-05-06]CHR Extension: (Facebook) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-06]CHR Extension: (Adblock Plus) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-06]CHR Extension: (Webpage Screenshot) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-05-06]CHR Extension: (Nanny for Google Chrome ) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2014-05-06]CHR Extension: (Google Search) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-05-06]CHR Extension: (Logitech SetPoint) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-05-06]CHR Extension: (Blox) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdpcmbkiglkkgciedmkdlbnpjdinchm [2014-05-06]CHR Extension: (GIF Scrubber) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp [2014-05-06]CHR Extension: (Chuck Anderson) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2014-05-06]CHR Extension: (AdBlock) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-06]CHR Extension: (Hover Free) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2014-05-06]CHR Extension: (Cloud Reader) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-06]CHR Extension: (OpinionCloud (for YouTube™ & Flickr™)) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobpaepjhflihdcgajlbmkipfdmjmkda [2014-05-06]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-06]CHR Extension: (StumbleUpon) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-05-06]CHR Extension: (Beautify FB) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldngjhkgckijklngngononnejmadojce [2014-05-06]CHR Extension: (Google Mail Checker) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-06]CHR Extension: (Graph.tk) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2014-05-06]CHR Extension: (Google Wallet) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Google Quick Scroll) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-05-06]CHR Extension: (Sinuous) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-05-06]CHR Extension: (Gmail) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-04-03]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ================= S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)S4 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-11] (Freemake)R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2012-09-26] (Microsoft Corporation)R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [4370736 2014-04-21] (Leap Motion, Inc.)R2 MBAMScheduler; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)S3 Microsoft SharePoint Workspace Audit Service; F:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-20] ()R2 vmms; C:\Windows\system32\vmms.exe [13368832 2013-09-14] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-10-29] (Disc Soft Ltd)S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-10-29] (Microsoft Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-10-29] (Microsoft Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-10-29] (Microsoft Corporation)S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-10-29] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-07-16] (Splashtop Inc.)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [19456 2013-10-29] (Microsoft Corporation)R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)S3 NPF; system32\drivers\NPF.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-07 13:03 - 2014-05-07 13:04 - 00029561 _____ () C:\Users\Nikolas Kosse\Desktop\FRST.txt2014-05-07 13:03 - 2014-05-07 13:03 - 00000000 ____D () C:\FRST2014-05-07 13:02 - 2014-05-07 13:02 - 02063872 _____ (Farbar) C:\Users\Nikolas Kosse\Desktop\FRST64.exe2014-05-06 23:08 - 2014-05-06 23:08 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\DropboxMaster2014-05-06 22:12 - 2014-05-06 22:12 - 00247592 _____ (Premium Installer ) C:\Users\Nikolas Kosse\Downloads\Player-Chrome.exe2014-05-06 14:40 - 2014-05-06 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-06 14:35 - 2014-05-06 14:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-05-06 13:53 - 2014-05-06 14:36 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-06 13:24 - 2014-05-06 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-05-06 12:53 - 2014-05-06 12:55 - 00000000 ____D () C:\AdwCleaner2014-05-06 12:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-05-05 22:42 - 2014-05-07 12:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-05 22:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-05 22:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-05 22:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-02 22:07 - 2014-04-29 11:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-02 22:07 - 2014-04-29 09:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-29 16:33 - 2014-04-29 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-04-24 12:55 - 2014-04-24 12:55 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-22 22:41 - 2014-04-23 18:14 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\dxhr2014-04-22 22:40 - 2014-04-22 22:40 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\280502014-04-22 22:37 - 2014-04-22 22:37 - 00000000 ____D () C:\Users\Nikolas Kosse\Documents\Square Enix2014-04-12 14:36 - 2014-04-12 14:37 - 13697924 _____ () C:\Users\Nikolas Kosse\Documents\Stormdata.xlsx2014-04-09 12:27 - 2014-03-10 05:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-09 12:27 - 2014-03-10 05:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys2014-04-09 12:27 - 2014-03-06 04:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 12:27 - 2014-03-06 04:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-04-09 12:27 - 2014-03-06 01:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-04-09 12:27 - 2014-03-06 01:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb ==================== One Month Modified Files and Folders ======= 2014-05-07 13:04 - 2014-05-07 13:03 - 00029561 _____ () C:\Users\Nikolas Kosse\Desktop\FRST.txt2014-05-07 13:03 - 2014-05-07 13:03 - 00000000 ____D () C:\FRST2014-05-07 13:02 - 2014-05-07 13:02 - 02063872 _____ (Farbar) C:\Users\Nikolas Kosse\Desktop\FRST64.exe2014-05-07 13:02 - 2013-10-29 15:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5E4DEF81-3143-4E90-A40A-6EF6D0BB775A}2014-05-07 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru2014-05-07 12:55 - 2013-06-24 15:34 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\WhatPulse2014-05-07 12:53 - 2014-05-05 22:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-07 12:47 - 2013-03-13 17:12 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-07 12:40 - 2013-09-02 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-07 11:55 - 2013-10-29 00:18 - 01429620 _____ () C:\Windows\WindowsUpdate.log2014-05-07 08:54 - 2012-11-28 02:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4032097650-2782287338-3786064700-10012014-05-07 08:49 - 2013-03-13 17:46 - 00000000 ___RD () C:\Users\Nikolas Kosse\Google Drive2014-05-07 08:48 - 2013-03-13 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-05-07 08:35 - 2014-03-01 19:32 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NIKOLAS-Nikolas Kosse Nikolas2014-05-07 08:27 - 2012-12-15 13:18 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\LogMeIn Hamachi2014-05-07 08:25 - 2013-09-12 20:27 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox2014-05-07 08:24 - 2013-10-29 01:41 - 00000000 __RDO () C:\Users\Nikolas Kosse\SkyDrive2014-05-07 08:24 - 2013-09-10 14:21 - 00003152 _____ () C:\Windows\System32\Tasks\FRAPS2014-05-07 08:24 - 2013-03-13 17:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-07 03:57 - 2013-10-13 20:06 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\vlc2014-05-06 23:28 - 2012-12-11 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-06 23:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness2014-05-06 23:08 - 2014-05-06 23:08 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\DropboxMaster2014-05-06 23:08 - 2013-09-29 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-06 23:08 - 2013-09-12 20:28 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-06 23:08 - 2012-11-27 02:41 - 00000000 ___RD () C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-06 23:03 - 2013-10-29 00:18 - 27590656 _____ () C:\Windows\system32\vmguest.iso2014-05-06 23:02 - 2013-09-29 22:55 - 00030782 _____ () C:\Windows\PFRO.log2014-05-06 23:02 - 2013-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-05-06 23:02 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-06 23:01 - 2013-08-22 08:25 - 03407872 ___SH () C:\Windows\system32\config\BBI2014-05-06 22:12 - 2014-05-06 22:12 - 00247592 _____ (Premium Installer ) C:\Users\Nikolas Kosse\Downloads\Player-Chrome.exe2014-05-06 14:40 - 2014-05-06 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-06 14:40 - 2012-11-30 20:22 - 00000000 ____D () C:\Program Files (x86)\Google2014-05-06 14:36 - 2014-05-06 13:53 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-06 14:36 - 2012-11-30 20:19 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Google2014-05-06 14:35 - 2014-05-06 14:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-05-06 14:35 - 2013-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-06 13:24 - 2014-05-06 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-05-06 12:55 - 2014-05-06 12:53 - 00000000 ____D () C:\AdwCleaner2014-05-06 00:03 - 2012-12-03 01:13 - 00000600 _____ () C:\Users\Nikolas Kosse\AppData\Local\PUTTY.RND2014-05-05 23:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\SchCache2014-05-05 23:25 - 2013-12-11 01:30 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\CRE2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-05 14:09 - 2013-03-20 21:41 - 00000344 _____ () C:\Windows\lgfwup.ini2014-04-30 21:47 - 2013-10-29 00:10 - 00000000 ____D () C:\Users\Nikolas Kosse2014-04-30 13:20 - 2014-02-17 15:00 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Uber Entertainment2014-04-30 12:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-04-29 16:33 - 2014-04-29 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion2014-04-29 16:33 - 2014-01-30 14:26 - 00015118 _____ () C:\Windows\DPINST.LOG2014-04-29 16:33 - 2014-01-30 14:26 - 00000000 ____D () C:\ProgramData\Leap Motion2014-04-29 16:33 - 2013-07-22 14:10 - 00000000 ____D () C:\Program Files (x86)\Leap Motion2014-04-29 16:32 - 2013-08-22 09:44 - 00540816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-04-29 16:32 - 2013-05-28 11:36 - 00000000 ____D () C:\ProgramData\Package Cache2014-04-29 11:00 - 2014-05-02 22:07 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-29 09:47 - 2014-05-02 22:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-28 22:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-04-28 21:51 - 2012-11-28 22:57 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-04-28 20:49 - 2013-09-04 18:19 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-28 20:49 - 2012-12-01 00:43 - 00000000 ____D () C:\ProgramData\Skype2014-04-24 13:54 - 2013-01-05 11:50 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Akamai2014-04-24 12:55 - 2014-04-24 12:55 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-24 12:55 - 2014-01-21 17:17 - 00000000 ____D () C:\ProgramData\Oracle2014-04-24 12:55 - 2013-06-25 14:53 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-23 18:14 - 2014-04-22 22:41 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\dxhr2014-04-22 22:40 - 2014-04-22 22:40 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\280502014-04-22 22:37 - 2014-04-22 22:37 - 00000000 ____D () C:\Users\Nikolas Kosse\Documents\Square Enix2014-04-22 19:24 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-04-22 19:24 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-04-21 15:00 - 2013-01-24 16:21 - 00000600 _____ () C:\Users\Nikolas Kosse\AppData\Roaming\winscp.rnd2014-04-18 09:43 - 2013-10-03 22:33 - 00000000 ____D () C:\Program Files (x86)\WhatPulse22014-04-14 20:13 - 2013-10-16 23:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-14 20:05 - 2013-10-16 23:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-14 20:05 - 2013-10-16 23:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-14 20:04 - 2013-10-16 23:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-12 17:46 - 2013-10-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-04-12 14:37 - 2014-04-12 14:36 - 13697924 _____ () C:\Users\Nikolas Kosse\Documents\Stormdata.xlsx2014-04-09 12:34 - 2013-08-11 18:10 - 00000000 ____D () C:\Windows\system32\MRT2014-04-09 12:34 - 2012-12-12 02:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-08 15:16 - 2013-09-02 20:16 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Files to move or delete:====================C:\Users\Nikolas Kosse\.csp_ovftool_settings.js Some content of TEMP:====================C:\Users\Nikolas Kosse\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\ChangeIcon.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb3a11h.dllC:\Users\Nikolas Kosse\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\LeapUpdate.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.1.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.2.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.5.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\Quarantine.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\raptrpatch.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\raptr_stub.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\SkypeSetup.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\Smart Menu x64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\sonarinst.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.2-win32.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.2-win64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.3-win64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-07 03:19 ==================== End Of Log ============================
  18. Hi, For the last few days Google has been persistently redirecting me to CAPTCHA pages and the like citing "illegal traffic". So I guess my computer is infected? I've done a full scan with Malware Bytes and found a few things (log attached), but the problem hasn't stopped so I don't think I got it. Also attached: DDS log and HJT log Any help would be greatly appreciated, thank you! Tom attach.txt dds.txt hijackthis.log mbam-log-2014-03-18 (14-18-19).txt
  19. Hi there, I recently downloaded an application and managed to obtain this annoying infection! Now I have followed the steps on a previous post earlier this year from MrC, using OTL... Now, according to his steps and using OTL it should have been removed, unfortunately though it seems that it hasn't when I open up another Google chrome browser, please help! unsure of what to do next! Please see attached my log: All processes killed========== OTL ==========Prefs.js: "Yahoo" removed from browser.search.defaultenginenamePrefs.js: "chr-greentree_ff&ilc=12&type=800236" removed from browser.search.param.yahoo-frPrefs.js: "Yahoo" removed from browser.search.selectedEnginePrefs.js: "http://search.yahoo....=spigot-yhp-ff" removed from browser.startup.homepagePrefs.js: "http://search.yahoo....type=800236&p=" removed from keyword.URL========== COMMANDS ========== [EMPTYJAVA] User: Adam Jennings->Java cache emptied: 0 bytes User: All Users User: Default User: Default User User: Public Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: Adam Jennings->Temp folder emptied: 36335 bytes->Temporary Internet Files folder emptied: 677188 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 6833650 bytes->Flash cache emptied: 0 bytes User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2356 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 7.00 mb [EMPTYFLASH] User: Adam Jennings->Flash cache emptied: 0 bytes User: All Users User: Default User: Default User User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03112014_194057 Files\Folders moved on Reboot...C:\Users\Adam Jennings\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Adam Jennings\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  20. Hi, Sorry to bother you all. I was stupid. In an effort to clean up my computer, my father recommended Advanced System Care. However, I was incredibly stupid: when installing it, I was going too fast through the Installation and accidentally installed Spigot and its related malware. Now Chrome and IE have annoying and downright scary Yahoo homepage redirects I can't get rid of even after uninstalling Spigot via Uninstall Programs. Firefox doesn't redirect, but sadly also has developed a problem where a lot of the websites I used to go to never completely finish loading. MalwareBytes, Norton, and Avast (Full and Boot scans) don't detect anything. Please help me remove all traces of Spigot and this terrible malware (why isn't this sort of thing illegal after I've already gone through the process of uninstallation?). I am using Windows 7. I'm not very experienced with this, so please have patience with me and talk to me as step-by-step as you can. For any help, thank you in advance.
  21. Thanks in advance for any help you can offer! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 Run by wifikyla at 19:01:14 on 2014-01-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.3238 [GMT -6:00] . AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Prey\platform\windows\cronsvc.exe C:\Users\wifikyla\AppData\Local\CrossLoop\CrossLoopService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\locator.exe C:\Program Files\Soluto\SolutoLauncherService.exe C:\Windows\system32\taskhost.exe c:\program files\soluto\soluto.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Soluto\SolutoService.exe C:\Program Files\Soluto\SolutoRemoteService.exe C:\program files (x86)\google\google calendar sync\googlecalendarsync.exe C:\Users\wifikyla\appdata\roaming\dropbox\bin\dropbox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Firefox\firefox.exe C:\Program Files (x86)\Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs uURLSearchHooks: FCToolbarURLSearchHook Class: {6f52f077-2dbf-f864-8da7-73cc1a21005a} - C:\Program Files (x86)\Upromise RewardU Toolbar\Helper.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, BHO: Upromise RewardU Toolbar BHO: {2E1946E4-D51E-6074-C16F-ED7E0D98A8E4} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: Upromise RewardU Toolbar: {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files (x86)\Upromise RewardU Toolbar\Toolbar.dll uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\wifikyla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\wifikyla\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:3 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{2CFDD833-8A72-4ECC-B72B-4B8BFC2DFB3C} : DHCPNameServer = 192.168.0.1 205.171.3.25 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\wifikyla\AppData\Roaming\Mozilla\Firefox\Profiles\213f5a7b.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\wifikyla\AppData\Local\Citrix\Plugins\97\npappdetector.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - e28da934-b1cc-4364-b0a5-48769c5cf2ef FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 0049d4b500000000000000219b003045 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15847 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:18:38 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=gc_ FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2014-1-14 54728] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-10-19 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-10-19 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-10-19 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140123.001\IDSviA64.sys [2014-1-23 521944] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-10-19 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-10-19 433752] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 CrossLoopService;CrossLoop Service;C:\Users\wifikyla\AppData\Local\CrossLoop\CrossLoopService.exe [2013-11-15 569072] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-10-19 144368] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-9 1153368] R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-11-14 182848] R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-11-14 856128] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-19 137648] R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920] R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-11-14 1942016] R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824] S2 Stratus Client;Stratus Data Link Service;C:\Program Files (x86)\Stratus\wrapper.exe [2011-11-16 204800] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-4 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-19 31800] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-4 57856] S3 tvnserver;TightVNC Server;C:\Users\wifikyla\AppData\Local\CrossLoop\tvnserver.exe [2013-11-15 814080] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736] S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] . =============== Created Last 30 ================ . 2014-01-19 16:14:27 -------- d-----w- C:\Users\wifikyla\AppData\Local\VS Revo Group 2014-01-19 16:14:23 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2014-01-19 16:14:23 -------- d-----w- C:\ProgramData\VS Revo Group 2014-01-19 16:14:21 -------- d-----w- C:\Program Files\VS Revo Group 2014-01-15 12:10:52 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-15 00:40:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-15 00:40:19 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-15 00:40:19 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-15 00:40:19 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-15 00:40:19 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-15 00:40:19 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-15 00:40:19 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-15 00:40:19 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-15 00:26:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2014-01-15 00:25:19 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys 2014-01-15 00:25:15 -------- d-----w- C:\Program Files\Soluto 2013-12-25 01:58:59 -------- d-----w- C:\Program Files (x86)\Dungeon Scroll . ==================== Find3M ==================== . 2014-01-24 00:48:40 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2013-12-10 23:37:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-10 23:37:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll . ============= FINISH: 19:01:33.18 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 9/25/2011 7:35:05 PM System Uptime: 1/23/2014 5:03:37 PM (2 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 697 GiB total, 503.368 GiB free. D: is FIXED (NTFS) - 2 GiB total, 0.961 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 298 GiB total, 207.649 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP233: 8/29/2013 3:00:11 AM - Windows Update RP234: 9/3/2013 6:33:18 AM - Windows Update RP235: 9/8/2013 12:50:25 PM - Windows Backup RP236: 9/12/2013 3:07:23 PM - Windows Update RP237: 9/12/2013 3:59:36 PM - Windows Update RP238: 9/17/2013 6:43:19 PM - Windows Update RP239: 9/22/2013 8:18:53 AM - Windows Backup RP240: 9/22/2013 5:53:07 PM - Windows Backup RP241: 9/24/2013 6:52:19 PM - Windows Update RP242: 9/27/2013 8:46:03 PM - Windows Update RP243: 10/1/2013 7:23:50 PM - Windows Update RP244: 10/4/2013 8:45:29 PM - Windows Update RP245: 10/4/2013 10:05:23 PM - Removed Skype™ 6.6 RP246: 10/4/2013 10:14:52 PM - Removed Relentless Software Prerequisites RP247: 10/4/2013 10:18:10 PM - Removed Stratus Data Link Service RP248: 10/5/2013 7:26:29 PM - Removed Stratus Data Link Service RP249: 10/5/2013 7:31:47 PM - Removed Stratus Data Link Service RP250: 10/5/2013 7:44:57 PM - Removed Microsoft Silverlight RP251: 10/5/2013 7:45:42 PM - Removed Stratus Data Link Service RP252: 10/6/2013 12:26:06 PM - Windows Backup RP253: 10/6/2013 1:29:06 PM - Windows Backup RP254: 10/8/2013 9:00:29 PM - Windows Update RP255: 10/8/2013 9:18:47 PM - Windows Update RP256: 10/15/2013 3:35:48 PM - Windows Update RP257: 10/18/2013 8:15:30 PM - Windows Update RP258: 10/19/2013 3:43:28 PM - Installed CenturyLink Installer RP259: 10/20/2013 11:01:10 AM - Windows Backup RP261: 10/28/2013 5:56:58 PM - Scheduled Checkpoint RP262: 11/3/2013 8:50:06 AM - Windows Backup RP263: 11/10/2013 7:04:21 PM - Scheduled Checkpoint RP264: 11/13/2013 7:00:57 PM - Windows Update RP265: 11/17/2013 9:50:29 AM - Windows Backup RP266: 11/24/2013 4:15:42 PM - Scheduled Checkpoint RP267: 11/26/2013 7:00:22 PM - Windows Update RP268: 11/27/2013 7:00:11 PM - Windows Update RP269: 12/5/2013 8:14:14 PM - Scheduled Checkpoint RP270: 12/11/2013 6:43:42 AM - Windows Update RP271: 12/15/2013 7:00:14 PM - Windows Update RP272: 12/23/2013 7:02:39 PM - Scheduled Checkpoint RP273: 12/30/2013 7:26:58 PM - Scheduled Checkpoint RP274: 1/6/2014 7:55:37 PM - Scheduled Checkpoint RP275: 1/14/2014 6:40:36 PM - Windows Update RP276: 1/15/2014 6:20:36 AM - Windows Update RP277: 1/18/2014 10:39:04 AM - before CenturyLink PC health RP278: 1/18/2014 10:42:22 AM - Installed CenturyLink Installer RP280: 1/19/2014 10:15:42 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup Free RP282: 1/19/2014 10:16:31 AM - Revo Uninstaller Pro's restore point - 360Amigo System Speedup Free RP284: 1/19/2014 10:17:25 AM - Revo Uninstaller Pro's restore point - 3D Fish School 4 Screen Saver RP286: 1/19/2014 10:18:38 AM - Revo Uninstaller Pro's restore point - 3D Sci-Fi Movie Maker RP288: 1/19/2014 10:20:45 AM - Revo Uninstaller Pro's restore point - ABViewer RP290: 1/19/2014 10:21:38 AM - Revo Uninstaller Pro's restore point - Ad-Aware Free Antivirus + RP292: 1/19/2014 11:42:16 AM - Revo Uninstaller Pro's restore point - COMODO System Cleaner RP294: 1/19/2014 11:43:20 AM - Revo Uninstaller Pro's restore point - Clean Disk Security(1) RP296: 1/19/2014 11:44:01 AM - Revo Uninstaller Pro's restore point - Clean My Registry RP298: 1/19/2014 11:44:46 AM - Revo Uninstaller Pro's restore point - Clean Space 2013 RP300: 1/19/2014 11:46:33 AM - Revo Uninstaller Pro's restore point - CleanCenter RP302: 1/19/2014 11:47:14 AM - Revo Uninstaller Pro's restore point - Corel PaintShop Pro X5 RP304: 1/19/2014 1:37:44 PM - Revo Uninstaller Pro's restore point - Clean Disk Security RP306: 1/19/2014 1:38:53 PM - Revo Uninstaller Pro's restore point - Dungeon Defenders RP308: 1/19/2014 1:43:18 PM - Revo Uninstaller Pro's restore point - IrfanView (remove only) RP310: 1/19/2014 1:44:11 PM - Revo Uninstaller Pro's restore point - GoToMeeting 5.8.0.1189 RP312: 1/19/2014 1:45:46 PM - Revo Uninstaller Pro's restore point - Opera 12.14 RP314: 1/19/2014 1:47:26 PM - Revo Uninstaller Pro's restore point - Stratus Data Link Service RP316: 1/23/2014 6:48:55 PM - Revo Uninstaller Pro's restore point - office Convert Pdf to PowerPoint for ppt Free . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.06) Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Canon MP Navigator EX 3.1 Canon MX340 series MP Drivers CenturyLink Installer CrossLoop 2.82 CutePDF Writer 2.8 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Download Manager Dropbox Dungeon Scroll Gold Edition (remove only) Families Sync Family Tree Maker 2012 Google Apps Migration For Microsoft Outlook® 2.3.12.34 Google Calendar Sync Google Earth Google Update Helper HiJackThis iCloud Intuit SiteBuilder iTunes Legacy 7.5 Malwarebytes Anti-Malware version 1.75.0.1300 Memeo Instant Backup Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Money Plus Microsoft Money Shared Libraries Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Nancy Drew: Message in a Haunted Mansion Norton AntiVirus Notepad++ oDesk Team QuickTime Revo Uninstaller Pro 3.0.8 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition SnagIt 8 Soluto Spybot - Search & Destroy Steam TrueCrypt Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition Upromise RewardU Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Encoder 9 Series Xenu's Link Sleuth . ==== Event Viewer Messages From Past Week ======== . 1/23/2014 5:58:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5. 1/23/2014 5:12:46 PM, Error: Service Control Manager [7034] - The Stratus Data Link Service service terminated unexpectedly. It has done this 1 time(s). 1/23/2014 5:12:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect. 1/23/2014 5:12:42 PM, Error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/23/2014 5:10:37 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the MemeoBackgroundService service to connect. 1/23/2014 5:10:37 PM, Error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/22/2014 8:59:23 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 1/19/2014 11:57:16 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 1/19/2014 11:57:16 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. . ==== End Of File ===========================
  22. I am very happy with Malwarebytes. However, I encountered a problem with spigot which has been around for a number of years. I would think that Malwarebytes would either 1) have their support staff prepared with a ready protocol to clean the problem, or 2) prevent the problem outright! Fortunately, a Forum expert helped me over two days, working through the weekend (many of us do work weekends) to clean spigot from my computer for "free" though I provided a donation, while 2) your tech support made a few attempts, apparently only recognizing what the problem was after some initial scans (though I provided that info upfront). Clean this sort of problem up either proactively or as "viruses" do they will adapt and change making that difficult or impossible, so be prepared by keeping abreast and ensuring your Tech support have efficient protocols ready to know these toxins out. Keep up the overall outstanding work!
  23. Hello, I have the Spigot redirect malware and can't seem to get rid of it. I updated Advanced System Care and it attached Spigot. I have searched online for a fix but can't find one that works. Can you help please?
  24. When I click to "Watch" an item on eBay, and at many other times, I get a Pop-Up to the Web Site Jsn.DoneCore.Net . Fortunately MalwareBytes blocks content, but seeing this Pop-Up hundreds of times a day is getting old - fast. I suppose I could turn on a Pop-Up Blocker for eBay, but as I use this site a lot, and Pop-Ups are needed there, that's not practical. I've run Full Scans across all my Drives; many items were discovered and removed, but the problem remains. I'd hate to have to do yet another full reinstall of my OS. Advice for things I have not tried ? Please ?
  25. Hello everyone My teenage son decided to download Vuze onto my laptop last night and when i logged on this morning and went on the internet all my searches were being redirected though yahoo and its really annoying. I did some searching and saw a program called spiggot in a bunch of files. So i went into C:\Program Files (x86)\Common Files and found a spiggot folder and deleted it but it's still going through yahoo. Ive had this happen to my laptop before and i just did a complete system restore on the computer. I would like to somehow remove it though this time because i have important documents saved on here that i cannot move. Anyone have any suggestions?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.