Jump to content

Search the Community

Showing results for tags 'Rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, I believe that my computer is infected with a root kit. The first thing I noticed was that my firefox search extensions were rearranged and that a program called RocketTab was installed on my computer. I never conciously installed that program. Any attempts at uninstalling or deleting that program were unsuccessful so far, it always returns after reboot. This program is apparently located in the folder C:\Program Files\Search Extensions. First this folder contained only an uninstall.exe file. This is what virustotal says about that file: https://www.virustotal.com/file/6ccc20982c90c78e6b8f92ac4d811edd6a8c4b1075cc897f2e1c3bd1566bfbe9/analysis/1415910818/ Now the folder contains a whole bunch of files, among them one ironically named TrustedRoot.cerI have attached the contents of that folder as a zip file. Secondly, running or installing any anti-virus software is impossible and interrupted at some point by a different error message. I've tried Malwarebytes, Kaspersky Anti-Virus 2015, and Kaspersky TDSSKiller. I managed to run TDSSKiller in windows safe mode, and while it found no threats, it took particularly long to scan a file named mctadmin.exe which is apparently located at C:\Windows\System32. I also zipped and attached that file to this thread. While no virus scanner at virustotal identified it as a threat, one of the first hits when googling the name of that file is another malwarebytes forum thread describing symptoms very similar to mine: https://forums.malwarebytes.org/index.php?/topic/74208-rather-nasty-rootkit/ Any help in this matter would be very highly appreciated! Please also find attached my Farbar Recovery Scan Tool logfile and Addition.txt
  2. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I had some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy out and there goes another $120 to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am usingnow is my desktop. I did a system restore (and was only allowed a few weeks back), about a week ago, this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. Before this whole nightmare I was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they're just waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I am off to bed, but will be checking for responses around 7-8am Eastern Standard Time and throughout the day. Sincerely, Stephen Kelly (Spkelly9807)
  3. Original problem: it seemed like my computer had a virus of some sort (fake anti-virus websites ALWAYS opening and trying to download things when I was browsing the internet), but no hits with MBAM scans or AVG scans. Step 1: I read the blog and thought the Powelicks post sounded like my problem, so I downloaded MBAR BETA. Extraction went fine, but when I tried to run the tool, I immediately got a message asking me about a specific .dll file. The message (from MBAR) said it was probably a rootkit causing the particular .dll file (which I did not take a screenshot of or write down). The message box gave me a Yes or No option to remove that file immediately. The message went on to say that if I wasn't sure, I should press "No", but that if MBAR crashed or was unable to scan, to close and restart the tool, and select "Yes" the next time. I pressed "No", the scanner crashed, and I restarted it, got the same message, and selected "Yes". Step 2: I tried to run the MBAR scan and get the attached error message. What should I do next?
  4. My mothers netbook has an recurring rootkit.access.0 infection at someplace in the registry that ends with Legacy_*202EETADPUG. I have noticed on these forums the same address I mentioned above when I looked up how people dealt with their problem with rootkit.access0. I used Chameleon to run Malwarebytes Premium several times but it comes back every other reboot. Malwarebytes AntiRootkit Beta does not find it when I ran it separatedly. I need help to get rid of this infection. I also am not sure if there are other infections or not. I already downloaded AdwCleaner, ComboFix, DelFix, ESET Online Scan, Farbar Recovery Scan Tool, Junkware Removal Tool (JRT), RevoUninstall, RogueKiller32bit, SecurityCheck, and TDSSKILLER onto a SD card using another computer. None of the programs have been activated, run, or installed; I collected them so to have them at hand when asked to use them.
  5. Have contracted rootkit malware, noticed when multiple incidences of explorer and dllhost were running and explorer.exe tried to access internet (blocked by Malwarebytes). Per instructions elsewhere I have downloaded and run FRST.EXE and also Roguekiller. The FRST.TXT and ADDITION.TXT from FRST and the RKreport from Roguekiller are copied below. I downloaded and ran the premium version of Malwarebytes which found several instances of threats which I quarantined. Malwarebytes log also attached. Other than that, I have made no deletions or changes to anything. Hope I am doing this right. Thanks much in advance for any help. Only other request would be: do you know how to track down the individuals responsible for this stuff? Thanks, PirateSteve FRST.txt Addition.txt RKreport_SCN_11042014_191751.log Malwarebytes Scan Log.txt
  6. Hello, i am at my wits end trying to figure out what is going on with my pc. I just recently got it back from a friend (HUGE mistake) and i had to completely reformat the system due to the sheer volume of malware he managed to get onto it. However since then my pc keeps accumulating new virus' and malware. I am currently using MAMB, AVG Antivirus and AVG Tuneup Utilities to try and root around in my pc (heh, get it?). Im running Win7, 4GB RAM, 64-Bit OS, 3.21GHz Processor as well as a 1000GB External Harddrive. Please help as im not sure i will be able to use my pc for anything anymore :/
  7. guess all i need to do here is post the text docs eh?... here's my other post where i've explained everything that's happened thus far.... https://forums.malwarebytes.org/index.php?/topic/153380-malware-bytes-keeps-getting-stuckfreezing-and-im-infected/?p=856983 FRST.txt Addition.txt CheckResults.txt
  8. I'll run any diagnostics you ask and provide all logs, but here's the whole story first: It all started about a month ago when my laptop's internal hard drive (not stock. I replaced the HDD about a year prior) started randomly giving me BSOD's out of nowhere. I can't remember what the BSOD said, but it was more than one error message, usually something that lead me to believe it was a hardware issue. I figured my HDD was simply in bad shape from not being defragged lately, so I started running defrag and chkdisk as much as I could (between BSOD's). One day, my girlfriend received a text message from a number that had been harassing her, giving her my location, which is impossible to discover, unless someone indeed had gained access to my system. I spoke to a professional with more experience with hardware and malware than myself, and he told me that fragmentation is a file issue, not an HDD issue, and as such I should stop wasting my time with that and start getting my files off the HDD, just in case. At the same time, my touchpad also started randomly having issues, which lead me to suspect that it could be a BIOS/rootkit/low-level issue. When I told said professional about my possible attacker, he said "Knowing that, I would have had the entire system rebuilt last week." I told him that, financially, that wasn't an option, so he gave me a few tips to get rid of potential rootkits, like backing up all my files, excluding any and all executables, then formatting my hard drive and repartitioning it, to remove the MBT. I did that, but at the time I had a different issue as well. My HDD would randomly become inaccessible, which no doubt caused some of the BSOD's. I would boot and not find it in my boot order. Try to recover, same thing, no drives found. So I pulled out my old (stock) internal HDD and started using it temporarily. I also installed Windows (8.1, same as on all my bootable media) on an external, booted from it and tried to diagnose the faulty hard drive, to no avail. When I would get lucky and have it show up, I pulled as much data as I can off of it and did as much repairs as possible before it disappeared again. That hard drive was wiped clean, repartitioned and left for a bit, all was fine. I installed Windows on it, and the next day it disappeared again. So I gave up on it and started using my external, until it stopped booting from that too. File-wise, the external is fine. But as of the last time I tried booting from it, it either didn't show up in the boot order or gave me bootrec error messages (I can't remember). For the past week or two, I've been content booting from my stock internal hard drive, and the external for the files that are on it, with no issues. Until a few days ago, during inspection, I accidentally tore my touchpad's ribbon and had to get a mouse. I got two for good measure, one wired one wireless. The wireless one is all over the place (aim-wise) and the wired one has precise, rarely-rash aim, but the clicking is all over the place (either double clicks when I click, or doesn't click at all, or clicks when I don't want it to). Today, 2-3 days after I started using a mouse, I randomly started hearing continuous system beeps, at about 0.5 s intervals, that do not stop until I click and hold shift for about 10 seconds. The keyboard is also completely unresponsive during the beeping. And when the beeping stopped, clicking shift (to capitalize, while typing) would give me an extra letter. For example, capitalizing S would type SW, D gives me DE, etc. I'm not sure if this, or the mouse issues, or the touchpad issues are in any way relevant, but I thought I'd mention them just in case. So, amidst my frustration with my laptop that is becoming increasingly tedious to use, I decided to start checking for rootkits (even though I'm running the stock HDD, which should be clean). I ram MBAR and GMER and got nothing (well GMER gave me a few results, but none were red, and I could account for at least half of them). So I hooked up my external HDD and ran both again, only to get a BSOD saying CRITICAL_STRUCTURAL_CORRUPTION which, upon googling, turned out to be a driver issue. I open up my event log and I see thirty six entries, over the course of three minutes, saying "The device, \Device\Harddisk0\DR0, has a bad block." Curiouser and curiouser. I run MBAR again, and now it's giving me a DDA driver error. I'm guna let GMER run and then restart. I'm also guna run chkdisk on boot and see what that tells me. It might be noteworthy to mentiont that the reason I had replaced this (stock) HDD was because I had dropped the laptop (about an inch) while it was hibernating and the HDD just stopped working. I was less experienced at the time and decided to just set it aside. I'm not sure how I got it working again when I needed it, but I think I just formatted C and reinstalled Windows. I understand your possible excitement upon reading this and thinking "About time we got someone with a rootkit!" but try to remember, at the end of the day, while I'd love to help you guys out, I just wanna return to activities without having a new (seemingly-hardware) issue pop up every other day with all sorts of new and colorful error messages. Thanks in advance.
  9. Hi, Is the second time I get this msgbox Now I am worried, I dont think my computer is infected, but I am not expert here Vista SP2 x32, ESET SS v6, MBAM v2 Premium, HitmanPro, Shadow Defender (latest), Sandboxie Paid (latest), FF (latest), Adobe Flash Player (Latest) Please help!! Thanks Camelia
  10. Hello, I need your kind help with this warning message from Comcast Constand Guard. It showed 1 Bot Detected. Bot Name "TDSS-TDL_Generic", Type "Multi-Purpose". I have both "Malwarebytes Premium" and "symantec endpoint protection" enabled on my PC, and no warning message from any of them. The system is functioning fine and scans from above antivirus were clean too. I have no idea what to do next, can you please guide me to detect and remove potential rookit from my PC? Thanks! Jay
  11. Hi When i run a threat scan with "Scan for rootkit" enabled in settings i get Scanner failed Error code 20026 Unable to load Rootkit-Driver 20026 If i untick "Scan for Rootkit" it runs fine showing no Malware can anyone help plz Peter Win 7 x 64 Ultimate fully updated
  12. For the past few weeks I have been dealing with a number of infections. First is the PUPS. I am running BitDefender as my main virus scanner. But every time MBAM does a scan it will tell me it has found one of three things:spigot, conduit, and/or superfish. I quarantine them but when I restart my machine they come back. I was thinking maybe I could handle this on my own because I have experience removing infections from my own computer but I am at my wits end here. I already have MBAM installed and I got the additional security tools cd when I paid for the premium version of MBAM. In addition when I was trying to remove the PUPS I went ahead and installed Spybot Search and Destroy but I don't know how to use it and another spyware removal program that didn't seem to help much. I installed all the programs on the cd and the MBAR (rootkit) program said I could have potential rootkit dll file on my box. Before that when BitDefender did it's regularly scheduled scan yesterday it said it had quarantined a trojan. Thanks for any and all help! scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by A (administrator) on ALEXANDRA-PC on 07-07-2014 23:19:54 Running from C:\Users\A\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Reason Software Company Inc.) C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (Genie-soft) C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\downloader.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2824528 2012-06-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [boxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13509056 2014-06-25] (Box, Inc.) HKLM\...\Run: [spywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM\...\Run: [spywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM-x32\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-23] (Bitdefender) HKU\.DEFAULT\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-23] (Bitdefender) HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-23] (Bitdefender) HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Run: [Registry Cleaner] => C:\Program Files (x86)\MyTechHelp\Registry Cleaner\RCLauncher.exe HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] () HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Run: [MyTechHelp Registry Cleaner] => C:\Program Files (x86)\MyTechHelp\Registry Cleaner\RCLauncher.exe HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Run: [GoogleChromeAutoLaunch_7BF1FD95D04C53B8010C6271BFF3AA5D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1827809378-912741919-3246080145-1000\...\MountPoints2: {0aadc518-319e-11e3-a468-c485083e596c} - E:\LaunchU3.exe -a HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft) HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1827809378-912741919-3246080145-1001\...\Policies\Explorer: [NoInstrumentation] 1 Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: 01ElephantIconOverlay -> {AFA39CBB-DF66-47f9-A047-47ED25FE655E} => C:\Program Files (x86)\TechZilla\tzCloud\IconOverlay-64bit.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 02ElephantIconOverlay -> {1E519A85-494E-4706-AC87-1CC8BB9CC5DA} => C:\Program Files (x86)\TechZilla\tzCloud\IconOverlay-64bit.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 03ElephantIconOverlay -> {0E2DD711-458A-4b39-8211-3F5FDAA0539E} => C:\Program Files (x86)\TechZilla\tzCloud\IconOverlay-64bit.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: 04ElephantIconOverlay -> {2E28D71B-2733-46CD-B61B-49926AC3FD6F} => C:\Program Files (x86)\TechZilla\tzCloud\IconOverlay-64bit.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * BootDefrag.exesdnclean64.exe GroupPolicyUsers\S-1-5-21-1827809378-912741919-3246080145-1000\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x46CA99D3E24BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6F7974A4-5497-4B67-8A4B-7AC251CEABBC} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {6F7974A4-5497-4B67-8A4B-7AC251CEABBC} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms} BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SafeWallet - {F4BD56CF-6EF8-45CA-AB6F-9C9D313C3D07} - C:\Program Files (x86)\SafeWallet\SWIEExtension.dll (SBSH) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) Toolbar: HKLM-x32 - SafeWallet Toolbar - {DC0D6E34-F2DB-4007-AF5E-C77AA97A80A0} - C:\Program Files (x86)\SafeWallet\SWIEExtension.dll (SBSH) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{7C237B6F-0F7D-44B5-9A08-DC395E4BC548}: [NameServer]8.26.56.26,156.154.70.22 Tcpip\..\Interfaces\{AFB80C86-20E1-4105-9B89-9C92372BC413}: [NameServer]208.67.222.222,208.67.220.220 FireFox: ======== FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3kftq7hi.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Yahoo! Toolbar - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\3kftq7hi.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-01-25] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-17] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-07] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-03-07] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-28] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-07] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-28] Chrome: ======= CHR HomePage: CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN13495198426598598&UM=2", "hxxp://www.google.com" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\A\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Bitdefender QuickScan) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\npqscan.dll (Bitdefender SRL) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Math - Expressions and Equations solver) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmlciailbmfgedjkmbmfbaddfhdeljo [2013-12-12] CHR Extension: (BIODIGITAL HUMAN) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-12-12] CHR Extension: (Xmarks Bookmark Sync) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2013-12-12] CHR Extension: (Google Docs) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11] CHR Extension: (Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Mangahigh - Making Math Irresistible) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkecmodcflighmgjiidpfngpigncjkl [2013-12-12] CHR Extension: (Desmos Graphing Calculator) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2013-12-12] CHR Extension: (3D F1 Racing) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjmpnhmdoblkjfijdoaadaeffaaknfip [2013-12-12] CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11] CHR Extension: (eBay) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2013-12-12] CHR Extension: (Bitdefender Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-07] CHR Extension: (Ebates Cash Back) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2013-12-12] CHR Extension: (Library Extension) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkgcmmjoejpekoegkedcpifgfhpjmec [2013-12-12] CHR Extension: (Shopping Mall Parking 3D) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\clipkodmbobgeipjokdkbjnbijkkhmbm [2013-12-12] CHR Extension: (Print Mandalas) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\clofgneecjlbnplodgcdfdkfekngeifl [2013-12-12] CHR Extension: (Weebly - Website Builder) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2013-12-12] CHR Extension: (Google Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11] CHR Extension: (Fraction Calculator) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\daknohebamnokicgmpigepchllkhkdah [2013-12-12] CHR Extension: (ColorMandala) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbafebdejmcgpbfkppndjeajebpppnei [2013-12-12] CHR Extension: (Parking Mania™) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliaancdkclmoacockpgpcopnfcjgmpe [2013-12-12] CHR Extension: (Word Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2013-12-12] CHR Extension: (Feedly Notifier) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\egikgfbhipinieabdmcpigejkaomgjgb [2014-04-27] CHR Extension: (Pixlr-o-matic) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2013-12-12] CHR Extension: (Davitily Math Academy) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgkencbhniekejnjmlkpfmcambmikj [2013-12-12] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-01-03] CHR Extension: (Practice Math) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcpalfkpbhhiaibalhoedjncjpjhmfge [2013-12-12] CHR Extension: (ZenMate) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-01-03] CHR Extension: (Print this page with CleanPrint) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2013-12-12] CHR Extension: (Print Selection) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk [2013-12-12] CHR Extension: (HTTPS Everywhere) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-01-03] CHR Extension: (Math Invaders) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfndgfelifpjlkcpbnjgegkbajimhmce [2013-12-12] CHR Extension: (Visnos Interactive Mathematics) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkaehphddognnolhgnimoadpoacbdhbd [2013-12-12] CHR Extension: (Open PayPal) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\glghgmejmmepalcnengjekjfmfbailbl [2014-01-03] CHR Extension: (HP Smart Print) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2013-12-12] CHR Extension: (Where to delete an account) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpofkfbabpbbmchmiekfnlcgaedbgcf [2014-01-01] CHR Extension: (NPR Infinite Player) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-12-12] CHR Extension: (Allow Right-Click) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-12-12] CHR Extension: (SpeedAnalysis.com) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccflhnofikabhofiecmimkdmdjbkpnn [2013-12-12] CHR Extension: (Incognito This!) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho [2014-01-03] CHR Extension: (Hojoki) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjcgdcbhobdcojhnabjlholpbdmnpaa [2013-12-12] CHR Extension: (Boxcryptor) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmndaodmdjamfepoijpolhjddgfgmme [2014-01-03] CHR Extension: (Math - Systems solver) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\illoeemapnndmdocobblbpcopiefbene [2013-12-12] CHR Extension: (Typist) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobjdokbkdhnelgogpoompgojjmgnejn [2014-01-03] CHR Extension: (Math Motorway) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdihnhedcafgpbbbbiohamlkbbjlifdb [2013-12-12] CHR Extension: (Turbo Parking - Quickly Park your Car!) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jegpgdincjbdcckcndagnldclicalifa [2013-12-12] CHR Extension: (Disconnect) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-12-12] CHR Extension: (Typing Test - KeyHero) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-12-12] CHR Extension: (BeFrugal.com Add-On) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2013-12-12] CHR Extension: (Free Invoice Maker) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2013-12-12] CHR Extension: (Speed Reading Trainer) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\klloefpijaofgelefjimlhdikagaegfe [2013-12-12] CHR Extension: (Google Play) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-12-12] CHR Extension: (Color by Numbers - Animals) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcoipbiondkelalojhpgohnlakmmdjdm [2013-12-12] CHR Extension: (IQ FitFun Lite) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkgnpkopalfhlmdaoannmdbpmefhphl [2013-12-12] CHR Extension: (Cleaner Facebook) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh [2013-12-12] CHR Extension: (BookCollectorConnect) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodnnkllpjmiilmdkodnfaphmnfejhfh [2013-12-12] CHR Extension: (TODO) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\madhkckbjlmbdljfhidcbnpkknjlojoa [2013-12-12] CHR Extension: (Qmee) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2014-05-10] CHR Extension: (Extreme Racing) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmkojdflkpldoldoccpobfeaononj [2013-12-12] CHR Extension: (Open Library Book Search) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfabonemecnhlpcdippbpgjhmdciegii [2013-12-12] CHR Extension: (Hide My Identity Pro!) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipikfiemonghohkoahdejodajomoedf [2013-12-12] CHR Extension: (Shopping Mall Parking) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfoehokglnmbbnncflhhgapdfkhahle [2013-12-12] CHR Extension: (Google Play Books) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-12] CHR Extension: (Bookmark) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2013-12-12] CHR Extension: (Coloring Pages) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbldodhfmmfcfaooalepihkfkmjhnmei [2013-12-12] CHR Extension: (Parking Mania) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncnmjokachcjofnjggegaafldpoimikb [2013-12-12] CHR Extension: (Webutation) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2013-12-12] CHR Extension: (Amazon Windowshop) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nielaigelomefgdoljcpfgbdbfefhdjc [2013-12-12] CHR Extension: (Personality test) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\njopbnajjknkfcmaefnkmjkaknhcjmld [2013-12-12] CHR Extension: (Google Wallet) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Amazon™ Coupons) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogafikdinnpfpcmgiafoaibdkepijahb [2013-12-12] CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2013-12-12] CHR Extension: (Cork Board) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga [2013-12-12] CHR Extension: (Sales Tax Calculator) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjlbagajkgilpkmpophdoocimkfaogg [2013-12-12] CHR Extension: (Spreadshirt Designer for Google Drive) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\oomgjmhhemldplodpialfbafcidjaghm [2013-12-12] CHR Extension: (Click&Clean App) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-12-12] CHR Extension: (Bitdefender QuickScan) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-03] CHR Extension: (Math Arcade Games) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfodbdfdkebjhdklkkmnjojpfjkkoodd [2013-12-12] CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11] CHR Extension: (\) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe [2014-01-03] CHR Extension: (TTR) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpbbadbcckmfcbdhkbkegfgpdmoieji [2013-12-12] CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-04-11] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-25] (Adobe Systems) [File not signed] S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2013-12-26] (Box Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-06] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender) R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 TechZilla-MappedDrive.exe; C:\Program Files (x86)\TechZilla\tzCloud\tzCloud-MappedDrive.exe [126584 2013-04-03] (TechZilla) S3 TechZilla-Service.exe; C:\Program Files (x86)\TechZilla\tzCloud\tzCloud-Service.exe [126584 2013-04-03] (TechZilla) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-23] (Bitdefender) ==================== Drivers (Whitelisted) ==================== R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-23] (BitDefender LLC) R2 bdfsfltr; C:\windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [389240 2014-03-07] (BitDefender S.R.L.) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider) S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X] S3 SBIOSIO; \??\C:\Users\A\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 23:19 - 2014-07-07 23:20 - 00044358 _____ () C:\Users\A\Downloads\FRST.txt 2014-07-07 23:19 - 2014-07-07 23:20 - 00000000 ____D () C:\FRST 2014-07-07 23:18 - 2014-07-07 23:18 - 02084352 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe 2014-07-07 23:14 - 2014-07-07 23:14 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys 2014-07-07 23:11 - 2014-07-07 23:11 - 00000056 _____ () C:\windows\setupact.log 2014-07-07 23:11 - 2014-07-07 23:11 - 00000000 _____ () C:\windows\setuperr.log 2014-07-07 22:55 - 2014-07-07 23:15 - 00000000 ____D () C:\ProgramData\Spyware Terminator 2014-07-07 21:56 - 2014-07-07 22:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-07 21:54 - 2014-07-07 22:37 - 00000000 ____D () C:\Users\A\Desktop\mbar 2014-07-07 21:44 - 2014-07-07 21:44 - 00065232 _____ (Malwarebytes) C:\Users\A\Downloads\regassassin-setup-1.03.exe 2014-07-07 19:04 - 2014-07-07 19:04 - 00004427 _____ () C:\Users\A\Desktop\financialstatements_part2_multistepis_sse_corp.txt 2014-07-04 22:33 - 2014-07-04 22:36 - 141801528 _____ () C:\Users\A\Downloads\avira_free_antivirus_en.exe 2014-07-04 22:11 - 2014-07-04 22:14 - 91906368 _____ (AVAST Software) C:\Users\A\Downloads\avast_free_antivirus_setup.exe 2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieUserList 2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieSiteList 2014-07-04 20:35 - 2014-07-07 23:15 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator 2014-07-04 20:15 - 2014-07-04 20:15 - 05049344 _____ (Crawler.com ) C:\Users\A\Downloads\Spyware_Terminator_v3.0.0.82.exe 2014-07-01 22:50 - 2014-07-01 22:55 - 00000000 ____D () C:\Users\A\Desktop\2014-07 (Jul) 2014-07-01 15:18 - 2014-07-01 15:18 - 00002768 _____ () C:\Users\A\Documents\cc_20140701_151751.reg 2014-06-30 18:01 - 2014-07-07 22:57 - 00000000 ____D () C:\Users\A\AppData\Roaming\DropboxMaster 2014-06-30 17:55 - 2014-06-30 23:35 - 00000000 ____D () C:\Users\A\Desktop\Graphics 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Patterns Graphics 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Paper Beads 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Flourishes 2014-06-30 17:54 - 2014-06-30 17:54 - 00318944 _____ (Dropbox, Inc.) C:\Users\A\Downloads\DropboxInstaller.exe 2014-06-26 22:04 - 2014-06-26 22:06 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\A\Downloads\mbam_premium.exe 2014-06-26 15:39 - 2014-06-26 15:39 - 00000000 ____D () C:\Users\A\AppData\Local\{F2FB85EC-5EAD-4618-839F-F185828B2FA8} 2014-06-26 00:30 - 2014-06-26 00:31 - 00000000 ____D () C:\Users\A\Desktop\School 2014-06-26 00:30 - 2014-06-26 00:31 - 00000000 ____D () C:\Users\A\Desktop\C 2014-06-26 00:29 - 2014-06-18 15:14 - 00000030 _____ () C:\AVScanner.ini 2014-06-26 00:27 - 2014-07-07 15:59 - 00000000 ____D () C:\Users\A\Desktop\Business 2014-06-25 21:22 - 2014-06-25 21:22 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe 2014-06-25 16:44 - 2014-06-25 16:44 - 00000000 ___HD () C:\Users\A\.boxsync 2014-06-20 17:12 - 2014-06-20 17:10 - 00312728 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-06-20 17:11 - 2014-06-20 17:11 - 00000000 ____D () C:\Users\A\Documents\ProcAlyzer Dumps 2014-06-20 17:11 - 2014-06-20 17:10 - 00191384 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-06-20 17:11 - 2014-06-20 17:10 - 00190872 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-06-20 17:11 - 2014-06-20 17:10 - 00111000 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-06-20 17:10 - 2014-06-20 17:10 - 00000000 ____D () C:\Program Files\Java 2014-06-20 16:55 - 2014-06-20 16:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-06-20 16:54 - 2014-06-20 16:54 - 00001351 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-06-20 16:54 - 2014-06-20 16:54 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-06-20 16:54 - 2014-06-20 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-06-20 16:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2014-06-20 16:53 - 2014-06-20 17:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-20 16:53 - 2014-06-20 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-06-20 16:45 - 2014-06-20 16:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\A\Downloads\spybot-2.3.exe 2014-06-20 16:41 - 2014-06-20 16:42 - 34121112 _____ (Oracle Corporation) C:\Users\A\Downloads\Java_Runtime_Environment_(64bit)_v8.0.exe 2014-06-20 16:06 - 2014-06-20 16:06 - 00000832 _____ () C:\Users\A\Documents\'hosts'.txt 2014-06-20 15:22 - 2014-06-20 15:22 - 02837648 _____ (Emsisoft GmbH ) C:\Users\A\Downloads\Emsisoft_HiJackFree_v4.5.0.10.exe 2014-06-20 11:42 - 2014-07-07 22:53 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1827809378-912741919-3246080145-1001 2014-06-19 12:48 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-06-19 12:48 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll 2014-06-19 12:48 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-06-19 12:48 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2014-06-19 12:48 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-06-19 12:48 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-06-19 12:48 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-06-19 12:48 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-06-19 12:48 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-06-19 12:48 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-06-19 12:48 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2014-06-19 12:48 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-06-19 12:48 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll 2014-06-19 12:48 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-06-19 12:47 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-06-19 12:47 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-06-19 12:47 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-06-19 12:47 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-06-19 12:47 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-06-19 12:47 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-06-19 12:47 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-06-19 12:47 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-06-19 12:47 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-06-19 12:47 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-06-19 12:47 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-06-19 12:47 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-06-19 12:47 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-06-19 12:47 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-06-19 12:47 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-06-19 12:47 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-06-19 12:47 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-06-19 12:47 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-06-19 12:47 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 12:47 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-06-19 12:47 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-06-19 12:47 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-06-19 12:47 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-06-19 12:47 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-06-19 12:47 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-06-19 12:47 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-06-19 12:47 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-06-19 12:47 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-06-19 12:47 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-06-19 12:47 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-06-19 12:47 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-06-19 12:47 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-06-19 12:47 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-06-19 12:47 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-06-19 12:47 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-06-19 12:47 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-06-19 12:47 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 12:47 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-06-19 12:47 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-06-19 12:47 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-06-19 12:47 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-06-19 12:47 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-06-19 12:47 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-06-19 12:47 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-06-19 12:47 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-06-19 12:47 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-06-19 12:47 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-06-19 12:47 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-06-19 12:47 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-06-19 12:47 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-06-19 12:47 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-06-19 12:47 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-06-19 12:44 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-19 12:44 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-18 19:18 - 2014-06-28 14:43 - 00000000 ____D () C:\Users\A\AppData\Local\Windows Live 2014-06-18 19:18 - 2014-06-18 19:18 - 00000000 ____D () C:\Users\A\AppData\Local\{2E059732-D2A6-421C-96DC-39F4D6AD899C} 2014-06-18 19:16 - 2014-06-18 19:16 - 00000000 ____D () C:\Users\A\AppData\Local\{98B6B157-F632-46B9-9483-A082D3B3D835} 2014-06-18 14:22 - 2014-07-07 21:56 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-18 14:21 - 2014-07-07 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-18 14:21 - 2014-07-07 21:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-18 14:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-18 14:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-06-18 14:18 - 2014-06-18 14:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\A\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-17 19:39 - 2014-06-17 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-16 15:40 - 2014-06-16 15:40 - 00011908 _____ () C:\Users\A\Documents\cc_20140616_154004.reg 2014-06-16 15:34 - 2014-07-07 20:01 - 00000000 ____D () C:\Users\A\Desktop\ACCT 2014-06-16 15:33 - 2014-07-07 16:00 - 00000000 ____D () C:\Users\A\Desktop\BIOL 2014-06-16 15:33 - 2014-06-26 17:52 - 00000000 ____D () C:\Users\A\Desktop\READ 2014-06-16 15:31 - 2014-07-07 21:29 - 00000000 ____D () C:\Users\A\Desktop\LIT 2014-06-16 15:31 - 2014-07-07 15:57 - 00000000 ____D () C:\Users\A\Desktop\HLTH ==================== One Month Modified Files and Folders ======= 2014-07-07 23:20 - 2014-07-07 23:19 - 00044358 _____ () C:\Users\A\Downloads\FRST.txt 2014-07-07 23:20 - 2014-07-07 23:19 - 00000000 ____D () C:\FRST 2014-07-07 23:18 - 2014-07-07 23:18 - 02084352 _____ (Farbar) C:\Users\A\Downloads\FRST64.exe 2014-07-07 23:15 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Spyware Terminator 2014-07-07 23:15 - 2014-07-04 20:35 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator 2014-07-07 23:14 - 2014-07-07 23:14 - 00051496 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys 2014-07-07 23:11 - 2014-07-07 23:11 - 00000056 _____ () C:\windows\setupact.log 2014-07-07 23:11 - 2014-07-07 23:11 - 00000000 _____ () C:\windows\setuperr.log 2014-07-07 23:01 - 2014-01-15 19:13 - 01281535 ____N () C:\windows\WindowsUpdate.log 2014-07-07 22:57 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\A\AppData\Roaming\DropboxMaster 2014-07-07 22:57 - 2013-09-28 17:39 - 00000000 ___RD () C:\Users\A\Dropbox 2014-07-07 22:57 - 2013-09-28 17:16 - 00000000 ____D () C:\Users\A\AppData\Roaming\Dropbox 2014-07-07 22:57 - 2013-03-21 17:54 - 00000000 ____D () C:\Users\A\AppData\Local\Box Sync 2014-07-07 22:57 - 2009-07-13 21:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 22:57 - 2009-07-13 21:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 22:56 - 2009-07-13 22:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-07 22:53 - 2014-06-20 11:42 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1827809378-912741919-3246080145-1001 2014-07-07 22:53 - 2014-05-23 21:05 - 00003198 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1827809378-912741919-3246080145-1001 2014-07-07 22:53 - 2014-01-11 01:32 - 00000324 _____ () C:\windows\Tasks\GlaryInitialize 4.job 2014-07-07 22:53 - 2014-01-11 01:31 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4 2014-07-07 22:52 - 2013-06-11 18:35 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 22:52 - 2012-05-04 00:03 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-07-07 22:48 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-07 22:37 - 2014-07-07 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-07 22:37 - 2014-07-07 21:54 - 00000000 ____D () C:\Users\A\Desktop\mbar 2014-07-07 22:33 - 2012-08-23 16:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-07 22:28 - 2013-06-11 18:35 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-07 21:56 - 2014-06-18 14:22 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 21:52 - 2014-06-18 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-07 21:52 - 2014-06-18 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-07 21:52 - 2014-01-02 14:15 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-07 21:44 - 2014-07-07 21:44 - 00065232 _____ (Malwarebytes) C:\Users\A\Downloads\regassassin-setup-1.03.exe 2014-07-07 21:29 - 2014-06-16 15:31 - 00000000 ____D () C:\Users\A\Desktop\LIT 2014-07-07 20:01 - 2014-06-16 15:34 - 00000000 ____D () C:\Users\A\Desktop\ACCT 2014-07-07 19:04 - 2014-07-07 19:04 - 00004427 _____ () C:\Users\A\Desktop\financialstatements_part2_multistepis_sse_corp.txt 2014-07-07 17:59 - 2013-01-21 19:10 - 00000452 _____ () C:\windows\Tasks\KingSoft_2013121181014.job 2014-07-07 16:00 - 2014-06-16 15:33 - 00000000 ____D () C:\Users\A\Desktop\BIOL 2014-07-07 15:59 - 2014-06-26 00:27 - 00000000 ____D () C:\Users\A\Desktop\Business 2014-07-07 15:57 - 2014-06-16 15:31 - 00000000 ____D () C:\Users\A\Desktop\HLTH 2014-07-07 15:16 - 2012-05-04 00:03 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-07-04 22:36 - 2014-07-04 22:33 - 141801528 _____ () C:\Users\A\Downloads\avira_free_antivirus_en.exe 2014-07-04 22:14 - 2014-07-04 22:11 - 91906368 _____ (AVAST Software) C:\Users\A\Downloads\avast_free_antivirus_setup.exe 2014-07-04 21:43 - 2013-05-20 12:44 - 00000000 ____D () C:\windows\Minidump 2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieUserList 2014-07-04 20:37 - 2014-07-04 20:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieSiteList 2014-07-04 20:15 - 2014-07-04 20:15 - 05049344 _____ (Crawler.com ) C:\Users\A\Downloads\Spyware_Terminator_v3.0.0.82.exe 2014-07-04 19:53 - 2014-03-06 10:34 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-04 19:49 - 2014-01-15 19:12 - 00000000 ____D () C:\Users\A\AppData\Roaming\DiskDefrag 2014-07-01 22:55 - 2014-07-01 22:50 - 00000000 ____D () C:\Users\A\Desktop\2014-07 (Jul) 2014-07-01 17:02 - 2013-04-22 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2014-07-01 15:19 - 2014-01-16 15:46 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-01 15:18 - 2014-07-01 15:18 - 00002768 _____ () C:\Users\A\Documents\cc_20140701_151751.reg 2014-07-01 15:05 - 2013-12-11 21:45 - 00000000 ____D () C:\Users\A\AppData\Local\CrashDumps 2014-06-30 23:35 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Graphics 2014-06-30 18:01 - 2013-09-28 17:39 - 00001009 _____ () C:\Users\A\Desktop\Dropbox.lnk 2014-06-30 18:01 - 2013-09-28 17:18 - 00000000 ____D () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Patterns Graphics 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Paper Beads 2014-06-30 17:55 - 2014-06-30 17:55 - 00000000 ____D () C:\Users\A\Desktop\Flourishes 2014-06-30 17:54 - 2014-06-30 17:54 - 00318944 _____ (Dropbox, Inc.) C:\Users\A\Downloads\DropboxInstaller.exe 2014-06-28 14:43 - 2014-06-18 19:18 - 00000000 ____D () C:\Users\A\AppData\Local\Windows Live 2014-06-26 22:06 - 2014-06-26 22:04 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\A\Downloads\mbam_premium.exe 2014-06-26 21:00 - 2012-05-04 01:03 - 00000000 ____D () C:\windows\bg 2014-06-26 17:52 - 2014-06-16 15:33 - 00000000 ____D () C:\Users\A\Desktop\READ 2014-06-26 15:39 - 2014-06-26 15:39 - 00000000 ____D () C:\Users\A\AppData\Local\{F2FB85EC-5EAD-4618-839F-F185828B2FA8} 2014-06-26 00:31 - 2014-06-26 00:30 - 00000000 ____D () C:\Users\A\Desktop\School 2014-06-26 00:31 - 2014-06-26 00:30 - 00000000 ____D () C:\Users\A\Desktop\C 2014-06-25 21:22 - 2014-06-25 21:22 - 00000000 ____D () C:\Users\A\AppData\Local\Adobe 2014-06-25 16:44 - 2014-06-25 16:44 - 00000000 ___HD () C:\Users\A\.boxsync 2014-06-25 16:44 - 2012-08-23 14:08 - 00000000 ____D () C:\Users\A 2014-06-24 14:13 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache 2014-06-22 16:23 - 2013-06-11 18:35 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-22 16:23 - 2013-06-11 18:35 - 00003632 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-20 17:40 - 2014-06-20 16:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-20 17:11 - 2014-06-20 17:11 - 00000000 ____D () C:\Users\A\Documents\ProcAlyzer Dumps 2014-06-20 17:10 - 2014-06-20 17:12 - 00312728 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-06-20 17:10 - 2014-06-20 17:11 - 00191384 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-06-20 17:10 - 2014-06-20 17:11 - 00190872 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-06-20 17:10 - 2014-06-20 17:11 - 00111000 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-06-20 17:10 - 2014-06-20 17:10 - 00000000 ____D () C:\Program Files\Java 2014-06-20 17:00 - 2014-06-20 16:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-06-20 16:55 - 2014-06-20 16:55 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-06-20 16:54 - 2014-06-20 16:54 - 00001351 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-06-20 16:54 - 2014-06-20 16:54 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-06-20 16:54 - 2014-06-20 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-06-20 16:46 - 2014-06-20 16:45 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\A\Downloads\spybot-2.3.exe 2014-06-20 16:42 - 2014-06-20 16:41 - 34121112 _____ (Oracle Corporation) C:\Users\A\Downloads\Java_Runtime_Environment_(64bit)_v8.0.exe 2014-06-20 16:06 - 2014-06-20 16:06 - 00000832 _____ () C:\Users\A\Documents\'hosts'.txt 2014-06-20 15:22 - 2014-06-20 15:22 - 02837648 _____ (Emsisoft GmbH ) C:\Users\A\Downloads\Emsisoft_HiJackFree_v4.5.0.10.exe 2014-06-20 15:11 - 2012-05-04 01:04 - 00000000 ____D () C:\windows\es 2014-06-20 11:05 - 2013-08-14 03:02 - 00000000 ____D () C:\windows\system32\MRT 2014-06-20 10:51 - 2012-10-10 22:01 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-06-20 10:48 - 2012-08-23 19:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-20 10:44 - 2014-05-11 13:38 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-06-18 19:18 - 2014-06-18 19:18 - 00000000 ____D () C:\Users\A\AppData\Local\{2E059732-D2A6-421C-96DC-39F4D6AD899C} 2014-06-18 19:16 - 2014-06-18 19:16 - 00000000 ____D () C:\Users\A\AppData\Local\{98B6B157-F632-46B9-9483-A082D3B3D835} 2014-06-18 15:14 - 2014-06-26 00:29 - 00000030 _____ () C:\AVScanner.ini 2014-06-18 15:13 - 2012-08-23 16:53 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-06-18 15:13 - 2012-08-23 16:53 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-18 15:13 - 2012-08-23 16:53 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-06-18 14:55 - 2014-01-25 01:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 14:54 - 2012-05-04 01:04 - 00000000 ____D () C:\windows\he 2014-06-18 14:21 - 2012-08-29 12:10 - 00000000 ____D () C:\Users\A\AppData\Roaming\Malwarebytes 2014-06-18 14:21 - 2012-08-29 12:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-18 14:19 - 2014-06-18 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\A\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-17 20:51 - 2013-12-30 19:16 - 00000000 ____D () C:\Users\A\Box Sync 2014-06-17 19:40 - 2014-06-17 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-16 15:40 - 2014-06-16 15:40 - 00011908 _____ () C:\Users\A\Documents\cc_20140616_154004.reg 2014-06-16 15:38 - 2013-06-11 18:37 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-08 02:13 - 2014-06-19 12:44 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-08 02:08 - 2014-06-19 12:44 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll Files to move or delete: ==================== C:\Users\A\AppData\Roaming\options.ini C:\Users\A\AppData\Roaming\options_pdfcombine.ini C:\Users\A\AppData\Roaming\options_pdfrotator.ini C:\Users\A\AppData\Roaming\setup.ini C:\Users\A\AppData\Roaming\setup_pdfcombine.ini C:\Users\A\AppData\Roaming\setup_pdfrotator.ini Some content of TEMP: ==================== C:\Users\A\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg1l2ja.dll C:\Users\Admin\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin Test\AppData\Local\Temp\BullGuard Internet Security Setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 14:24 ==================== End Of Log ============================ Addition.txt
  13. Maybe I'm the only one facing this issue. I keep my PC very clean (IT Manager). I run SAS, CCLEANER, AVG, and MBAM regularly. Haven't been infected in years. (Note: I use the free version of MBAM so I'm not expecting help from tech support. I used to use the reg version at work and think the free version is adequate for my needs). So I run the aforementioned without issue and then MBAM which wants to update to the latest version. Sure no problem in 7 years. Now it does not work. Symptoms: Starts nice new interface. Hit update,,,, nice status bar rolling,,, closes. Try running a scan same thing. What I've tried so far (which is about everything). Note" same exact experience after each idea. 1. Remove MBAM reboot. Re-install, nope. 2. Remove MBAM reboot safe wn re-install. nope 3. Remove MBAM reboot run CCLEANER re-install. nope 4. Run MBAM Anti-Rootkit. nothing 5. Run TDSS-Killer. nothing 6. Windows update maybe a DLL or something, no updates. 7. WIN Firewall add all MBAM .exe. nope 8. Shutoff AVG remove and re-install, reboot. nope 9. Run RKILL. nothing 10. Smash head on KYBD, doesn't help. 11. Run MBAM removal, reboot into safe wn. no dice 12 Read every forum I can find. nothing really applies. 13. Post this message. Help if you can! I recommend my clients buy MBAM and have loved the program for over 8 years, I'm now thinking I've either got something nasty or MBAM is conflicting with something strange. Thanks to anyone who can help!
  14. I'm not sure how much to say on here as I don't want to leave myself vulnerable to further attacks. I'm really reporting this to Malwarebytes to stop this problem. I can't find nay reference to the Trojan file name or a key in my registry called Etkthion. I can't view the windows/current version/run and I think it's corrupted by tis malware. I get dllhosts.exe growing (you can see these in process explorer or task manager) and odd files appearing in my temp folder at the same time. No malware has stopped this though I do so manually, but it recurs. This one did find a Trojan Fake MS folder which made the scan crash but I deleted it myself. It was called idosivabdi.dat. There was also a decrypt instruction to a long strange website which I can't cut and pas I also get pop up warnings from Malwarebytes that a malicious website is being blocked, domain cd5c5s.com and two outgoing IPs 31.184.192.202/213 and through my dllhost.exe, process that lives in the Windows/systwow64 folder. I suspect a rootkit and am frustrated by the time wasted. if anyone posts some suggestions, please remember to explain what things are and what I am being asked to do. I am not prepared to allow third party access or posts logs etc here for security reasons. but I hope this information helps stop the website/hackers Why can't we cut and paste - this has been so laborious when I'd written it all out ready
  15. Okay, so I scan my laptop with Malwarebytes daily. Now yesterday, I bought a Dimm of 4 GB of RAM yesterday from a friend and installed it on my laptop. It started slow and then I started a Malwarebytes scan and my PC's screen went off and it wouldn't respond. Then I restarted it and after 5 minutes, I got a BSOD. I opened up the cover and got the RAM out, then everything was fine again. So I ran another scan and found nothing. Great c:. Now, I turned it off and today, I put the Dimm back in cause I wanted to see why didn't it work and it was okay, but I found that the RAM must be faulty and it would probably cause more issues in the future, so I removed it. I turned my computer back on and ran a scan to find that a file called portcls.sys was an Unknown.Rootkit.Driver (located in C:\WINDOWS\SYSTEM32\drivers\portcls.sys). Scan finished, I removed it, everything okay. I also ran Malware-Bytes Anti-Rootkit and found nothing. Now I read that portcls.sys works with Malwarebytes Anti-Malware PRO, so I want to know if this is just a false positive or if the file was corrupted and detected it as an Unknown.Rootkit.Driver or what was it. (Like I said before I run daily scans, I've never had any sort of serious infection on my computer, and I also have Avast! Free Antivirus since I don't have the PRO version of MBAM. I'm kind of paranoic with virus infections and I really hate them..).
  16. Hi all, Just this morning I typed in "gmail" into my google chrome bar, and it changed it to "gmail/" and redirected me to a different, unusual search engine. I've searched other things in the google chrome bar, and none of these illicit the same response. Just "gmail". Malwarebytes (free) can't find it, nothing seems to be able to find it. I even tried looking for TDSS or other suspicious rootkits manually. Here is my FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01 Ran by B**** (administrator) on **deleted** on 01-06-2014 19:48:03Running from C:\Users\B****\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe(Dropbox, Inc.) C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(Microsoft Corporation) C:\Windows\regedit.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google) C:\Users\Barbara\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe(Google Inc.) C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-06-20] (Synaptics Incorporated)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-06-20] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeHKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [Google Update] => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-02] (Google Inc.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentHKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-09] (Spotify Ltd)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-62187835-901079275-219626047-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-62187835-901079275-219626047-1000\...\MountPoints2: {5dd00ffe-1a4c-11e3-96a0-2c27d7af7769} - G:\HTC_Sync_Manager_PC.exeHKU\S-1-5-21-62187835-901079275-219626047-1000\...\MountPoints2: {f6e6cd79-c1b8-11e2-9944-2c27d7af7769} - G:\HTC_Sync_Manager_PC.exeStartup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7EB4E91B-1B7B-4DDB-B4D6-2F50D43ECEB5&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Barbara\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Barbara\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Barbara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Barbara\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Barbara\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: =======CHR HomePage: hxxp://www.att.net/CHR StartupUrls: "hxxp://www.att.net/"CHR Plugin: (Shockwave Flash) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.731.433.1_0\plugin/ace.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Barbara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Barbara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No FileCHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Barbara\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Chrome for a Cause) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfammmagchhaohncbhghoohcfoeckdi [2011-07-03]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]CHR Extension: (Stylish) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2012-09-09]CHR Extension: (XKit) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-06-06]CHR Extension: (Hola Better Internet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-07]CHR Extension: (Website Blocker (Beta)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-27]CHR Extension: (Where to delete an account) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpofkfbabpbbmchmiekfnlcgaedbgcf [2013-08-28]CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-07-02]CHR Extension: (Hangouts) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-06-29]CHR Extension: (Cath Kidston) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2012-08-23]CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]CHR Extension: (SiteBlock) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2012-08-23]CHR Extension: (Send from Gmail (by Google)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-10-22]CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01]CHR StartMenuInternet: Google Chrome - C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-08-29] (Symantec Corporation)R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-30] (BitDefender)R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-15] (Anchorfree Inc.)R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]U3 ufloqkog; \??\C:\Users\Barbara\AppData\Local\Temp\ufloqkog.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 19:48 - 2014-06-01 19:48 - 00026247 _____ () C:\Users\Barbara\Downloads\FRST.txt2014-06-01 19:47 - 2014-06-01 19:48 - 00000000 ____D () C:\FRST2014-06-01 19:47 - 2014-06-01 19:47 - 02067456 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe2014-06-01 19:14 - 2014-06-01 19:14 - 00380416 _____ () C:\Users\Barbara\Downloads\2x1q3i1y.exe2014-06-01 18:15 - 2014-06-01 18:15 - 00000000 ____D () C:\Windows\pss2014-06-01 17:51 - 2014-06-01 17:53 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Barbara\Downloads\iExplorer.exe.exe2014-06-01 17:43 - 2014-06-01 17:43 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-01 17:41 - 2014-06-01 17:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe2014-06-01 17:24 - 2014-06-01 18:23 - 00000112 _____ () C:\Windows\setupact.log2014-06-01 17:24 - 2014-06-01 17:24 - 00000000 _____ () C:\Windows\setuperr.log2014-06-01 17:08 - 2014-06-01 18:27 - 00049830 _____ () C:\Windows\WindowsUpdate.log2014-06-01 16:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-06-01 16:58 - 2014-06-01 17:02 - 00000000 ____D () C:\AdwCleaner2014-06-01 16:58 - 2014-06-01 16:58 - 01327971 _____ () C:\Users\Barbara\Downloads\AdwCleaner.exe2014-06-01 16:35 - 2014-06-01 16:35 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Barbara\Downloads\iExplore.exe2014-06-01 16:34 - 2014-06-01 16:34 - 00678768 _____ ( ) C:\Users\Barbara\Downloads\ZipSetup.exe2014-05-30 22:17 - 2014-05-30 22:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys2014-05-28 02:52 - 2014-05-28 02:52 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader2014-05-22 12:51 - 2014-05-23 21:36 - 00000000 ____D () C:\Users\Barbara\Documents\The Shattered Medallion2014-05-21 15:16 - 2014-05-21 15:16 - 00000055 _____ () C:\Users\Barbara\Desktop\xmas 2014.txt2014-05-11 22:44 - 2014-05-11 22:44 - 02852352 _____ () C:\Users\Barbara\Downloads\katiescellcyclepresentation.ppt2014-05-11 22:23 - 2014-05-11 22:23 - 09714578 _____ () C:\Users\Barbara\Downloads\Exam 3 study slide set B.pptx2014-05-11 22:16 - 2014-05-11 22:17 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A (1).pptx2014-05-11 21:42 - 2014-05-11 21:43 - 13560576 _____ () C:\Users\Barbara\Downloads\cell cycle and apop with notes.pptx2014-05-11 21:42 - 2014-05-11 21:42 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C (1).ppt2014-05-11 20:24 - 2014-05-11 20:24 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C.ppt2014-05-11 20:05 - 2014-05-11 20:05 - 05279744 _____ () C:\Users\Barbara\Downloads\Exam 4 slide set B.ppt2014-05-11 17:53 - 2014-05-11 17:53 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A.pptx2014-05-06 22:23 - 2014-06-01 18:25 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DropboxMaster ==================== One Month Modified Files and Folders ======= 2014-06-01 19:49 - 2011-07-02 02:34 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Temp2014-06-01 19:48 - 2014-06-01 19:48 - 00026247 _____ () C:\Users\Barbara\Downloads\FRST.txt2014-06-01 19:48 - 2014-06-01 19:47 - 00000000 ____D () C:\FRST2014-06-01 19:47 - 2014-06-01 19:47 - 02067456 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe2014-06-01 19:22 - 2011-07-02 02:45 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA.job2014-06-01 19:14 - 2014-06-01 19:14 - 00380416 _____ () C:\Users\Barbara\Downloads\2x1q3i1y.exe2014-06-01 18:31 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-01 18:31 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-01 18:27 - 2014-06-01 17:08 - 00049830 _____ () C:\Windows\WindowsUpdate.log2014-06-01 18:25 - 2014-05-06 22:23 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DropboxMaster2014-06-01 18:25 - 2014-04-17 01:20 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Htc2014-06-01 18:25 - 2011-11-02 22:37 - 00000000 ___RD () C:\Users\Barbara\Dropbox2014-06-01 18:25 - 2011-11-02 22:36 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Dropbox2014-06-01 18:23 - 2014-06-01 17:24 - 00000112 _____ () C:\Windows\setupact.log2014-06-01 18:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-01 18:15 - 2014-06-01 18:15 - 00000000 ____D () C:\Windows\pss2014-06-01 17:53 - 2014-06-01 17:51 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Barbara\Downloads\iExplorer.exe.exe2014-06-01 17:44 - 2014-04-14 00:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-06-01 17:43 - 2014-06-01 17:43 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-06-01 17:43 - 2014-04-14 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-06-01 17:42 - 2014-06-01 17:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe2014-06-01 17:24 - 2014-06-01 17:24 - 00000000 _____ () C:\Windows\setuperr.log2014-06-01 17:05 - 2013-11-26 14:27 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBarbara.job2014-06-01 17:02 - 2014-06-01 16:58 - 00000000 ____D () C:\AdwCleaner2014-06-01 16:58 - 2014-06-01 16:58 - 01327971 _____ () C:\Users\Barbara\Downloads\AdwCleaner.exe2014-06-01 16:35 - 2014-06-01 16:35 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Barbara\Downloads\iExplore.exe2014-06-01 16:34 - 2014-06-01 16:34 - 00678768 _____ ( ) C:\Users\Barbara\Downloads\ZipSetup.exe2014-06-01 16:11 - 2013-11-26 14:27 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBarbara2014-06-01 16:10 - 2012-04-22 18:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-01 16:10 - 2011-07-03 16:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-01 00:12 - 2009-07-14 01:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-31 23:11 - 2011-07-02 02:39 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0ADAF099-8859-4AA8-BC6C-768B072FE125}2014-05-31 17:22 - 2011-07-02 02:45 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core.job2014-05-31 03:22 - 2011-07-02 03:09 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype2014-05-30 22:17 - 2014-05-30 22:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys2014-05-30 16:15 - 2013-07-11 02:22 - 00001456 _____ () C:\Users\Barbara\AppData\Local\Adobe Save for Web 13.0 Prefs2014-05-28 20:17 - 2013-08-03 23:13 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Flvto Youtube Downloader2014-05-28 03:20 - 2013-08-03 23:14 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\FlvtoConverter2014-05-28 02:52 - 2014-05-28 02:52 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader2014-05-28 02:36 - 2013-07-28 00:34 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Audacity2014-05-26 03:15 - 2012-02-09 20:08 - 00000000 ____D () C:\Windows\Minidump2014-05-25 00:35 - 2011-11-02 22:36 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-25 00:35 - 2011-07-02 02:39 - 00000000 ___RD () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-23 21:36 - 2014-05-22 12:51 - 00000000 ____D () C:\Users\Barbara\Documents\The Shattered Medallion2014-05-22 19:39 - 2011-07-02 02:46 - 00002376 _____ () C:\Users\Barbara\Desktop\Google Chrome.lnk2014-05-22 12:32 - 2012-12-26 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive2014-05-22 12:32 - 2012-12-26 00:28 - 00000000 ____D () C:\Program Files (x86)\Her Interactive2014-05-21 17:23 - 2012-11-05 10:29 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Mozilla2014-05-21 15:16 - 2014-05-21 15:16 - 00000055 _____ () C:\Users\Barbara\Desktop\xmas 2014.txt2014-05-21 13:22 - 2011-08-12 16:42 - 00000000 ____D () C:\Users\Barbara\AppData\Local\CrashDumps2014-05-19 02:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-12 07:26 - 2014-04-14 00:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-04-14 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-02-27 14:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 22:44 - 2014-05-11 22:44 - 02852352 _____ () C:\Users\Barbara\Downloads\katiescellcyclepresentation.ppt2014-05-11 22:23 - 2014-05-11 22:23 - 09714578 _____ () C:\Users\Barbara\Downloads\Exam 3 study slide set B.pptx2014-05-11 22:17 - 2014-05-11 22:16 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A (1).pptx2014-05-11 21:43 - 2014-05-11 21:42 - 13560576 _____ () C:\Users\Barbara\Downloads\cell cycle and apop with notes.pptx2014-05-11 21:42 - 2014-05-11 21:42 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C (1).ppt2014-05-11 20:24 - 2014-05-11 20:24 - 07866880 _____ () C:\Users\Barbara\Downloads\Exam 4 study slide set C.ppt2014-05-11 20:05 - 2014-05-11 20:05 - 05279744 _____ () C:\Users\Barbara\Downloads\Exam 4 slide set B.ppt2014-05-11 17:53 - 2014-05-11 17:53 - 10750209 _____ () C:\Users\Barbara\Downloads\exam 4 study slide set A.pptx2014-05-11 17:17 - 2011-07-02 02:45 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA2014-05-11 17:17 - 2011-07-02 02:45 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core Some content of TEMP:====================C:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumop6y.dllC:\Users\Barbara\AppData\Local\Temp\ICReinstall_ZipSetup.exeC:\Users\Barbara\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-14 17:36 ==================== End Of Log ============================ Here is the Additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01Ran by Barbara at 2014-06-01 19:49:30Running from C:\Users\B*****\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)Adobe Help Center 2.1 (x32 Version: 2.1 - Adobe Systems) HiddenAdobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)Adobe Photoshop Elements 5.0 (x32 Version: 5.0 - Adobe Systems Inc.) HiddenAdobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) HiddenAmazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) HiddenBBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenContentHD (x32 Version: 1.00.0002 - Corel Corporation) HiddenContents (x32 Version: 1.6.2.36 - Corel Corporation) HiddenCorel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.36 - Corel Corporation)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.5.1.3908 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A606DAFB-9991-4C9F-9348-E04B5237DEB9}) (Version: - Microsoft)DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) HiddenDiner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFlvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.3.6 - Hotger)Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) HiddenHP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)ICA (x32 Version: 1.6.2.36 - Corel Corporation) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) HiddenIPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) HiddenJavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) HiddenMicrosoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMLE (x32 Version: 1.0.0.23 - Corel Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenNamco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNancy Drew: Ghost of Thornton Hall (HKLM-x32\...\{93C2CDF6-6072-4EF7-8F19-B601E92C9795}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Deadly Device (HKLM-x32\...\{BCD434CF-447A-42A8-A4C3-D929fE776EFD}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Shattered Medallion (HKLM-x32\...\{7AD29F31-9DFD-43A4-8172-92F7F1CDB21A}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: The Silent Spy (HKLM-x32\...\{35B438BB-E18B-4FD9-8D56-50BA90C11A71}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Nancy Drew: Tomb of the Lost Queen (HKLM-x32\...\{9850BE9B-BC00-437F-B229-1F982D8CA2BF}) (Version: 8.0.0.30162 - Her Interactive, Inc.)Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.27.0 - NortonLive Services)Origin (HKLM-x32\...\Origin) (Version: 8.2.1.458 - Electronic Arts, Inc.)PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) HiddenPenguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPureHD (x32 Version: 1.6.2.36 - Corel Corporation) HiddenQuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) HiddenRoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)Setup (x32 Version: 1.6.2.36 - Corel Corporation) HiddenShare (x32 Version: 1.6.2.36 - Corel Corporation) HiddenShare64 (Version: 1.6.2.36 - Corel Corporation) HiddenSkype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) HiddenSmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) HiddenSmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) HiddenSpotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)Synctunes Desktop (HKLM-x32\...\{48C16095-BE15-48C7-9F13-FF2242587AEB}) (Version: 1.1.2 - The Bit Studio)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C06ABC7E-8923-4BB1-A7A2-197F5A3E0973}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{06ABCB4E-77D8-4420-B2EA-EF51558DBFD1}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenValidity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)VIO (x32 Version: 1.6.2.36 - Corel Corporation) HiddenVirtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenVSClassic (x32 Version: 1.6.2.36 - Corel Corporation) HiddenVSPro (x32 Version: 1.6.2.36 - Corel Corporation) HiddenWheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) HiddenZuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 22-02-2014 04:56:27 Windows Update25-02-2014 19:09:57 Removed Microsoft Security Client17-04-2014 04:05:34 Installed Asoftech Data Recovery17-04-2014 05:19:15 Installed HTC Sync.22-05-2014 16:31:04 Installed Nancy Drew: The Shattered Medallion ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0EDBC0C7-443F-4E15-B85A-EF6EA324AB54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)Task: {2A064A68-FE96-403C-BF0C-1690FF52E82E} - System32\Tasks\hpwebreg_CN1573D5GV05HX => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)Task: {3121CAA5-5FF7-4353-B38F-55D1238F3C3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {36117B9B-7D3C-4A88-9CD9-61ED01DCECCB} - System32\Tasks\{551E7B5C-33E8-4734-8C75-4B653422D609} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {46EFB781-5E9B-4C28-9616-0059FF73C93F} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)Task: {4B5F041D-2D59-4F4E-9D31-30E253AED09A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {55AF6FCB-3218-436A-908B-E48F0B7C5B5C} - System32\Tasks\{B6D2DE9B-C363-46E3-B229-01829EB74E1E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)Task: {5E5E6AF1-D61C-4004-882F-5A8DA6826CF2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-62187835-901079275-219626047-1000Task: {63F2DA8E-3BE1-4AA1-8D00-A325784A5911} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {6D333045-DBF2-48D0-96CF-1C295085B8D7} - System32\Tasks\HPCeeScheduleForBarbara => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {6E42BF49-1D54-4029-8902-5700DE05EFA7} - System32\Tasks\{3A16B48E-ACA8-43D7-BDC3-F58EBBDC953E} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {7211BB8F-E01C-424B-B492-3E8EB3426836} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()Task: {765BFC67-19D8-479E-B2C2-829177C8858C} - System32\Tasks\{1AE01EC4-C95C-47E9-B379-5826B429B646} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeTask: {7ABBBB2D-B596-49E8-BA1D-6A55EA14EAD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-27] (Microsoft)Task: {80FC50FE-EBF3-4D99-BF00-1E43CDC60532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)Task: {B24E1BFC-8E4B-47A0-8580-B165DC8EED2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {D9EE2D56-05D5-4B86-A76E-3A5DD5218C1B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)Task: {DB8FBF68-F383-464E-AFFF-F8E813BE4D2D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)Task: {E23C2C55-BB6B-4371-ADCA-509B79BA8010} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000Core.job => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-62187835-901079275-219626047-1000UA.job => C:\Users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForBarbara.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\hpwebreg_CN1573D5GV05HX.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-25 15:27 - 2013-03-19 13:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll2014-02-25 15:27 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe2011-06-21 23:09 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00651264 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe2010-06-24 05:21 - 2010-06-24 05:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll2014-06-01 18:25 - 2014-06-01 18:25 - 00043008 _____ () c:\users\barbara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumop6y.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Barbara\AppData\Roaming\Dropbox\bin\libcef.dll2011-05-26 16:42 - 2011-05-26 16:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll2012-04-17 15:05 - 2012-04-17 15:05 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll2012-04-17 15:05 - 2012-04-17 15:05 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll2013-06-20 22:54 - 2013-06-20 22:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3207ec5d29347a1f980dc373d64236c9\IsdiInterop.ni.dll2011-06-21 23:09 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00716616 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00126280 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-22 19:39 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-22 19:39 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-22 19:39 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-05-18 19:18 - 1980-01-01 01:00 - 00181760 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.507.433.1_0\plugin\ace.dll2014-05-22 19:39 - 2014-05-13 19:40 - 13695816 _____ () C:\Users\Barbara\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Barbara\Downloads\2x1q3i1y.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\adr.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\AdwCleaner.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\FRST64.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\FYDLoad.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\iExplore.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\iExplorer.exe.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\mbam-setup-2.0.2.1012.exe:BDUAlternateDataStreams: C:\Users\Barbara\Downloads\ZipSetup.exe:BDU ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/01/2014 06:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 03:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 00:06:43 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2014 04:42:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 10:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 00:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2014 06:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (06/01/2014 06:58:43 PM) (Source: BROWSER) (EventID: 8032) (User: )Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5F688659-9F42-4AD9-9BD7-5519E05A25CF}.The backup browser is stopping. Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (06/01/2014 05:14:25 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions:=========================Error: (06/01/2014 06:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 03:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2014 00:06:43 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2014 04:42:46 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 10:09:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 00:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/29/2014 06:36:55 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 68%Total physical RAM: 4043.86 MBAvailable physical RAM: 1288.26 MBTotal Pagefile: 8085.91 MBAvailable Pagefile: 4623.39 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.2 GB) (Free:303.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1A3F0DFB)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  17. I ran the rootkit and it found some issues. I quarantined them. It then restarted my computer. It comes up and I sign in. But when Windows tries to run it just shows a black screen and never comes up. I can move the mouse pointer but that's it. When I click the power button it says "Shutting Down" as it would with a regular shut down. Anything I can do?
  18. i dont know what might happend. today i turn on pc (after some restarts/resets because my monitor is broken it seems) and saw this: http://prntscr.com/3g6bhwi'm using version Malwarebytes Anti-Malware 2.0.1.1004 build date 3.4.2014 i cannot do scan, i cannot load Malware Exclusions tab list, Web exclusions list if i click Scan, the first tier: Pre-Scan Operations: Working is running infinite time it cannot go on to other lvl of diagnostic., i tried to uninstall, then install again but nothing changed i dont know what happend please help important
  19. HELP I have some kind of WinNT DOS IME Rootkit (Boot) Virus?? Not sure exactly but it switches RightToLeft and embedds everything on my computer into binary, stores it then uploads it when it does get online. Which is not often. It spreads like wildfire and took out the computer at the local repair shop in less than a minute. I have 5 computers all useless from this. Also I'm missing 25 gigs from my 500 gig hard drivewhich used to be 496 or something...now when reformatting it the maxium amount of space is 465gigs?? What it does (after a complete wipe/reformat/reinstall of Vista from the original CD) is slowly takes over my computer to the point of just being useless. Starts with something small like no right click or notepad will have no application associated with it. My fonts start getting smaller, my drivers will be replaced by generic ones. The keyboard will get assigned a different character set making it impossible to type. The mouse will become inverted sometimes left moves right & top moves bottom. There are unexpected screen flashes, sudden power and fan surges, reboots, denied access to folders, missing folders, mismatched fonts/buttons/colors on programs & desktop. It kills the screen resolution, sound, drivers, other programs, and just basicly disables everything, After about 5 hours (after a complete reformat/reinstall) the computer will barely work at all **UNLESS IT IS ONLINE~~ Then the harddrive is SCREAMING and I presume uploading my files like crazy..meanwhile my mouse keyboard and desktop barely function All(5) computers are toast. I have tried **SEVERAL** Antivirus programs. And always get the same result. It work for just for a little bit, then the trouble comes right back. It seems to replicate thousands of hidden random .dll .inf .ini .jtp .fx .pif .sfx .ocx files and anything with "32" in the name that KINDA seem important. I can only delete a few of them and they pop right back in seconds. There seems to be a large amount of protected folders too like "JINTLGNT" "CINTLGNT" "IMEJP10" "imjptk" "Unicode" The C:\System Volume Information contains HIDDEN PARTITIONS, devices, folders,restore pionts so the virus just returns. ALso I keep noticing (only from the CMD window) that a lot of folders now have either one or two extra dots "." or a \ before or after the name...maybe this is normal?? I used "Peek" to inspect a file and noticed this... "December November October September August July June April March February January" - the months of the year in reverse -and each letter was double spaced -but MAY was missing?? HUH??? I have used (not at the same time of course) the following Anti-virus Programs: Nortons, Avast, Malwarebytes/mbar/chameleon/regassassin, Sophos, Fileassassin, TDSS-RootKitKiller, FSS.exe/Aut2Exe, RKill.com, Emsisoft, Windows Defender, SilverLight, MrT, ComboFix, Secunia PSI, PandaCloud/Panda USB, DIY DataRecovery MBRtool, Webroot SafeCore, IOBitMalware, KasperskyLabs, Along with several MBR/Boot pgms: PowerQuestBOOT32,PARTINNT, KillDiskSuite, Raxco REGISTRY CLEANER, File Scavenger, CWShredder, AShampooCoreTuner, Core Tuner, IOLO System Mechanic, NCXpress, PrivacyGuardian, PeerBlock, PerfectDisk. And regularly use a few general purpose cleaners: Wise Disk Cleaner, Piniform CCsetup, ZoneAlarm, RegistryNuke, DriverDetective, PSIAlog and Peek to look at stuff...not to mention ANY Dell/HP/Compaq/Gateway programs from the install CD's. Always get the same outcome they find lots of problems then suddenly freeze or reboot. When it is really bad some of the CD's even refuse to spin or eject!! I always have to do a total reformat and reinstall just to get gack up and running. I have Windows XP SP3 (32bit), and Vista SP2 (64bit) with all the updates (but I doubt that they really installed correctly.) Nothing seems to work more than once. the programs SEEM to remove something during the repair. After a reboot ...the program fails as it loads, or when you run it.
  20. I have been trying to run the ant rootkit on my desktop and everytime I do so I get a pop up that says the volume is inaccessible or encrypted. I'm not sure if it is anything major but I want to check it out anyway. I have attached the log files from the DDS. Please let me know if there is anything nasty in there I need to address. Thanks! attach.txt dds.txt
  21. Just recently, I have caught this absurd rootkit that kept my host proccessor continuously playing ads. So far, I've noticed that some people in the forums have the same problem, but I would like a personal help with this. I have done a quick scan and a full scan of my computer using Malware Bytes but found nothing. I do not have any logs yet because I am quite new to this program and I just started using it.
  22. Hi, i just installed AVG 2014 (30 day free trial) to my laptop and did a scan. It found 3 rootkits which are named Threat: Service function NtMapViewOfSection hook -> 0xFFFFFFFF8782F280 Severity: Medium State: Infected Threat: Service function NtCreateThreadEx hook -> 0xFFFFFFFF878517A0 Severity: Medium State: Infected Threat: Service function NtalpcConnectPort hook -> 0xFFFFFFFF869E5428 Severity: Medium State: Infected with a red X next to them. When I click them to remove the remove selected button doesn't work. I did a quick scan with MBAM and it said 0 threats. I then did a full scan and it found 36 threats, but they were all PUPs which I deleted. I did a specific rootkit scan after that with AVG and it found the same 3 rootkits again. Do these need to be removed and if so how? Thanks for reading.
  23. been cleaning a very infected laptop for my inlaws and run int a pop up while starting MBAR appinit_dlls here are the following required docs dds.txt attach.txt AutoRuns.zip
  24. I'm at my wit's end. I can't remember all that I've tried but one of your recommended programs originally found indications of Zero Access. Nothing was found after stepping through a number of solutions but the problem persists. My last attempt was a system recovery but the problem remains. The CPU usage spikes rapidly and it attempts network access repeatedly. I booted the system into Safe Mode and no problems. I am reporting this from my 64-bit desktop while leaving the 32-bit problem-child laptop in Safe Mode. dds.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by Kath at 13:10:34 on 2013-11-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.2555 [GMT -4:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60 mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe mRun: [ConexantAudioPatch] c:\program files\conexantaudiopatch\Audioreset.exe mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{CEB858C1-B02E-41CC-B58A-AD5855C66673} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP . ============= SERVICES / DRIVERS =============== . R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216] S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-11-15 37352] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-11-15 440376] S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-11-15 440376] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-11-15 90400] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448] S2 taisregispinger;taisregispinger;c:\program files\toshiba\toshibaregistration\TaisRegistPinger.exe [2009-8-31 210304] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-15 108032] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712] S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2013-11-15 24064] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-15 14848] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-6-20 1117800] S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2013-11-15 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960] S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-15 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-15 1343400] . =============== Created Last 30 ================ . 2013-11-17 15:51:45 -------- d-----w- c:\users\kath\appdata\local\Apps 2013-11-17 15:20:57 -------- d-----w- c:\users\kath\appdata\local\ElevatedDiagnostics 2013-11-17 14:38:15 -------- d-----w- c:\users\kath\appdata\local\Microsoft Games 2013-11-16 13:20:11 -------- d-----w- c:\users\kath\appdata\local\Realtime Soft 2013-11-16 13:18:03 -------- d-----w- c:\users\kath\appdata\roaming\Realtime Soft 2013-11-16 13:18:00 -------- d-----w- c:\program files\common files\Realtime Soft 2013-11-16 13:17:59 -------- d-----w- c:\programdata\Realtime Soft 2013-11-16 13:17:59 -------- d-----w- c:\program files\UltraMon 2013-11-16 04:35:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-11-16 04:34:01 -------- d-----w- c:\users\kath\appdata\local\Microsoft Help 2013-11-16 04:10:03 317440 ----a-w- c:\windows\system32\spoolsv.exe 2013-11-16 04:10:02 2616320 ----a-w- c:\windows\explorer.exe 2013-11-16 04:10:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-11-16 03:42:28 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-16 03:42:28 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-16 03:42:27 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-16 03:42:27 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-16 03:42:27 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-16 03:42:27 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-16 03:42:27 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-16 02:27:35 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-11-16 02:25:32 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-11-16 02:17:50 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-11-16 02:08:32 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-11-16 02:07:56 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-11-16 02:07:56 101720 ----a-w- c:\windows\system32\consent.exe 2013-11-16 02:07:38 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-11-16 02:07:35 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-11-16 01:14:16 -------- d-----w- c:\windows\system32\SPReview 2013-11-16 01:13:06 -------- d-----w- c:\windows\system32\EventProviders 2013-11-16 00:43:23 -------- d-----w- c:\users\kath\appdata\local\Adobe 2013-11-16 00:36:42 -------- d-----w- c:\programdata\Oracle 2013-11-16 00:36:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-11-15 23:25:39 -------- d-----w- c:\programdata\APN 2013-11-15 22:18:47 -------- d-----w- c:\users\kath\appdata\roaming\Avira 2013-11-15 22:12:31 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-11-15 22:12:31 67680 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-11-15 22:12:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-11-15 22:12:26 -------- d-----w- c:\programdata\Avira 2013-11-15 22:12:26 -------- d-----w- c:\program files\Avira 2013-11-15 21:55:59 98816 ----a-w- c:\windows\system32\Robocopy.exe 2013-11-15 21:39:04 1699328 ----a-w- c:\windows\system32\esent.dll 2013-11-15 21:39:04 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys 2013-11-15 21:39:03 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys 2013-11-15 21:39:03 74240 ----a-w- c:\windows\system32\fsutil.exe 2013-11-15 21:39:03 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2013-11-15 21:39:03 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys 2013-11-15 21:39:03 148864 ----a-w- c:\windows\system32\drivers\storport.sys 2013-11-15 21:39:03 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys 2013-11-15 19:21:14 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-11-15 19:21:14 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-11-15 19:20:49 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-11-15 19:20:49 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-11-15 19:20:49 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-11-15 19:20:49 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-11-15 19:20:49 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-11-15 19:20:49 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-11-15 19:20:48 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-11-15 19:20:21 5120 ----a-w- c:\windows\system32\wmi.dll 2013-11-15 19:20:21 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-11-15 19:20:21 159232 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-15 19:12:17 -------- d-----w- c:\windows\system32\Wat 2013-11-15 18:58:09 -------- d-----w- c:\program files\ConexantAudioPatch 2013-11-15 18:56:10 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys 2013-11-15 18:52:25 24576 ----a-w- c:\windows\system32\TSCI.dll 2013-11-15 18:52:25 24576 ----a-w- c:\windows\system32\THCI.dll 2013-11-15 18:50:54 -------- d-----w- c:\program files\Realtek 2013-11-15 18:49:48 -------- d-----w- c:\windows\system32\Atheros_L1e 2013-11-15 18:49:39 -------- d-----w- c:\program files\Synaptics 2013-11-15 18:48:07 -------- d-----w- c:\program files\Realtek WLAN Driver 2013-11-15 18:47:18 -------- d-----w- c:\program files\CONEXANT 2013-11-15 18:43:36 -------- d-----w- c:\windows\system32\Lang 2013-11-15 18:43:35 1002008 ----a-w- c:\windows\system32\igxpun.exe 2013-11-15 18:40:53 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-11-15 18:30:52 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2013-11-15 18:30:52 32592 ----a-w- c:\windows\system32\msonpmon.dll 2013-11-15 18:27:42 -------- d-----w- c:\windows\system32\MRT 2013-11-15 18:25:20 542208 ----a-w- c:\windows\system32\kerberos.dll 2013-11-15 18:23:55 741376 ----a-w- c:\windows\system32\inetcomm.dll 2013-11-15 18:22:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-11-15 18:22:56 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2013-11-15 18:22:56 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2013-11-15 18:22:53 769024 ----a-w- c:\windows\system32\localspl.dll 2013-11-15 18:22:53 30208 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll 2013-11-15 18:22:50 31232 ----a-w- c:\windows\system32\prevhost.exe 2013-11-15 18:22:49 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-11-15 18:22:48 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2013-11-15 18:22:48 145920 ----a-w- c:\windows\system32\cfgmgr32.dll 2013-11-15 18:22:46 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2013-11-15 18:12:15 107520 ----a-w- c:\windows\system32\cdd.dll 2013-11-15 18:05:50 -------- d-----w- c:\users\kath\appdata\local\TOSHIBA_Corporation 2013-11-15 18:04:37 826880 ----a-w- c:\windows\system32\rdpcore.dll 2013-11-15 18:04:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-11-15 18:04:37 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys 2013-11-15 17:54:46 2422272 ----a-w- c:\windows\system32\wucltux.dll 2013-11-15 17:54:38 88576 ----a-w- c:\windows\system32\wudriver.dll 2013-11-15 17:54:31 33792 ----a-w- c:\windows\system32\wuapp.exe 2013-11-15 17:54:31 171904 ----a-w- c:\windows\system32\wuwebv.dll 2013-11-15 17:27:43 -------- d-----w- c:\users\kath\appdata\local\Diagnostics 2013-11-15 16:25:59 -------- d-----w- c:\users\kath\appdata\local\Google 2013-11-15 16:24:44 -------- d-----w- c:\users\kath\appdata\local\Toshiba 2013-11-15 16:23:18 17 --sh--r- c:\windows\system32\drivers\fbd.sys . ==================== Find3M ==================== . 2013-11-16 02:27:07 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-16 01:41:23 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll 2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll 2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll 2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll 2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe 2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll 2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll 2013-09-03 18:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll 2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll . ============= FINISH: 13:11:40.24 =============== attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/15/2013 12:22:22 PM System Uptime: 11/17/2013 12:55:59 PM (1 hours ago) . Motherboard: TOSHIBA | | Satellite T135 Processor: Genuine Intel® CPU U4100 @ 1.30GHz | U2E1 | 1296/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 289 GiB total, 259.114 GiB free. D: is FIXED (NTFS) - 60 GiB total, 59.396 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP28: 11/15/2013 9:14:07 PM - Windows 7 Service Pack 1 RP29: 11/15/2013 10:19:33 PM - Windows Update RP30: 11/15/2013 11:42:36 PM - Windows Update RP31: 11/16/2013 12:10:09 AM - Windows Update RP33: 11/16/2013 12:33:21 AM - Installed Microsoft Office Enterprise 2007 RP34: 11/16/2013 9:17:42 AM - Installed UltraMon RP35: 11/16/2013 11:21:34 AM - Fresh install with applications RP36: 11/16/2013 1:11:40 PM - Adobe Flash . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Reader 9.2 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Avira Free Antivirus Compatibility Pack for the 2007 Office system Conexant HD Audio Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java 7 Update 45 Java Auto Updater Junk Mail filter update Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MyToshiba PlayReady PC Runtime x86 Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Spelling Dictionaries Support For Adobe Reader 9 Synaptics Pointing Device Driver Toshiba Application and Driver Installer TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA PC Health Monitor Toshiba Quality Application TOSHIBA Recovery Media Creator TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA USB Sleep and Charge Utility TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration UltraMon Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 11/17/2013 12:57:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 11/17/2013 12:57:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 11/17/2013 12:56:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/17/2013 12:56:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/17/2013 12:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/17/2013 12:56:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/17/2013 12:56:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/17/2013 12:56:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/17/2013 12:56:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2013 12:56:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2013 10:50:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/17/2013 1:09:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/16/2013 8:13:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 11/16/2013 10:18:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3. 11/15/2013 9:53:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible. 11/15/2013 3:08:35 PM, Error: Service Control Manager [7023] - 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2786400). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2749655). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB975467). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2840149). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2808735). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2807986). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2758857). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2644615). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2536275). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2503665). 11/15/2013 3:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2347290). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2799926). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2563227). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2506928). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2770660). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2769369). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2510531). 11/15/2013 3:05:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2729451). 11/15/2013 3:05:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2813170). 11/15/2013 3:05:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB977074). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2762895). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2661254). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2545698). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982665). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982132). 11/15/2013 3:05:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2423089). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980408). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2660075). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2685939). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2579686). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2305420). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Update for Media Center for Windows 7 (KB2284742). 11/15/2013 3:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB980846). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2761217). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB982799). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB978542). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2813347). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2719985). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2660649). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2655992). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2564958). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2536276). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2535512). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2419640). 11/15/2013 3:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2736418). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB974431). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2729094). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2726535). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2547666). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB979482). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB972270). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2790655). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2757638). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2698365). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2676562). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2659262). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2544893). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2491683). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2387149). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2378111). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2296011). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656410). 11/15/2013 3:05:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656355). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2732500). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2703157). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2699779). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2522422). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2511250). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for User-Mode Driver Framework version 1.11 for Windows 7 (KB2685813). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 (KB2685811). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB977165). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2743555). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2705219). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2631813). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2619339). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2570947). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2789644). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598). 11/15/2013 3:05:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2817183). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2773072). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2741355). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2488113). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 (KB2484033). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2690533). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2667402). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2654428). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2653956). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2585542). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2560656). 11/15/2013 3:05:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2483614). 11/15/2013 10:53:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2834140). . ==== End Of File ===========================
  25. I wanted to get a second opinion from you guys on some results from the Malwarebytes Anti-Rootkit scanner we have used on several Windows machines on our network. We noticed some issues with odd behavior on our network, and got them cleaned up we believe for the most part with MSE and Malwarebytes Malware Scanner (not mbar). To be extra thorough we decided to scan some of the Windows servers with the MWB Anti-Rootkit scanner for extra assurance. We found a handful of computers with positive results from MBAR. All of the results came up with "Unknown.rootkit.Driver" across a variety of files in C:\windows\system32\drivers, which MBAR reported as "Forged File". However we took the files and uploaded them to virustotal.com which is run by Kaspersky which checks the hashes of the files against known good file. All of the positive results we got were for Windows 2003 Servers, no other servers appear to be yeilding results from mbar. My questions are this: -How does mbar classify files as a "forged file"? -Are there ways these files can be coming up as good on virustotal.com but still be infected with rootkits? -Does anyone here with the know how still believe these infections are legit? The mbar results for one of these servers are below: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.2.3790 Windows Server 2003 Service Pack 2 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.327000 GHz Memory total: 2142724096, free: 1236303872 Downloaded database version: v2013.11.22.09 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 11/22/2013 09:46:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys volsnap.sys PartMgr.sys xevtchn.sys \WINDOWS\system32\DRIVERS\XENUTIL.SYS xenvif.sys atapi.sys perc2.sys \WINDOWS\system32\drivers\SCSIPORT.SYS xenvbd.sys scsifilt.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys MpFilter.sys Dfs.sys KSecDD.sys Ntfs.sys NDIS.sys xennet.sys r1vssfltr.sys r1fltr.sys Mup.sys crcdisk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\cirrus.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\watchdog.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\xeniface.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_xenvbd.sys \SystemRoot\System32\Drivers\dump_XENUTIL.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\System32\RDPDD.dll \SystemRoot\System32\cirrus.dll \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff89ffd9a8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\ Lower Device Object: 0xffffffff89f09030 Lower Device Driver Name: \Driver\xenvbd\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89f0ab80, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89faccf8, DeviceName: Unknown, DriverName: \Driver\scsifilt\ DevicePointer: 0xffffffff89f09030, DeviceName: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\, DriverName: \Driver\xenvbd\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\afd.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\afd.sys Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspptp.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\raspptp.sys Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wlbs.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\wlbs.sys Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\p3.sys Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ks.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\ks.sys Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [unknown.Rootkit.Driver] Too many forged files. Probable DDA driver failure. Driver scan terminated, results discarded. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6FEB239E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 64197 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 64260 Numsec = 20563200 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20627460 Numsec = 266084595 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 214758850560 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-419430880-419450880)... Done! Read File: File "C:\WINDOWS\system32\config\AppEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SecEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SysEvent.Evt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Cookies\index.dat" is compressed (flags = 1) Read File: File "C:\WINDOWS\WindowsUpdate.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished Thanks, Security_Concerned
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.