Jump to content

Search the Community

Showing results for tags 'Hijacker'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 19 results

  1. Sometimes (but not every time) when I'd perform a Google search in Edge and click on a link, I'd be redirected to another site like Amazon or Walmart. I ran a Malwarebytes Premium scan, but it found nothing. So, I downloaded and ran Farbar, as mentioned in the instructions on what to post in this forum. Despite that, I started Googling to test things, and I'm not getting the redirect anymore, which is weird. How could it be gone if Malwarebytes never detected it? How can I be sure it's really gone? Is this something I could accidentally pass on to coworkers by sharing files in Google Drive? Here is the Farbar log (it's the second time I ran the scan since the first time, I accidentally ran it from the Downloads folder) and I've attached the additional one to this post: Addition.txt
  2. Now this happened about 3 months ago I have long before reset my PC to windows 10 by now but for some mysterious reason my ABV.bg email has been repeatedly getting hacked every time! even tho last time I changed my password to be unique combination of 30 symbols and letters including the secret question and answer. Its still getting mysteriously hacked and at this point its obvious the information is being leaked from my PC so the trojan/keylogger/hijacker or whatever has not been removed even tho I did repeated Malwarebytes scans and I even scanned with Bitdefender in boot environment still no such luck! Yesterday I saw about total of 74 SVHOST.exe processes in my task manager and I don't wanna say all of them are viruses but I doubt windows needs that many processes to run! So something is definitely up here! As for the virus I had in February that hijacked my browser immediately after I found my email hacked I checked my Temp folder and what do i find multitude of unknown files scattered on about I put them all in a 7zip archieve in case I need them to be give them to a professional for analyzing etc! The hacker had even hijacked my wifi (I even found some chinese characters within the wifi app pointing at some access point in some chinese province) I am pretty sure so at this point I am not even sure if its DNS hijack or browser hijack...or whatever hijack the trojan just keeps appearing and this time he seems to be not leaving any files on HDD so I am not sure if its using fake windows processes or services I need to get rid of the malicious files before trying another clean system install... The FRST.zip logs I have provided are from Safe mode scan today in Windows 10 I included some older ones too from previous months! FRST.zip temp folder viruses package.7z FRST 09th-05 Logs.zip FRST 27th-04 Logs.zip
  3. Hi, I was asked by Exile360 to open a new Topic for the problem that I had exposed at length in detail on the first Topic: Its name: "A malware prevented me from going on the internet (chrome and edge)" So I kept the same tags for this topic, I used the Farbar Recovery Scan Tool. I send you the results: 2 files But as I said in my first post I can not reinstall Malwarebytes Premium that I had, and therefore I can not send you a result of its action. Do I have to watch only this new topic? AND should the first one be closed? Thanks again for your help FRST.txt Addition.txt
  4. Hi, Sorry I am French speaking. I wrote my explanations in French and asked Google for an automatic translation which follows ... (French text at the end if needed) I am forced to write to you because I can not reinstall Malwarebytes Premium on my computer and for which I have a license which is renewed every year. Number XXXXX My computer is a Windows 10 64bit desktop update 1903 How did this happen? 1 Brutally about three weeks ago I could no longer connect to the internet via Chrome or Edge. It was stated that the proxy address was erratic. But I had never asked to go through a Proxy. Searching in "settings" I saw on the one hand that the passage through the Proxy was activated and especially that as soon as I asked to disable it, the record button was grayed out. There was nothing to do. 2 I made Malwarebytes Premium act Who agreed to work twice without discovering anything. But I had two times, using it, a blue screen of brutal shutdown of Windows which closed, without possibility of backup, to restart. In his operation he indicated however that he had made his update ... 3 I thought of calling Kaspersky's Hotline. They could not do anything and after many requests and diagnoses, such as removing the software "Avanquest Update", they asked me to completely uninstall Kaspersky Internet Security with one of their tools to install the latest version of KIS ... I did not do it because once uninstalled, I had no way to go on the net to reinstall the latest version ... 4 I searched on the Forums (from another computer) and there I saw on CNET that a member had been saved after use of ZHPDiag ZHPCleaner AdwCleaner Malwarebytes ZHPDiag again Farbar Recovery Scan Tool Delfix to purge all tools used <>1.2.https://forums.cnetfrance.fr/topic/1402093-impossible-de-decocher-quot-utiliser-un-serveur-proxyquot/ A clarification: for this user Firefox continued to work unlike Chrome and Edge. The master called the wicked a "Hijacker" 5 It seemed complicated to me and I called a computer scientist who started the computer on a Windows 10 on a USB key and had a software "DoctorWEB" (I'm not sure of the spelling) . We found 4 dangerous files emanating from Avanquest. He has uninstalled all Avanquest software and cleaned in all the registry of all remainings of Avanquest. And he deleted the Proxy Server that I no longer have. He explained to me that it was only used when the internet long ago was very slow ... I found the use of Chrome and Edge. Everything was fine until the moment or yesterday ... 6 I wanted to use again Malwarebytes I had left permanently open and there, BLUE SCREEN ... restart. New attempt and again BLUE SCREEN. 7 I wanted to uninstall and reinstall Malwarebytes. On your site I tried to do it with the first premium version I downloaded. Failed, start of installation, it extracts the files and requests a restart. Restrat done, nothing happens but if we click on the icon that was installed on the desktop, we got an error message! "Unable to start" "Unable to connect the service" I renewed this with three versions including the trial version, and a version taken on Clubic, thinking that I will put my codes afterwards. All the time FAIL! I can not reinstall. Thank you for getting me out of this big problem as soon as possible
  5. Hi, I had recently some encounter with proxy hijacker malware.May have been some Hijack.AutoProxy MalwareBytes was able to successfully restore the internet connection but the the hijack also locked my proxy settings, so I was not able to change them. So I removed it again.... After 4 years of no software (not even defender) only one malware. I would say it is quite good results for me. Of course for people who don't know as much things, I suggest to have something installed that has realtime protection. The message at that screen was something like: "Some settings are managed by your system adminstrator" Well computer being personal computer, not using in any domain or connected to any work or school accounts, then it was odd. I left it alone. Didn't care much of the proxy configurations back then. Today one of my friend had the same issue. Proxy changed to <-loopback>, http localhost:8000, https localhost:8080 and also settings having same lockdown. Same case, computer used only personally. Since I wasn't able to download malwarebytes due to no access to interent, was fixing things by memory. Was able to fix proxy settings manually by deleting some of the registry keys for "Users/software/windows/currentversion/Internet Settings", same for machine and also checked the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet settings". Also removed suspicious scheduler job. Remembered those locations from time I had malwarebytes installed on my computer and it halfway removed it. Everything seemed ok, but still no access to configuration, but at least access to interent. Installed her mb, scanned and scan showed up nothing. (probably because I removed all the keys it had created manually) Since I have also Windows 10 Professional installed, I checked policy manager. All of the parameters there were "Not configured" both, (copmuter and user configuratsion) so the locking wasn't coming from there. After some digging around in registry found one key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel Over there the ConnectionSettings or something like that. After removing it the proxy config was accessible again under "Internet Options" -> Connection tab I can't remember exact name because I removed it and hoped it works. Same key existed in her computer, removing it gave back the access to the connection settings. My conclusion is, that if someone has the same kind of connections settings locking, then to check also that key. Maybe it ends up in the check at some point and can be fixed automatically. (Of course it might be intentional key on domain machines, so it can be hard to know if it is correct or not) Hopefully it helps someone who has same issue. Operating with regedit be cautious, suggested to make backup of the key you are about to modify or delete. If you don't know what you are doing, you can mess up a lot there.
  6. This morning my wife's Firefox for Mac 10.9 kept redirecting to hmapsanddirections.co instead of Google when she opened a new tab. She does not recall clicking on anything suspicious or opening a file. Both Intego Virus Barrier and Malwarebytes show nothing. Only thing we could do was to refresh Firefox. What concerns me is that no virus program spotted it in real time or afterward and doing a Google search just results in lots of no-name, possibly malicious, sites. None of the major virus / security companies have any entries on this. Can someone provide more information so we can ensure her system is clean? Thanks!
  7. Howdy! I'm pretty sure this is nothing new, but since a couple of weeks i've noticed my browsers behaving in a strange way. Sometimes when i search for something using the adress bar i get instantly redirected to other "search" websites such as nova rambler or plus network. I get popups or ever straight up redirects when i click a random spot on any page. Also sometimes when i'm watching a video on youtube the title appears as a hyperlink to another popup. Now for the interesting part: there is absolutely no trace of any malware running on my pc. There is nothing going on in registry, startup or browser extensions. Scans with AdwCleaner revealed nothing as of now (previously it found like 10 threats which had since been deleted. Is there anything I can do to fix it? Thanks for help guys
  8. It's not letting me install ad block to chrome and also preventing installation of malwarebytes, there were some files called "gB59E.tmp.exe" and variations of those that run as processes in the background, i've done 3 scans with avast and it seemed to have deleted some virus' that came installed but this one thing seems to always come back and prevent things. I get an error "Runtime Error (at 14:76) could not call proc" when trying to install malwarebytes and the download for adblock fails. Also, trying to download and run chrome installer from internet explorer mentions the file has been deleted or moved, unless I manually save it somewhere myself and then run it. Here are the Farbar recovery scan tool log files, i've been lurking and seen some threads mentioning their use. Hope they provide some insight, thanks! FRST.txt Addition.txt
  9. Hey guys, So there is this virus/malware whatever you want to call it which bothers me every time I start my computer. Once windows 10 boots up and I open Google Chrome this random ****.tmp.exe file is generated in the temp folder. I have attached the file in the zip folder if you guys want to have a look at it (Please don't open the .exe file as it may affect your PC too). As soon as the files are created in the temp folder it also starts in processes. Multiple times I have done a clean uninstallation of Google Chrome and installed it back again but after opening and closing chrome 2-3 times again it gets affected (Without even logging in Google chrome and syncing the data). Google chrome starts flickering 4-5 times and when you search for a result it displays the less memory error. Also, it has affected Mozilla firefox too but not Edge and Internet E. When the tmp.exe is working in the process all the search results are showed in cse i.e. google custom search which is annoying as hell. Once I kill the process and delete the tmp.exe file everything is back to normal but the flickering of Google Chrome is still there whenever I open Google Chrome. Any solution for this problem? Have used CC Cleaner, tried full scan in Kaspersky, etc and still no help. In fact, since my Gmail account was logged in google chrome on my PC and Laptop earlier, this tmp.exe has also affected my laptop too. Please Help! Thanks. Temp.zip
  10. I have this trojan called Imminent it won't leave my system it comes back everyday! It hijacks firefox's logs and won't leave please help! here is a log from the scan, The file is usually about 30 bytes for some reason but it wont go away! Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/10/2016 Scan Time: 3:15 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.10.07 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: avfor Scan Type: Threat Scan Result: Completed Objects Scanned: 418507 Time Elapsed: 17 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs, Quarantined, [f49b2077495190a6dd4a458bd3309769], Files: 3 Trojan.Agent.Trace, C:\Users\avfor\AppData\Roaming\Imminent\Path.dat, Quarantined, [a1eea1f6732712246c7b378eca39f50b], Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs\09-10-2016, Quarantined, [f49b2077495190a6dd4a458bd3309769], Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs\10-10-2016, Quarantined, [f49b2077495190a6dd4a458bd3309769], Physical Sectors: 0 (No malicious items detected) (end)
  11. I need some help removing a trojan, long story short I got tricked into executing an .exe that downloaded a software to my pc (TSearch) which made Kaspersky go crazy with trying to block and disinfect the files, which then I manually deleted and uninstalled (I think) the software. Then I ran Malwarebytes and detected 6 threats, which 3 were Trojan.ProxyHijacker. But I don't know if I completely deleted the virus, so I really need to see if I got rid of the virus, I would appreciate help a lot. I attached the log from Kaspersky and Malwarebytes Kas Log.txt mbam-log-2016-05-16 (19-01-59).txt
  12. Hi I am using a Lenovo Thinkpad X1 Carbon. About three days ago I noticed that that my mouse was moving and clicking on things without me touching anything (whilst I was watching something, nowhere near the mouse). Having had a similar problem in the past, I quickly thought that this could be malware or a hijacker, and I therefore immediately turned the laptop off. Since then I have used another laptop and a USB stick to download MalwareByes as well as Avast. Having tried to use both of these I have been unable to: - Avast simply will not start (whenever the 'run' box comes up, I choose to run the programme but nothing happens), and - MalwareBytes is not working either (the programme instantly crashes whenever I try to run it, and I have also used all 13 'Chameleons' to no avail. Each time the driver is installed, but ultimately the black box repeatedly shows 'failed!' and 'no files in current directory!' I have even bought and tried to use a FixMeStick, which also is not working as my "computer is not compatible with the FixMeStick because it uses BitLocker Drive Encryption" (it is a work laptop so some features may be disabled or additional security may be in place...I am not sure if I am able to change the settings). I have downloaded and tried to use Rkill, which has not helped. I have also downloaded and scanned using Farbar Recovery Scan Tool. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015Ran by Spettipiece (administrator) on UKPK1RHT6 (31-08-2015 10:20:47)Running from C:\Users\Spettipiece\DownloadsLoaded Profiles: Spettipiece (Available Profiles: Spettipiece & K1_adm & Administrator)Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Oracle Corporation) C:\ORACLE\ORA10G\bin\omtsreco.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\SymCorpUI.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SmcGui.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ProtectionUtilSurrogate.exe(FixMeStick Technologies) E:\RunFixMeStick.exe(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-06-29] (Adobe Systems Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1HKLM\...\Policies\Explorer: [useDefaultTile] 1HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTIONHKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [DAEMON Tools Lite] => "E:\DAEMON Tools Lite\DTLite.exe" -autorunHKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18993824 2014-01-23] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-02-04]ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()GroupPolicyScripts: Group Policy detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-1965243242-631715425-1848903544-251446] => http://kpmgproxy.com/kpmgproxy.pacTcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100Tcpip\..\Interfaces\{0AC540F2-7883-4AA8-9B1A-263FDFAD503D}: [DhcpNameServer] 10.216.217.39 10.216.134.156 158.177.79.90Tcpip\..\Interfaces\{8BC3C96B-BFF8-4992-BE60-C731614A2561}: [DhcpNameServer] 194.168.4.100 194.168.8.100Tcpip\..\Interfaces\{D742E457-5464-45AB-8B60-8EBB722EFE2C}: [DhcpNameServer] 192.168.42.129Tcpip\..\Interfaces\{E3CB9E7E-B25D-4642-8ACC-D412DEBF037D}: [DhcpNameServer] 10.216.217.39 10.216.163.40 10.216.205.9 10.217.225.47 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1965243242-631715425-1848903544-251446\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhomeHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.kworld.kpmg.com/usearch/usearch.asp?hide_tabs=1HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://portal.ema.kworld.kpmg.com/uk/Pages/default.aspxHKU\S-1-5-21-1965243242-631715425-1848903544-251446\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> DefaultScope value is missingSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 -> DefaultScope value is missingSearchScopes: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> {B537DD29-1E1A-4093-AFC9-23C23587DB8D} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)BHO-x32: Citrix URL-Redirection Helper -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll [2013-10-01] (Citrix Systems, Inc.)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-06-17] (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> E:\SURFIN~1\BROWER~1\ASCPLU~1.DLL No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1965243242-631715425-1848903544-251446 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)DPF: HKLM-x32 {2451640F-BE54-4A75-A66A-2A967AD214A9} hxxp://worksiteweb/WorkSite/includes/iManFile.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://kpmguk.webex.com/client/WBXclient-T29L10NSP3-17099/nbr/ieatgpc1.cabHandler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-02-22] (SAP, Walldorf)Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.) FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-07] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-06-26] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-10] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-10] (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-07-27] Chrome: =======CHR Profile: C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Chrome Hotword Shared Module) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]CHR Extension: (Chrome Web Store Payments) - C:\Users\Spettipiece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-20]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-06-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)R2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [66480 2013-01-24] (Cisco Systems, Inc.)R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-04-23] (Lenovo.)S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]R2 OracleMTSRecoveryService; C:\ORACLE\ORA10G\bin\omtsreco.exe [53248 2006-10-11] (Oracle Corporation) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-06-17] (Symantec Corporation)R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-06-17] (Symantec Corporation)S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-06-17] (Symantec Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AppvStrm; C:\Windows\System32\DRIVERS\appvStrm.sys [104616 2013-03-29] (Microsoft Corporation)R3 AppvVemgr; C:\Windows\System32\DRIVERS\AppvVemgr.sys [175256 2013-03-29] (Microsoft Corporation)R3 AppvVfs; C:\Windows\System32\DRIVERS\AppvVfs.sys [141480 2013-03-29] (Microsoft Corporation)S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [64512 2012-08-10] (ASIX Electronics Corp.)R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150814.011\BHDrvx64.sys [1650936 2015-07-28] (Symantec Corporation)R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-06-17] (Symantec Corporation)R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2014-02-04] ()S3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150828.011\IDSvia64.sys [671448 2015-08-05] (Symantec Corporation)R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-02] (Ericsson AB)S3 LenLan; C:\Windows\System32\DRIVERS\LenLan.sys [110080 2012-10-22] (Lenovo Corporation)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-08-27] (Malwarebytes Corporation)R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation)R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation)R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation)R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation)R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\ENG64.SYS [138488 2015-07-30] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150830.020\EX64.SYS [2146040 2015-07-30] (Symantec Corporation)R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-10-17] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [3056248 2012-05-22] (Sunplus Technology)R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-06-17] (Symantec Corporation)R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-06-17] (Symantec Corporation)S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\SyDvCtrl64.sys [35432 2014-06-17] (Symantec Corporation)R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-06-17] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-06-17] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-23] (Symantec Corporation)R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-06-17] (Symantec Corporation)R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-06-17] (Symantec Corporation)R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [153912 2014-07-24] (Symantec Corporation)R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [104472 2014-06-17] (Symantec Corporation)R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-27] (Ericsson AB)S3 5U877; system32\DRIVERS\5U877.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-31 10:20 - 2015-08-31 10:21 - 00030683 _____ C:\Users\Spettipiece\Downloads\FRST.txt2015-08-31 10:20 - 2015-08-31 10:20 - 02188288 _____ (Farbar) C:\Users\Spettipiece\Downloads\frst64.exe2015-08-31 10:20 - 2015-08-31 10:20 - 00000000 ____D C:\FRST2015-08-30 19:10 - 2015-08-30 19:10 - 00000000 ____D C:\FixMeStick2015-08-28 13:32 - 2015-08-28 13:32 - 00294400 _____ C:\Users\Spettipiece\Downloads\exeHelper.com2015-08-28 13:28 - 2015-08-28 13:28 - 00002948 _____ C:\windows\System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE}2015-08-28 13:05 - 2015-08-28 13:26 - 00003552 _____ C:\Users\Spettipiece\Desktop\Rkill.txt2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\WiNlOgOn.exe2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\uSeRiNiT.exe2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.scr2015-08-28 13:04 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.com2015-08-28 13:03 - 2015-08-28 13:04 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Spettipiece\Downloads\rkill.exe2015-08-28 12:56 - 2015-08-28 12:56 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\IObit2015-08-28 12:55 - 2015-08-28 12:56 - 00000000 ____D C:\ProgramData\IObit2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD}2015-08-28 12:54 - 2015-08-28 12:54 - 00002940 _____ C:\windows\System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB}2015-08-28 12:36 - 2015-08-28 12:45 - 00000000 ____D C:\Users\Spettipiece\Desktop\Anti malware2015-08-27 22:29 - 2015-08-27 22:29 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-08-27 22:23 - 2015-08-27 22:23 - 00000000 ____D C:\ProgramData\AVAST Software2015-08-10 15:24 - 2015-08-10 15:24 - 00000000 ____D C:\Users\Spettipiece\AppData\Local\Digita2015-08-10 15:23 - 2015-08-10 15:23 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Digita2015-08-10 11:02 - 2015-08-10 11:02 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\windows\Sun2015-08-10 11:02 - 2015-08-10 11:02 - 00000000 ____D C:\Program Files (x86)\Java2015-08-07 14:52 - 2015-08-07 14:52 - 00000000 ____D C:\windows\SysWOW64\Adobe2015-08-05 15:14 - 2015-08-05 15:14 - 00002132 _____ C:\Users\Spettipiece\Downloads\Venue - NEC Birmingham (wristband collection point - Nottingham).ics2015-08-05 09:05 - 2015-08-05 09:05 - 00000000 ____D C:\Program Files\TCSL2015-08-04 21:38 - 2015-08-04 21:38 - 00056909 _____ C:\Users\Spettipiece\Downloads\Stereophonics - Since I Told You Its Over (Pro).gp52015-08-04 20:08 - 2015-08-04 20:10 - 54685584 _____ C:\Users\Spettipiece\Downloads\Fort Portal.zip2015-08-04 20:08 - 2015-08-04 20:09 - 42379002 _____ C:\Users\Spettipiece\Downloads\Ssese Island.zip2015-08-04 15:22 - 2015-08-04 15:22 - 00001486 _____ C:\Users\Spettipiece\Downloads\BeTogether3.ics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-31 10:20 - 2014-01-26 15:37 - 01382690 _____ C:\windows\WindowsUpdate.log2015-08-31 10:18 - 2013-09-05 16:21 - 00000000 ____D C:\ProgramData\Symantec2015-08-31 10:18 - 2009-07-14 06:13 - 00788962 _____ C:\windows\system32\PerfStringBackup.INI2015-08-31 10:09 - 2014-08-02 11:03 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\uTorrent2015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-08-31 09:49 - 2009-07-14 05:45 - 00019120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-08-31 09:43 - 2013-08-30 13:49 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-31 09:31 - 2013-08-30 10:28 - 00000568 _____ C:\windows\SMSCFG.ini2015-08-31 09:29 - 2013-08-30 13:49 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-31 09:29 - 2011-02-16 10:44 - 00000000 ____D C:\Users\Spettipiece\Documents\Outlook2015-08-31 09:29 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-31 09:29 - 2009-07-14 05:51 - 00267751 _____ C:\windows\setupact.log2015-08-28 12:58 - 2014-03-10 08:14 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\Apple Computer2015-08-27 12:31 - 2015-07-28 16:47 - 00000000 ____D C:\Users\Public\SSEWord2015-08-27 02:37 - 2013-08-30 13:49 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-08-27 02:37 - 2013-08-30 13:49 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-08-26 13:56 - 2014-02-04 17:44 - 00038610 __RSH C:\Users\Spettipiece\ntuser.pol2015-08-26 13:56 - 2014-02-04 17:18 - 00000000 ____D C:\Users\Spettipiece2015-08-26 13:54 - 2014-01-26 22:33 - 00007328 _____ C:\windows\system32\config\netlogon.ftl2015-08-26 13:51 - 2014-04-12 07:37 - 00000000 ____D C:\Program Files\Intel2015-08-26 13:51 - 2014-01-26 15:41 - 00018926 _____ C:\windows\DPINST.LOG2015-08-21 12:23 - 2014-02-04 17:30 - 00004062 _____ C:\windows\tcslbase.ini2015-08-21 12:04 - 2014-02-04 17:30 - 00000711 _____ C:\windows\TCSLDB.ini2015-08-20 15:29 - 2015-07-27 15:06 - 00000000 ____D C:\Users\Spettipiece\AppData\Roaming\iOutlook2015-08-17 09:08 - 2013-09-05 17:04 - 00000000 ____D C:\windows\ccmcache2015-08-12 15:06 - 2011-02-16 10:43 - 00000000 ____D C:\Users\Spettipiece\Desktop\Shaun's KPMG2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\SysWOW64\kpmgscreen.scr2015-08-12 14:23 - 2014-01-27 10:51 - 00205312 _____ (ScreenTime Media) C:\windows\system32\kpmgscreen.scr2015-08-10 15:26 - 2014-05-13 16:46 - 00000000 ____D C:\ProgramData\Digita2015-08-08 12:44 - 2010-11-21 04:47 - 00918872 _____ C:\windows\PFRO.log2015-08-07 14:52 - 2013-09-05 16:30 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-07 14:52 - 2013-09-05 16:30 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-07 14:52 - 2013-09-05 16:30 - 00000000 ____D C:\windows\SysWOW64\Macromed2015-08-06 12:22 - 2013-08-30 10:32 - 00170421 __RSH C:\ProgramData\ntuser.pol2015-08-05 13:56 - 2015-07-27 14:51 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk2015-08-05 13:56 - 2015-07-27 14:51 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk2015-08-05 13:56 - 2015-07-27 14:51 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk2015-08-05 09:05 - 2014-11-04 21:41 - 00000360 _____ C:\windows\atload.ini2015-08-05 09:05 - 2014-11-04 21:41 - 00000284 _____ C:\windows\tcslct.ini ==================== Files in the root of some directories ======= 2014-08-20 08:44 - 2014-08-20 08:44 - 0000400 _____ () C:\Users\Spettipiece\AppData\Roaming\apachesrvin.vbs2014-08-20 08:44 - 2014-08-20 08:44 - 0000061 _____ () C:\Users\Spettipiece\AppData\Roaming\die.bat2013-08-30 10:07 - 2013-08-30 10:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP:====================C:\Users\desktopdna\AppData\Local\Temp\{1AA9F7F8-D106-4C4F-8B16-8CAEBDC79779}-GoogleUpdateSetup.exeC:\Users\desktopdna\AppData\Local\Temp\{9EE58BD8-BA7D-47CA-B7C4-7267CDD5B6D7}-GoogleUpdateSetup.exeC:\Users\desktopdna\AppData\Local\Temp\{AC4EE382-6251-4E3C-864A-C77FEA6AE0BA}-GoogleUpdateSetup.exeC:\Users\Spettipiece\AppData\Local\Temp\7za.exeC:\Users\Spettipiece\AppData\Local\Temp\bitool.dllC:\Users\Spettipiece\AppData\Local\Temp\FMS38B0.tmp.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\SysWOW64\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-25 01:52 ==================== End of FRST.txt ============================ Here is the additional text log: Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015Ran by Spettipiece (2015-08-31 10:21:17)Running from C:\Users\Spettipiece\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3514007175-846357519-1260159919-500 - Administrator - Enabled) => C:\Users\AdministratorK1_adm (S-1-5-21-3514007175-846357519-1260159919-1002 - Administrator - Enabled) => C:\Users\K1_admk1_guest (S-1-5-21-3514007175-846357519-1260159919-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) HiddenAdobe Acrobat Pro STAMPS v10 (HKLM-x32\...\{0C6BBA44-D653-42E7-9DAC-D876B4BCDF4A}) (Version: 10 - KPMG)Adobe Acrobat Pro STAMPS v11 (HKLM-x32\...\{7F1C1609-257A-4849-B844-8C93ABF39E92}) (Version: 11 - KPMG)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.12 - Adobe Systems)Adobe Connect Add-in (HKU\S-1-5-21-1965243242-631715425-1848903544-251446\...\Adobe Connect Add-in) (Version: - )Adobe Flash Player 18 ActiveX (HKLM-x32\...\{B3DADA45-F0ED-48FD-946E-7E82C2229D59}) (Version: 18.0.0.209 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\{448D7DEC-36F1-4091-B419-C5487BDEB867}) (Version: 18.0.0.209 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\{699025AA-475E-45F2-9C9B-9A489CAD2C10}) (Version: 12.1.9.159 - Adobe Systems, Inc)Alphatax v15.0 (HKLM\...\{DBEB588C-81D7-46F4-940C-3FA2544F5722}) (Version: 15.0 - KPMG)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{14414298-5199-4C52-81E2-FF1501EAAD72}) (Version: 2.0.0.0 - ASIX Electronics Corporation)AX88179_AX88178A Windows 7 Drivers (x32 Version: 2.0.0.0 - ASIX Electronics Corporation) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{633EE0E5-7361-42FD-AD45-2E2A18AA47E5}) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Posture Module (HKLM-x32\...\{CB7DAECA-A855-4ACB-8EE3-558E11C1181B}) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) HiddenCisco IP Communicator (x32 Version: 8.6.3.0 - Cisco Systems, Inc.) HiddenCisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)Clix Learnbase-Client 2.3.0.983 (HKLM-x32\...\{B0C5227A-1141-4CFB-82C2-A4FC3F998AFD}) (Version: 2.3.0.983 - KPMG)Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.8131.0 - Microsoft)Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) HiddenCRM System (HKLM-x32\...\{7B759AFF-5F31-4FC5-95B3-EB944876AA3A}) (Version: 3.0 - KPMG)Digita Database Launcher v1.0 (HKLM\...\{0DDBC651-3C99-4049-8EAA-6EFF4D382CC8}) (Version: 1.0 - KPMG)Digita Launcher and Unlock Tool (HKLM\...\{FE36CC6E-EAF4-4DD4-AFF8-D8DE3222909F}) (Version: 12.7 - Thomson)Digita Shared Components v2.1 (HKLM-x32\...\{18A790C2-0325-4811-8EE8-70C153DD3F21}) (Version: 2.1.228.0 - Thomson Reuters (Professional) UK Limited (Tax & Accounting Business))Digita Tax Software v15.2 (HKLM-x32\...\{FB93A4A3-C29D-4FCC-BA1B-80B4C42321DF}) (Version: 15.2 - Thomson)DigitarebootPrompt (x32 Version: 1.00 - KPMG) HiddenDigitaTaxSoftware (HKLM-x32\...\DigitaTAx12.1) (Version: - KPMG)DisplayLink Core Software (HKLM\...\{F318CA5D-B6D5-42AD-A2B6-EFFB472EDA67}) (Version: 7.4.51572.0 - DisplayLink Corp.)DisplayLink Graphics (HKLM\...\{8798C3B5-290E-447D-82E4-EB38E183CA39}) (Version: 7.4.51587.0 - DisplayLink Corp.)EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version: - EaseUS)Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version: - SAP AG)Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)GDCoreComponents (HKLM-x32\...\{D4D3476D-DC06-481E-8B3B-339B20D73D0D}) (Version: 3.07 - KPMG Global Desktop Team)GlobalPowerPointToolbar (HKLM-x32\...\{3D3DCD91-B8A4-4676-9250-31C154F97527}) (Version: 4.41.5 - KPMG)Google Chrome (HKLM-x32\...\{1863F6B6-51FD-3F61-BED0-B5E82EA74086}) (Version: 65.85.160 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.13 - Google Inc.) HiddeniManage FileSite 9.0 (HKLM-x32\...\{4A62A98C-C9CE-4FA5-BA0A-3BA26D9A586D}) (Version: 90.4.79 - Autonomy, Inc.)iManage KPMG FileSite Import & Soft Delete Addon (HKLM-x32\...\{A5A442D4-B566-4597-B434-951D9DD6928C}) (Version: 1.7 - Autonomy iManage)Intel® PRO/Wireless Driver (HKLM\...\{17e91253-12f4-4fa1-bd55-5d950e7799a8}) (Version: 17.14.0000.2269 - Intel)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1C03A416-D8D5-42F6-87CE-4874A383EBEB}) (Version: 16.10.0.0307 - Intel Corporation)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Jabra upgrade for Cisco IP Communicator (x32 Version: 1.00.0000 - KPMG) HiddenJava 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)KPMG Alphatax (Version: - ) HiddenKPMG DigitaTaxSoftware (x32 Version: 1.00 - KPMG) HiddenKPMG Excel Magic Tools (HKLM-x32\...\{6587BA6E-722C-4D70-A92B-E76A32F8DC3D}) (Version: 4.41.5 - KPMG)KPMG Global Desktop Fonts (HKLM-x32\...\{D34DF15C-31FF-4DE1-BE94-2B25D453839C}) (Version: 2.0 - KPMG Global Desktop Team)KPMG Installer (x32 Version: 1.00.0000 - KPMG) HiddenKPMG Navigo (HKLM-x32\...\{210BCAC7-D169-47CF-BF45-EF043080C141}) (Version: 1.15 - KPMG)KPMG PresentationUtility (HKLM-x32\...\{B01EEDAF-799E-45CF-8942-ED8A05A73848}) (Version: 1.1 - KPMG ITS)KPMG SAP-GuiXT-License-Keys 20130521 (HKLM-x32\...\{6A2BF16E-0FD4-4283-B255-3B5867B3E2D1}) (Version: 1.05.2013 - KPMG ITS)Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )MDOP MBAM (Version: 2.0.5301.1 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 (HKLM-x32\...\{6a7351d4-99b9-4be8-99a6-f70b825c119e}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)Microsoft CMTrace (HKLM\...\{2B733E91-E0A2-4C7C-A146-EC6005FCF663}) (Version: 1.00 - Microsoft)Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{C92556F2-4950-48CF-ABA3-F0026B05BCE8}) (Version: 8.05.1054 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Navigo Font Fix (x32 Version: 1.0 - KPMG) HiddenOn Screen Display (HKLM\...\OnScreenDisplay) (Version: 7.12.20 - )Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenOnline Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) HiddenOracle Database Client (HKLM-x32\...\{77EA4248-84D1-4967-841B-8A7B03FE0DC5}) (Version: 10.2 - Oracle)OracleDatabaseClient10g_Patch (HKLM-x32\...\{7066E410-F7B0-4F56-AFC5-2679ED19816C}) (Version: 5699495 - Oracle)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenPower Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.54 - )Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.34 - Remo Software)SAP Active Components Framework (HKLM-x32\...\SAPACF) (Version: - SAP AG)SAP Active Components Framework for Adobe (HKLM-x32\...\SAPACF_ADOBE) (Version: - SAP AG)SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)SAP Channel Encryption (HKLM-x32\...\SAP Channel Encryption) (Version: - SAP AG)SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)SAP LicenseUpdate (HKLM-x32\...\{EE574B30-921A-49D5-B169-37B16034AE13}) (Version: 2.0 - SAP)Screensaver (HKLM\...\{374EB319-B146-4AC3-9AB9-077B3D87C5EE}) (Version: 199.0 - KPMG)Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)SSE Word V10.1 (HKLM-x32\...\{FF914837-19EE-4536-ABAF-4B7AF7082A67}) (Version: 10.1 - KPMG)Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)Symantec Endpoint Protection (HKLM\...\{60171618-BEB9-4E89-AA7B-43AD32A3EC05}) (Version: 12.1.4100.4126 - Symantec Corporation)ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.0 - )WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 08-08-2015 15:13:19 Scheduled Checkpoint18-08-2015 11:08:37 Scheduled Checkpoint26-08-2015 00:00:01 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3AA0B803-49C5-42C4-AC70-C8F2FB2A9B88} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)Task: {3C2F6DD3-AA5E-43F5-98CF-98491C05BAD5} - System32\Tasks\{C6F69DA9-4DDF-4749-A657-1E2F85671EBE} => H:\Malwarebytes Anti-Malware\explorer.exeTask: {3D584A4A-65C7-4FB2-839C-D731C7464FA3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {4826163F-BA80-4058-A39E-15F1741FDFA1} - System32\Tasks\{613B6B0E-AEEF-4A31-ACA6-EC8529389BCB} => H:\Malwarebytes Anti-Malware\mbam.exeTask: {59556A1A-7ECF-4056-8FFB-B92BF96079E3} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-04-23] (Lenovo Group Limited)Task: {5C4321F1-E40D-470E-8024-ECE0754E312E} - System32\Tasks\SEP Exclusion DMS => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {610DB703-2F82-4ACD-BD0A-E885D6A1C2F7} - System32\Tasks\KPMG\Run SCCM Evaluation Cycles => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {62C3E5C6-F4CB-4650-81BE-D35162381E3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {994DB96E-B612-453D-96B6-78C29922C016} - System32\Tasks\{F9C5F5A8-8A2E-4376-B1CB-54C4CD7E40DD} => H:\Malwarebytes Anti-Malware\mbam.exeTask: {9CBFF508-DDB4-446C-9A6E-DA5CCDD7DA22} - System32\Tasks\KPMG\Office 2013 Cleanup PST Backup => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {A4687E7A-ED8A-44FD-A7D4-26BB8BBD6E6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {AE3C686D-69CE-475D-8D82-9C5C7B180C8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {B6438894-F19A-4D79-B184-F9CF48BC5843} - System32\Tasks\KPMG\Logon UI Reset => C:\windows\System32\WindowsPowerShell\v1.0\\Powershell.exe [2013-09-27] (Microsoft Corporation)Task: {C1CB5D29-CCE6-4FC3-914C-47C1FA03392D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle DetectionTask: {C6951FA7-1310-41AD-889B-B1CA39A46F5C} - System32\Tasks\KPMG\Upload Office 2013 Upgrade Status => C:\windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-09-27] (Microsoft Corporation)Task: {CEC74C90-FC26-403F-AD69-B339A76FAB39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {E53C3CE3-DB7E-46EA-9ADF-E9C31F126FC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E770AADA-C8DB-4031-ADBC-59AF1F81EA8B} - System32\Tasks\{5FBED348-EDCB-4505-ABCC-D9F67F35988E} => pcalua.exe -a G:\Setup.exe -d G:\Task: {F53427EC-8628-492B-B59A-C77B711DB372} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {F7B21844-D5FB-4968-98FD-8DC76AAE303F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-10] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-01-26 15:38 - 2013-04-23 06:54 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2013-08-30 18:45 - 2012-08-24 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll2015-08-21 11:33 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll2015-08-21 11:33 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1965243242-631715425-1848903544-251446\Control Panel\Desktop\\Wallpaper -> C:\Users\Spettipiece\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: Media is not connected to internet.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter for 64-bit WindowsDescription: Cisco Systems VPN Adapter for 64-bit WindowsClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (08/31/2015 09:31:37 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} Error: (08/31/2015 09:31:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/31/2015 09:29:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: UK)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/31/2015 09:29:03 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain UK due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (08/31/2015 09:29:02 AM) (Source: Ntfs) (EventID: 137) (User: )Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code. Error: (08/30/2015 08:04:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/30/2015 08:04:50 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain UK due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (08/30/2015 08:04:49 PM) (Source: Ntfs) (EventID: 137) (User: )Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code. Error: (08/30/2015 07:55:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office:=========================Error: (08/31/2015 10:20:05 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:18:37 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:17:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 10:16:23 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\Spettipiece\Downloads\FRST.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully. Error: (08/31/2015 09:29:06 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 08:04:52 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 07:53:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 07:36:21 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswChLic.exe Error: (08/30/2015 07:36:20 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Users\Spettipiece\Desktop\Anti malware\AVAST Software\Avast\aswAraSr.exe CodeIntegrity:=================================== Date: 2015-08-31 09:29:29.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 19:53:22.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-30 19:09:56.286 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 13:43:17.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 11:43:57.865 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 10:19:09.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 09:21:25.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 09:04:33.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 08:39:43.090 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-27 19:43:39.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-3667U CPU @ 2.00GHzPercentage of memory in use: 34%Total physical RAM: 7888.91 MBAvailable physical RAM: 5179.53 MBTotal Virtual: 15776.02 MBAvailable Virtual: 13118.74 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:200.62 GB) (Free:59.1 GB) NTFSDrive d: (KDrive) (Fixed) (Total:22.36 GB) (Free:14.82 GB) NTFSDrive e: (FixMeStick) (Removable) (Total:0.04 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D3B106EF)Partition 1: (Not Active) - (Size=200.6 GB) - (Type=07 NTFS)Partition 2: (Active) - (Size=600 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=22.4 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 961 MB) (Disk ID: 00041F1F)Partition 1: (Not Active) - (Size=45 MB) - (Type=07 NTFS)Partition 2: (Active) - (Size=352 MB) - (Type=83)Partition 3: (Not Active) - (Size=416 MB) - (Type=83) ==================== End of Addition.txt ============================ Please help urgently, I need to work tomorrow and need to have the problem resolved by then! Let me know of anything I should do or anything you can do to help. Thanks Sane
  13. The Hijacker, www.safesear.ch, is set as my Chrome default browser and is locked with an icon that says "This setting is enforced by your administrator". This a a private windows 8.1 laptop and I am the administrator. I have run free Malware Bites and it does not identify the hijacker. I have run AdwCleaner and it apparently finds the hijacker and says it cleans it but when i open Chrome Browser again it is still there. I use Bit Defender 2014 for virus protection and with a full scan it does not find anything. When I check for programs names Safe Search, Safesear, safesear.ch, none are found. none of the short cuts are affected. Internet Explorer and Fire Fox are both clean. I have done both Malware Bites and AdwCleaner scans in minimum Safe Mode with no help. When I open Chrome, Chrome tasks are opened and remain open after I shut down the Browser so I must use Task Manager to shut down the tasks to uninstall Chrome. i have shut down the Chrome process and renamed the DEFAULT file, forcing Chrome to generate a new one but www.safesear.ch remains the default browser. I am at a loss as to what to do next. Please help. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by dorma_000 (administrator) on BILLANDJO on 13-03-2015 13:16:25 Running from C:\Users\dorma_000\Downloads Loaded Profiles: UpdatusUser & dorma_000 (Available profiles: UpdatusUser & dorma_000) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto) C:\Program Files\Soluto\SolutoService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Soluto) C:\Program Files\Soluto\Soluto.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM\...\Run: [soluto] => c:\program files\soluto\soluto.exe [1253848 2013-01-29] (Soluto) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations)) HKU\S-1-5-21-4258198927-4012173705-4119787221-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-12-14] () HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-23] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-23] (Bitdefender) HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Run: [GoogleChromeAutoLaunch_029DEB9830534415356275BD590D8920] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender) HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-23] (Bitdefender) HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-23] (Bitdefender) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rockmelt.com/?via=acer&mt=preload URLSearchHook: [s-1-5-21-4258198927-4012173705-4119787221-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4258198927-4012173705-4119787221-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-23] (Bitdefender) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25] (Qualcomm Atheros Commnucations) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-23] (Bitdefender) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\dorma_000\AppData\Roaming\Mozilla\Firefox\Profiles\8f3b30io.default-1425496160666 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] () FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-04-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-04-14] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: Default -> hxxp://my.yahoo.com/ CHR StartupUrls: Default -> "hxxp://my.yahoo.com/" CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Television Fanatic Homepage) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpgmmlogfloaeldffkaeijpkdgabijk [2015-03-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (Google Wallet) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-04] CHR Extension: (Bitdefender QuickScan) - C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-03-08] CHR HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-12-08] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-23] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender) S3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-23] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 13:16 - 2015-03-13 13:16 - 02095616 _____ (Farbar) C:\Users\dorma_000\Downloads\FRST64.exe 2015-03-13 13:16 - 2015-03-13 13:16 - 00019318 _____ () C:\Users\dorma_000\Downloads\FRST.txt 2015-03-13 13:16 - 2015-03-13 13:16 - 00000000 ____D () C:\FRST 2015-03-13 12:40 - 2015-03-13 12:40 - 00000760 _____ () C:\Users\dorma_000\Desktop\JRT.txt 2015-03-13 12:36 - 2015-03-13 12:36 - 01388333 _____ (Thisisu) C:\Users\dorma_000\Downloads\JRT (1).exe 2015-03-13 12:10 - 2015-03-13 12:10 - 00002283 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-13 12:10 - 2015-03-13 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-13 12:09 - 2015-03-13 13:14 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-13 12:09 - 2015-03-13 12:14 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-13 12:09 - 2015-03-13 12:09 - 00880208 _____ (Google Inc.) C:\Users\dorma_000\Downloads\ChromeSetup(1).exe 2015-03-13 12:09 - 2015-03-13 12:09 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-13 12:09 - 2015-03-13 12:09 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-13 10:29 - 2015-03-04 16:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-13 10:29 - 2015-03-04 16:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-13 10:00 - 2015-03-13 10:00 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dorma_000\Downloads\sh-remover.exe 2015-03-11 18:03 - 2015-03-11 18:03 - 00010556 _____ () C:\Users\dorma_000\Downloads\hijackthis.log 2015-03-11 18:01 - 2015-03-11 18:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\dorma_000\Downloads\HijackThis.exe 2015-03-11 12:53 - 2015-03-11 12:53 - 00000000 ____D () C:\WINDOWS\pss 2015-03-11 12:42 - 2015-03-11 12:42 - 00000000 ____D () C:\WINDOWS\system32\Soluto 2015-03-11 11:50 - 2015-02-03 18:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-11 11:50 - 2015-02-03 18:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-11 11:50 - 2015-02-03 18:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-11 11:50 - 2015-02-02 18:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-11 11:50 - 2015-02-02 18:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-11 11:50 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe 2015-03-11 11:50 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe 2015-03-11 11:49 - 2015-03-05 21:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-11 11:49 - 2015-03-05 21:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-11 11:49 - 2015-02-25 18:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-11 11:49 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-11 11:49 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-11 11:49 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-11 11:49 - 2015-02-20 19:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-11 11:49 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-11 11:49 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-11 11:49 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-11 11:49 - 2015-02-19 22:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-11 11:49 - 2015-02-19 21:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-11 11:49 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-11 11:49 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-11 11:49 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-11 11:49 - 2015-02-19 21:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-11 11:49 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-11 11:49 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-11 11:49 - 2015-02-19 21:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-11 11:49 - 2015-02-19 21:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-11 11:49 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-11 11:49 - 2015-02-19 21:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-11 11:49 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-11 11:49 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-11 11:49 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-11 11:49 - 2015-02-19 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-11 11:49 - 2015-02-19 20:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-11 11:49 - 2015-02-19 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-11 11:49 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-11 11:49 - 2015-02-19 20:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-11 11:49 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-11 11:49 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-11 11:49 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-11 11:49 - 2015-02-19 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-11 11:49 - 2015-02-19 20:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-11 11:49 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-11 11:49 - 2015-02-19 20:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-11 11:49 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-11 11:49 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-11 11:49 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-11 11:49 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-11 11:49 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-11 11:49 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-11 11:49 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-11 11:49 - 2015-02-12 12:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-11 11:49 - 2015-02-12 12:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-11 11:49 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-03-11 11:49 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-03-11 11:49 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-11 11:49 - 2015-02-05 20:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-03-11 11:49 - 2015-02-05 20:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-03-11 11:49 - 2015-02-05 15:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-03-11 11:49 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2015-03-11 11:49 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2015-03-11 11:49 - 2015-01-30 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-03-11 11:49 - 2015-01-30 18:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-03-11 11:49 - 2015-01-30 18:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-11 11:49 - 2015-01-29 22:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-11 11:49 - 2015-01-29 22:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-11 11:49 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll 2015-03-11 11:49 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll 2015-03-11 11:49 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2015-03-11 11:49 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll 2015-03-11 11:49 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll 2015-03-11 11:49 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2015-03-11 11:49 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2015-03-11 11:49 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-03-11 11:49 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2015-03-11 11:49 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2015-03-11 11:49 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2015-03-11 11:49 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2015-03-11 11:49 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2015-03-11 11:49 - 2015-01-29 13:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-11 11:49 - 2015-01-29 13:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-11 11:49 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll 2015-03-11 11:49 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll 2015-03-11 11:49 - 2015-01-28 20:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 11:49 - 2015-01-28 20:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-03-11 11:49 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-03-11 11:49 - 2015-01-28 20:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 11:49 - 2015-01-28 19:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-03-11 11:49 - 2015-01-28 19:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-03-11 11:49 - 2015-01-28 19:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-03-11 11:49 - 2015-01-28 19:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-03-11 11:49 - 2015-01-28 10:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-11 11:49 - 2015-01-28 10:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-11 11:49 - 2015-01-28 10:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-11 11:49 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll 2015-03-11 11:49 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll 2015-03-11 11:49 - 2015-01-27 20:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-11 11:49 - 2015-01-27 20:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-11 11:49 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-11 11:49 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-03-11 11:49 - 2015-01-26 23:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-11 11:49 - 2015-01-26 21:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-11 11:49 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-03-11 11:49 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-03-11 11:49 - 2015-01-21 00:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-11 11:49 - 2015-01-21 00:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-03-11 11:49 - 2014-12-11 00:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-11 11:45 - 2015-03-13 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-10 19:41 - 2015-03-10 19:41 - 00002220 _____ () C:\Users\Public\Desktop\ImTOO iPhone Contacts Transfer.lnk 2015-03-10 19:41 - 2015-03-10 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO 2015-03-10 19:38 - 2015-03-10 19:38 - 00000000 ____D () C:\ProgramData\ImTOO 2015-03-10 19:38 - 2015-03-10 19:38 - 00000000 ____D () C:\Program Files (x86)\ImTOO 2015-03-10 19:36 - 2015-03-10 19:37 - 21389024 _____ () C:\Users\dorma_000\Downloads\iphone-contacts-transfer-92146.exe 2015-03-09 17:22 - 2015-03-09 17:22 - 00880208 _____ (Google Inc.) C:\Users\dorma_000\Downloads\ChromeSetup.exe 2015-03-09 15:28 - 2015-03-09 15:28 - 00000000 _____ () C:\autoexec.bat 2015-03-09 15:27 - 2015-03-09 15:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dorma_000\Downloads\SpyHunter-Installer.exe 2015-03-08 14:12 - 2015-03-08 14:13 - 02126848 _____ () C:\Users\dorma_000\Downloads\AdwCleaner (1).exe 2015-03-08 14:05 - 2015-03-08 14:05 - 00002576 _____ () C:\Users\dorma_000\Downloads\software_removal_tool.log 2015-03-08 13:06 - 2015-03-08 13:06 - 00001386 _____ () C:\Users\dorma_000\Desktop\Steam.exe - Shortcut.lnk 2015-03-04 15:45 - 2015-03-04 15:45 - 00023641 _____ () C:\Users\dorma_000\Downloads\FY 2014 HUD Median Homeownership Value Limits.xlsx 2015-03-04 15:16 - 2015-03-04 15:19 - 00000000 ____D () C:\Users\dorma_000\AppData\Roaming\PDF Reader 2015-03-04 14:41 - 2014-10-28 20:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-03-04 14:40 - 2014-10-28 21:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-04 14:38 - 2014-10-28 20:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-03-04 14:37 - 2014-10-28 20:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-03-04 14:35 - 2014-10-28 20:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-03-04 14:35 - 2014-10-28 19:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-03-04 14:35 - 2014-10-28 19:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2015-03-04 14:35 - 2014-10-28 19:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2015-03-04 14:34 - 2014-10-28 21:45 - 01198080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-04 14:34 - 2014-10-28 20:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2015-03-04 14:34 - 2014-10-28 20:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2015-03-04 14:34 - 2014-10-28 19:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2015-03-04 14:34 - 2014-10-28 19:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2015-03-04 14:33 - 2014-10-28 22:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-04 14:33 - 2014-10-28 21:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-04 14:33 - 2014-10-28 21:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-04 14:33 - 2014-10-28 21:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2015-03-04 14:33 - 2014-10-28 21:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2015-03-04 14:33 - 2014-10-28 21:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2015-03-04 14:33 - 2014-10-28 21:03 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-04 14:33 - 2014-10-28 21:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-04 14:33 - 2014-10-28 21:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-04 14:33 - 2014-10-28 20:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2015-03-04 14:33 - 2014-10-28 20:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2015-03-04 14:33 - 2014-10-28 20:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2015-03-04 14:33 - 2014-10-28 20:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2015-03-04 14:33 - 2014-10-28 19:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2015-03-04 14:32 - 2014-10-28 21:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-04 14:32 - 2014-10-28 21:46 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-04 14:32 - 2014-10-28 21:46 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-04 14:32 - 2014-10-28 21:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2015-03-04 14:32 - 2014-10-28 21:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2015-03-04 14:32 - 2014-10-28 21:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-04 14:09 - 2015-03-04 14:09 - 00000000 ____D () C:\Users\dorma_000\Desktop\Old Firefox Data 2015-03-04 13:54 - 2015-03-13 12:54 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\Component 2015-03-04 13:54 - 2015-03-04 13:54 - 00001051 _____ () C:\Users\Public\Desktop\PDF Reader.lnk 2015-03-04 13:54 - 2015-03-04 13:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Component System 2015-03-04 13:54 - 2015-03-04 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Reader 2015-03-04 13:53 - 2015-03-04 13:54 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\Fast Browser 2015-03-04 13:53 - 2015-03-04 13:53 - 00002239 _____ () C:\Users\dorma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk 2015-03-04 13:53 - 2015-03-04 13:53 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-03-04 13:52 - 2015-03-04 13:52 - 00226456 _____ () C:\Users\dorma_000\Downloads\Adobe_Reader.exe 2015-02-26 12:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-26 12:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-26 12:10 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-26 12:10 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-26 12:10 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-26 12:10 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-21 11:45 - 2015-02-21 11:45 - 01368303 _____ () C:\Users\dorma_000\Downloads\Maps for History of Baptists (1).pptx 2015-02-20 09:17 - 2015-02-20 09:17 - 01368303 _____ () C:\Users\dorma_000\Downloads\Maps for History of Baptists.pptx 2015-02-20 09:03 - 2015-02-20 09:03 - 00030425 _____ () C:\Users\dorma_000\Downloads\Attachments_2015220 (1).zip 2015-02-20 09:02 - 2015-02-20 09:02 - 00174729 _____ () C:\Users\dorma_000\Downloads\Attachments_2015220.zip 2015-02-11 12:46 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 12:46 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 12:46 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 12:46 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 12:46 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 12:46 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 12:46 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 12:46 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 12:46 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 12:46 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 12:45 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 12:45 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 12:45 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 12:45 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 12:45 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-11 12:45 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 12:45 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 12:45 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 12:45 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 12:45 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 12:45 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 12:45 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 12:45 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 12:45 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 12:45 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-11 12:45 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 12:45 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 12:45 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 12:45 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 12:45 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-13 13:01 - 2014-04-05 21:16 - 02073118 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-13 12:59 - 2014-04-05 17:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4258198927-4012173705-4119787221-1002 2015-03-13 12:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-13 12:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-13 12:33 - 2014-04-30 11:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-13 12:10 - 2014-04-05 22:26 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-13 12:06 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-13 12:06 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-03-13 12:03 - 2014-04-05 21:36 - 00000000 ___DO () C:\Users\dorma_000\SkyDrive 2015-03-13 12:01 - 2013-08-22 09:46 - 00358078 _____ () C:\WINDOWS\setupact.log 2015-03-13 12:01 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-13 12:01 - 2013-08-22 09:44 - 00394528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-13 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-13 12:00 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-13 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-13 11:15 - 2014-05-08 12:11 - 00000000 ____D () C:\AdwCleaner 2015-03-13 10:38 - 2014-05-08 12:34 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-03-13 10:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera 2015-03-13 09:33 - 2014-04-05 22:15 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4E88E14-951E-40C1-84B1-EE56B9CB6095} 2015-03-11 18:02 - 2014-04-05 17:14 - 00000000 ____D () C:\Users\dorma_000\AppData\Local\VirtualStore 2015-03-11 12:54 - 2014-04-28 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-11 12:40 - 2013-11-14 02:20 - 00279944 _____ () C:\WINDOWS\PFRO.log 2015-03-10 19:06 - 2014-04-05 18:17 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-10 19:01 - 2014-04-05 18:17 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-09 16:27 - 2014-08-24 21:47 - 00278016 ___SH () C:\Users\dorma_000\Desktop\Thumbs.db 2015-03-09 14:29 - 2014-04-05 21:21 - 00000000 ____D () C:\Users\dorma_000 2015-03-08 15:49 - 2014-04-14 13:58 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Autoscan 2015-03-08 13:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\InputMethod 2015-03-08 13:28 - 2014-05-08 12:34 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-08 13:28 - 2014-05-08 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-08 13:28 - 2014-05-08 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-04 13:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-03-04 13:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2015-02-20 09:19 - 2014-04-06 15:27 - 00000000 ____D () C:\Users\dorma_000\Documents\Maranatha 2015-02-15 16:31 - 2015-02-01 14:59 - 00000000 ____D () C:\adb 2015-02-15 14:20 - 2014-12-12 13:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-15 14:20 - 2014-07-08 18:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-12 15:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======= 2014-04-05 22:39 - 2014-04-06 15:39 - 0000079 _____ () C:\Users\dorma_000\AppData\Roaming\WB.CFG 2014-06-19 11:03 - 2014-07-11 17:42 - 0009728 _____ () C:\Users\dorma_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-14 13:58 - 2014-04-14 13:58 - 0498849 _____ () C:\ProgramData\1397501674.bdinstall.bin 2015-01-20 16:31 - 2015-01-20 16:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-12-14 13:09 - 2013-12-14 13:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-04-05 17:28 - 2014-04-05 17:28 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Some content of TEMP: ==================== C:\Users\dorma_000\AppData\Local\Temp\APNSetup.exe C:\Users\dorma_000\AppData\Local\Temp\Execute2App.exe C:\Users\dorma_000\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\dorma_000\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\dorma_000\AppData\Local\Temp\msvcp90.dll C:\Users\dorma_000\AppData\Local\Temp\msvcr90.dll C:\Users\dorma_000\AppData\Local\Temp\optprosetup.exe C:\Users\dorma_000\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-08 14:38 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by dorma_000 at 2015-03-13 13:17:36 Running from C:\Users\dorma_000\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated) Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated) Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer) Acer Games (HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated) Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ChrisPC Free Anonymous Proxy 5.40 (HKLM-x32\...\{6006089C-84B5-4F18-8113-D96792AED0DE}_is1) (Version: - Chris P.C. srl) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard) HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MyHarmony (HKU\S-1-5-21-4258198927-4012173705-4119787221-1002\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
  14. Hi all. I have a persistant adware hiding somewhere in a Win7 Pro 32bit, on domain. I've ran and removed several pua/pup using Malwarebytes, Adwcleaner, Ad-Aware, Spybot Search & Destroy and ComboFix. The pop-ups and browser hijacking have subsided again, for now, but all the files in the drivers/etc folder still have the file type as "JioniCoupon." Uh. I'm hoping someone can assist, I appreciate it! Attached: Addition log FRST log mbam log Hijackthis log Screenshot of affected files
  15. Hello Malwarebytes forum. I came to you guys with this problem not too long ago and it worked great but now it seems I'm infected again and this time I'm not quite sure what I have. On firefox, my search engine was changed to Yahoo without my permission, but only on Firefox. I checked my extensions and nothing seemed out of the ordinary. I checked my installed programs on my computer, and I found a lot of things from game explorer that I did not recognize but that was the only abnormality. I ran a virus scan on Malwarebytes, and it came up empty. Then ran a scan on Adwcleaner, and a few things came up that I'm not sure if I should delete them or not because I don't want to delete something I actually need. What should I do next?
  16. Like many others, I'm having the corrupt dllhost.exe * 32 multiple processes issues causing slowdown and trying to connect to fff5ee.com and some other miscellaneous, malicious IP, on a computer I'm needing to fix for someone. Any help would be appreciated, or if it doesn't need to be a custom fix, pointing me to the right pre-existing thread would work too! It also begs the question, would simply replacing dllhost.exe with a fresh version fix it? I've already ran a full scan. As of last night, nothing erroneous turns up in the results.
  17. Hi folks, My new HP Envy h8 desktop running Windows 8 x64 got a Sweetpacks hijacker and/or virus about two months ago. I've tried removing from many angles but still have symptoms. (Fake Acrobat install prompts popup on Chrome browser, Malwarebytes and other scanners found malicious items, IE seems hijacked, JRT can't remove some Sweetpacks registry entries, Malwarebytes was blocking outgoing and incoming IP connections from svchost, occasional crashes.) Any help would be much appreciated! ~ -------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Carly at 7:47:58 on 2013-05-26 #Option Extended Search is enabled. Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8129.4734 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\dwm.exe C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\atieclxx.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k apphost C:\windows\system32\dashost.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\taskhostex.exe C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\IDT\WDM\Beats64.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\explorer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Carly\Downloads\Windows-KB890830-x64-V4.20.exe c:\660293e94918c2eb3b7b8bed700f9a\mrtstub.exe C:\windows\system32\MRT.exe C:\Users\Carly\Downloads\SUPERAntiSpyware.exe C:\Users\Carly\Downloads\SUPERAntiSpyware.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\windows\system32\srtasks.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\sysWow64\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={87E291A5-B1EF-11E2-BE75-7054D2BEF601} mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned> TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\EVOLUE~1.LNK - C:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5B6E9225-6C91-4309-A559-7C325E769974} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{BAB48341-8840-4FC0-BB67-5240DEEEC25C} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-mPolicies-System: PromptOnSecureDesktop = dword:0 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-4-30 65336] R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-4-30 189936] R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-12-7 652344] R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-4-9 56336] R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-4-30 1025808] R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-4-30 378432] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-11-14 239616] R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-4-30 33400] R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-4-30 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-9 128896] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-9 165760] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-29 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-29 701512] R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-9 364416] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472] R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\windows\System32\Drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144] R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\windows\System32\Drivers\EvoMouseDriverMini.sys [2010-6-23 22584] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-21 110744] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-29 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 acsock;acsock;C:\windows\System32\Drivers\acsock64.sys [2013-4-29 107432] S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2013-5-11 31800] . =============== Created Last 60 ================ . 2013-05-26 11:25:08 -------- d-----w- C:\ProgramData\SUPERSetup 2013-05-26 11:25:03 -------- d-----w- C:\660293e94918c2eb3b7b8bed700f9a 2013-05-26 10:53:56 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-26 01:28:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-05-23 02:18:07 -------- d-----w- C:\Program Files\CCleaner 2013-05-19 19:37:59 659456 ----a-w- C:\windows\SysWow64\mssvp.dll 2013-05-15 17:37:44 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys 2013-05-15 15:52:55 861184 ----a-w- C:\windows\System32\drivers\http.sys 2013-05-15 15:52:54 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-05-15 15:52:54 2382336 ----a-w- C:\windows\SysWow64\esent.dll 2013-05-15 15:52:53 2851840 ----a-w- C:\windows\System32\esent.dll 2013-05-15 11:26:58 70144 ----a-w- C:\windows\System32\appinfo.dll 2013-05-15 11:26:58 112872 ----a-w- C:\windows\System32\consent.exe 2013-05-12 00:32:36 -------- d-----w- C:\Users\Carly\AppData\Local\VS Revo Group 2013-05-12 00:32:33 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys 2013-05-12 00:32:33 -------- d-----w- C:\ProgramData\VS Revo Group 2013-05-12 00:32:32 -------- d-----w- C:\Program Files\VS Revo Group 2013-05-12 00:04:08 -------- d-----w- C:\Users\Carly\AppData\Local\Pokki 2013-05-12 00:01:01 971680 ----a-w- C:\windows\System32\deployJava1.dll 2013-05-12 00:01:01 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll 2013-05-12 00:01:00 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2013-05-11 22:57:39 -------- d-----w- C:\Program Files (x86)\ESET 2013-05-11 21:54:11 -------- d-----w- C:\windows\ERUNT 2013-05-11 21:54:06 -------- d-----w- C:\JRT 2013-05-01 01:19:46 -------- d-----w- C:\Program Files (x86)\Common Files\IVA 2013-05-01 01:19:28 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance 2013-05-01 01:18:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\calibre 2013-05-01 01:06:11 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2013-05-01 01:06:06 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys 2013-05-01 01:06:06 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2013-05-01 01:06:05 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys 2013-05-01 01:06:04 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2013-05-01 01:05:53 41664 ----a-w- C:\windows\avastSS.scr 2013-05-01 01:05:45 -------- d-----w- C:\Program Files\AVAST Software 2013-05-01 01:04:41 -------- d-----w- C:\ProgramData\AVAST Software 2013-05-01 00:54:39 12872 ----a-w- C:\windows\System32\bootdelete.exe 2013-05-01 00:47:58 -------- d-----w- C:\ProgramData\HitmanPro 2013-04-30 23:57:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nuance 2013-04-30 23:56:38 -------- d-----w- C:\Users\Carly\AppData\Roaming\FLEXnet 2013-04-30 23:54:27 -------- d-----w- C:\ProgramData\Nuance 2013-04-30 23:54:27 -------- d-----w- C:\Program Files (x86)\Nuance 2013-04-30 23:49:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2013-04-30 23:45:50 -------- d-----r- C:\Users\Carly\eBooks 2013-04-30 23:41:31 -------- d-----w- C:\Users\Carly\AppData\Roaming\DAEMON Tools Lite 2013-04-30 23:39:38 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2013-04-30 00:00:36 -------- d-----w- C:\Users\Carly\.swt 2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Roaming\cYo 2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Local\cYo 2013-04-29 23:56:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Azureus 2013-04-29 23:56:16 -------- d-----w- C:\Program Files\ComicRack 2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nitro 2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\FileOpen 2013-04-29 23:50:49 -------- d-----w- C:\ProgramData\FileOpen 2013-04-29 23:50:36 29712 ----a-w- C:\windows\System32\nitrolocalmon2.dll 2013-04-29 23:50:36 17936 ----a-w- C:\windows\System32\nitrolocalui2.dll 2013-04-29 23:50:33 -------- d-----w- C:\ProgramData\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files\Common Files\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Nitro 2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro 2013-04-29 23:50:22 -------- d-----w- C:\Users\Carly\AppData\Roaming\Downloaded Installations 2013-04-29 23:35:50 -------- d-----w- C:\Program Files (x86)\Calibre2 2013-04-29 23:29:32 178688 ----a-w- C:\windows\SysWow64\unrar.dll 2013-04-29 23:29:30 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2013-04-29 20:35:24 -------- d-----w- C:\Program Files\Adblock Pro 2013-04-29 20:22:54 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-04-29 20:06:53 -------- d-----w- C:\Users\Carly\AppData\Local\MediaMonkey 2013-04-29 20:06:42 -------- d-----w- C:\Users\Carly\AppData\Roaming\MediaMonkey 2013-04-29 20:06:38 -------- d-----w- C:\ProgramData\MediaMonkey 2013-04-29 20:06:37 -------- d-----w- C:\Program Files (x86)\MediaMonkey 2013-04-29 19:29:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\Malwarebytes 2013-04-29 19:29:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-04-29 19:29:26 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-29 19:29:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-29 19:29:11 -------- d-----w- C:\Users\Carly\AppData\Local\Programs 2013-04-19 23:51:29 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-04-19 23:49:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-04-19 23:49:28 -------- d-----w- C:\Users\Carly\AppData\Local\Microsoft Help 2013-04-19 23:42:30 -------- d-----w- C:\Users\Carly\Tracing 2013-04-19 23:42:30 -------- d-----w- C:\Program Files (x86)\OCSetup 2013-04-19 23:07:47 -------- d-----r- C:\Program Files (x86)\Skype 2013-04-19 22:48:03 -------- d-----w- C:\Program Files\Evoluent 2013-04-19 21:57:51 -------- d-----r- C:\Users\Carly\Dropbox 2013-04-19 21:55:50 -------- d-----w- C:\Users\Carly\AppData\Roaming\Dropbox 2013-04-19 21:37:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-04-19 11:01:44 -------- d-----w- C:\Users\Carly\AppData\Roaming\ViStart 2013-04-19 10:46:00 -------- d-----w- C:\Users\Carly\AppData\Roaming\hpqLog 2013-04-19 10:39:44 -------- d-----w- C:\Users\Carly\AppData\Local\Symantec 2013-04-19 10:38:45 56272 ----a-w- C:\windows\System32\snacnp.dll 2013-04-19 10:34:38 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2013-04-19 10:34:35 -------- d-----w- C:\Program Files (x86)\LastPass 2013-04-19 02:14:00 109568 ----a-w- C:\windows\System32\dskquota.dll 2013-04-19 02:12:59 665600 ----a-w- C:\windows\SysWow64\KernelBase.dll 2013-04-19 01:11:14 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-04-19 01:11:13 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-04-19 01:01:51 -------- d-----w- C:\Users\Carly\AppData\Local\Google 2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Deployment 2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Apps 2013-04-19 01:00:09 -------- d-----w- C:\ProgramData\Symantec 2013-04-19 00:36:42 775216 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-04-19 00:35:59 945152 ----a-w- C:\windows\System32\resetengmig.dll 2013-04-19 00:32:37 -------- d-----w- C:\Users\Carly\AppData\Local\ElevatedDiagnostics 2013-04-19 00:32:14 -------- d-----w- C:\Users\Carly\AppData\Local\Diagnostics 2013-04-19 00:28:26 -------- d-----w- C:\Users\Carly\AppData\Local\Hewlett-Packard 2013-04-19 00:07:36 -------- d-----w- C:\Users\Carly\AppData\Local\ATI 2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Searches 2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Contacts 2013-04-19 00:04:50 -------- d-----w- C:\Users\Carly\AppData\Local\assembly 2013-04-19 00:04:26 -------- d-----w- C:\Users\Carly\AppData\Local\Power2Go8 2013-04-19 00:04:13 -------- d-----w- C:\Users\Carly\AppData\Local\VirtualStore 2013-04-15 11:02:04 334000 ----a-w- C:\windows\System32\RaCoInstx.dll 2013-04-15 11:02:04 2482960 ----a-w- C:\windows\System32\drivers\netr28x.sys 2013-04-10 01:20:58 -------- d-----w- C:\Program Files (x86)\SymSilent 2013-04-10 01:20:31 -------- d-----w- C:\ProgramData\Norton 2013-04-10 01:20:00 -------- d-----w- C:\ProgramData\NortonInstaller 2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DSETUP.dll 2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DSETUP.dll 2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DXSETUP.exe 2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DXSETUP.exe 2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\dsetup32.dll 2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\dsetup32.dll 2013-04-10 01:18:58 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DSETUP.dll 2013-04-10 01:18:58 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DXSETUP.exe 2013-04-10 01:18:58 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\dsetup32.dll 2013-04-10 01:18:56 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-04-10 01:18:38 -------- d-----r- C:\Program Files\Online Services 2013-04-10 01:14:40 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys 2013-04-10 01:14:40 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys 2013-04-10 01:14:40 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys 2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-04-10 01:12:29 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll 2013-04-10 01:12:29 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2013-04-10 01:12:29 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll 2013-04-10 01:08:20 -------- d-----w- C:\Program Files (x86)\HP Games 2013-04-10 01:07:35 -------- d-----w- C:\ProgramData\WildTangent 2013-04-10 01:07:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games 2013-04-10 01:07:21 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink 2013-04-10 01:06:51 -------- d-----w- C:\ProgramData\install_clap 2013-04-10 01:06:41 -------- d-sh--w- C:\$RECYCLE.BIN 2013-04-10 01:06:40 377344 ----a-w- C:\windows\System32\hpbrprtmon.dll 2013-04-10 01:06:40 355840 ----a-w- C:\windows\System32\hpbprtmon.dll 2013-04-10 01:06:40 170496 ----a-w- C:\windows\System32\hpbprtmonui.dll 2013-04-10 01:06:26 -------- d-----r- C:\Program Files (x86)\Online Services 2013-04-10 01:04:25 27456 ----a-w- C:\windows\System32\drivers\cpqdfw.sys 2013-04-10 01:03:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-04-10 01:03:14 -------- d-----w- C:\ProgramData\Ralink Driver 2013-04-10 01:03:08 -------- d-----w- C:\ProgramData\AMD 2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-04-10 01:03:07 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-04-10 01:02:52 -------- d-----w- C:\Program Files\ATI 2013-04-10 01:02:52 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-04-10 01:02:40 15168 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll 2013-04-10 01:02:25 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent 2013-04-10 01:02:10 -------- d-----w- C:\Program Files\IDT 2013-04-10 01:01:00 117248 ----a-w- C:\windows\System32\HPMUIDir.exe 2013-04-10 00:58:23 6102016 ----a-w- C:\windows\System32\stlang64.dll 2013-04-10 00:58:23 41664 ----a-w- C:\windows\System32\Beats64.exe 2013-04-10 00:58:23 224256 ----a-w- C:\windows\System32\HPToneCtrls64.dll 2013-04-10 00:58:23 1821184 ----a-w- C:\windows\System32\IDTNC64.cpl 2013-04-10 00:58:23 1664000 ----a-w- C:\windows\sttray64.exe 2013-04-10 00:58:23 -------- d-----w- C:\ProgramData\SoundResearch 2013-04-10 00:58:17 0 ----a-w- C:\windows\ativpsrm.bin 2013-04-10 00:58:15 -------- d-----w- C:\Program Files\Common Files\ATI Technologies . ==================== Find6M ==================== . 2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-04-30 00:16:16 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-30 00:16:16 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-04-30 00:16:16 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-04-09 23:17:44 2242048 ----a-w- C:\windows\System32\wininet.dll 2013-04-09 23:17:36 915968 ----a-w- C:\windows\System32\uxtheme.dll 2013-04-09 23:16:58 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-04-09 22:30:26 1767424 ----a-w- C:\windows\SysWow64\wininet.dll 2013-04-09 22:29:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll 2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll 2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe 2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys 2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll 2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll 2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll 2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll 2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe 2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe 2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe 2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe 2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe 2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe 2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll 2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll 2013-04-09 04:51:20 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll 2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll 2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll 2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll 2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll 2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll 2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll 2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll 2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll 2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll 2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll 2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll 2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll 2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll 2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll 2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll 2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll 2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll 2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll 2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll 2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll 2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll 2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll 2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll 2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll 2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll 2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl 2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys 2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys 2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys 2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys 2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys 2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys 2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys 2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys 2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys 2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll 2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll 2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll 2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe 2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe 2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe 2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe 2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll 2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi 2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe 2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe 2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi 2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll 2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll 2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll . ============= FINISH: 7:48:12.83 =============== ------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 4/18/2013 8:03:44 PM System Uptime: 5/26/2013 6:56:39 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AD5 Processor: Intel® Core i7-3770 CPU @ 3.40GHz | | 3401/25mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 912 GiB total, 778.246 GiB free. D: is FIXED (NTFS) - 18 GiB total, 2.29 GiB free. E: is Removable F: is CDROM (UDF) G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP7: 4/30/2013 8:24:26 PM - Sweetspots virus RP8: 5/11/2013 6:41:51 PM - Before registry edit to remove sweetpacks RP9: 5/15/2013 3:00:08 AM - Windows Update RP10: 5/19/2013 5:06:38 PM - Windows Update RP12: 5/26/2013 7:44:34 AM - Revo Uninstaller Pro's restore point - µTorrent . ==== Installed Programs ====================== . Adobe Photoshop Elements 11 Adobe Premiere Elements 11 Adobe Reader XI (11.0.03) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager avast! Free Antivirus calibre Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client ComicRack v0.9.168 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dragon NaturallySpeaking 12 Dropbox Elements 11 Organizer ESET Online Scanner v3 Evoluent Mouse Manager Google Chrome Google Drive Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Customer Experience Enhancements HP Postscript Converter HP Registration Service HP Support Information HydraVision IDT Audio Intel® Management Engine Components Intel® Trusted Connect Service Client Java 7 Update 21 Java 7 Update 21 (64-bit) Java Auto Updater K-Lite Codec Pack 9.9.0 (Basic) LastPass(uninstall only) Malwarebytes Anti-Malware version 1.75.0.1300 MediaMonkey 4.0 Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 Parser and SDK Nitro Reader 3 Photo Common Photo Gallery Pokki Pokki Download Helper PRE11 STI 64Installer PSE11 STI Installer Ralink RT5390R 802.11bgn Wi-Fi Adapter Recovery Manager Revo Uninstaller Pro 3.0.5 Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.3 Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VLC media player 2.0.6 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 5/26/2013 6:56:42 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 5/26/2013 6:45:32 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 6:45:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} 5/26/2013 3:38:46 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 3:00:01 AM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/26/2013 3:00:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB} 5/26/2013 2:22:10 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/25/2013 8:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service. 5/25/2013 8:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service. 5/25/2013 8:29:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service. 5/25/2013 8:29:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service. 5/25/2013 8:27:50 AM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Group Policy Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service. 5/25/2013 8:27:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service. 5/25/2013 8:27:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 5/25/2013 8:26:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/25/2013 10:20:11 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/24/2013 9:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 5/24/2013 9:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 5/24/2013 9:40:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service. 5/24/2013 9:40:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 5/19/2013 9:58:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/19/2013 8:46:04 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: DNS Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service. 5/19/2013 8:45:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 5/19/2013 8:45:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 5/19/2013 8:44:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service. 5/19/2013 8:18:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. . ==== End Of File ===========================
  18. I've managed to pick up some new Malware which isint being picked up by any of the scanners. I have some experience with malware removal in a sandbox; but as this is on my core system, and seems relatively new, I decided not to fiddle. I'll be awaiting instructions... Sorry about all the junk programs.... maybe its about time I re-install lol. I have the both DDS.txt and Attach.txt scans (in safe more), should I upload these?
  19. After i scan with Malwarebytes Anti-Malware™ i keep getting PIM hijacker and Malware.Packer.Gen. i removed it and told me that the systems needs to restart, and so it did. after it restarts i rescan again. same threats were found.. how do i remove it. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.17.03 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 PC :: SERVER [administrator] Protection: Enabled 17/03/2012 02:41:50 PM mbam-log-2012-03-17 (14-41-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 176437 Time elapsed: 4 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\qrrefq.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.