Jump to content

Search the Community

Showing results for tags 'windows 8'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Like others, I've spent multiple days trying to resolve this, both on my own and with tech support from LabTech/ConnectWise, as we push Malwarebytes Endpoint Security installations from within the LabTech/ConnectWise Automate MSP system to systems we manage remotely. Coincidentally, we have only experienced this issue with Anti-Exploit, as Anti-Malware seems to install just fine in the absence of .NET 3.5. What's worse: after installing Anti-Exploit, we can uninstall .NET 3.5 and Anti-Exploit continues to run normally (as far as we can tell). It appears that .NET 3.5 is only necessary DURING THE INSTALLATION, not for the execution of the actual Malwarebytes software! WHY USE .NET 3.5 AS A PREREQUISITE FOR INSTALLATION ONLY? Certainly, there must be a programmatic way to do whatever the installer requires using a newer version of .NET!!! While I fully appreciate the respect for copyright laws, I also KNOW that in my 32+ years in this industry, I have installed PLENTY of software that is intelligent enough to determine that Microsoft .NET 3.5 is not installed and ask if the user would like to install it or abort the software installation process. Microsoft makes the .NET 3.5 runtime installer available to software companies for redistribution and provides methods to run its online installer from the web, so copyright infringement here is NOT a valid excuse for failing to have a detect-and-install mechanism in place. See the details here: https://msdn.microsoft.com/en-us/library/xak0tsbd(v=vs.90).aspx. As a professional programmer, I also know that every decent, modern toolkit used for creating installation programs has the ability to check for prerequisites, then install them, make registry entries, run batch files, etc. if those prerequisites are not met on the target machines. There are some general guidelines for application developers in performing the correct steps to install .NET 3.5 on Win8.x or Win10.x machines here: https://msdn.microsoft.com/windows/compatibility/net-framework-4-5-is-default and here: https://msdn.microsoft.com/en-us/library/hh506443(v=VS.110).aspx. In the event the above steps cannot be executed for whatever reason on a particular computer (ex: no Internet access to download files), then the next-most-acceptable solution would be to provide more meaningful error messages and/or prompt the user to manually enable/install .NET 3.5 before gracefully exiting the Anti-Exploit installer. BOTTOM LINE: There are certainly more reasonable ways for the installation program to approach this issue than what is currently in place. However, for MSPs like myself who manage hundreds (or thousands) of computers remotely, this could easily be a deal-breaker that would send us to a competitor's product. Malwarebytes developers - PLEASE FIX THIS ASAP !!!
  2. For some reason a bunch of my posts were taken out of their respective topics and mushed into one kind of related topic, so I am reposting, with the specific questions that need to be addressed. Currently, any attempt to deploy to stock installs of Windows 8, Windows 8.1, and Windows 10 fail, whether the Malwarebytes management console is used, or the MSI package created using the console is deployed via other means (I have tried PDQ Deploy and Group Policy Software Installation). The root cause of this issue is a reliance on .NET 3.5, which is not activated by default on Windows 8+, and must be manually enabled on each machine you wish to deploy on. This is an issue for a number of reasons: There is no clear documentation, or indication provided in the installer, that the installer is not compatible with a base installation of Windows 8+ and that a manual change by the user is required. Instead, the installer tries (and fails) to install .NET 3.5, and provides no guidance. The installer fails without any indication of the source of the issue when silently deployed on a Win 8+ asset without .NET 3.5 Windows Feature being enabled (not a default setting) The console does not indicate the source of issues when failing to deploy to the affected OS's, leading the admin to pull their hair out, trying to figure out why the deployment is failing Automatic deployments based on variables such as OU, computer type, user, are not possible due to the installer failing due to the 3.5 requirement The installer does not include any way to enable the Windows Feature While it is possible to enable 3.5 using DISM, there is no ability to define a script to be run as part of the MSI that could enable the feature (you need to point to a source folder in order to use DISM) The only resolutions that I see at this point are as follows: Update the program to not rely on what is not a standard feature for 34% (and growing) of Windows PCs (https://analytics.usa.gov/) Update the installer to be able to enable the feature without user intervention At minimum, update the installer to alert the user that the feature must be manually enabled and provide helpful documentation as to how to enable if an incompatible OS is detected Provide a mechanism in the console to allow for the insertion of a custom command / script at the beginning of the installer for incompatible OS's that would allow us to enable the required feature The command would be "dism.exe /online /enable-feature /featurename:netfx3 /all /Source:PLACE_LOCATION_OF_OS-SPECIFIC_SOURCE_FOLDER\sxs /limitaccess" You would have to allow the ability to define each source directory for the different OS'ss Provide clear documentation that managed deployments to unsupported OS's are not possible just using the stock generated installer, without additional modifications to the OS's Update the failure notices in the console, or at least place in the OS that is detected, so that we know that the deployment has failed due to an unsupported OS, and how we can modify the OS to accept the installation. TIP FOR THOSE WHO JUST NEED TO GET THIS DONE and can't wait for MalwareBytes to catch up with 34% of the PCs out there. PDQ Deploy is free and able to deploy out batch scripts to PCs defined in multiple ways (works great with PDQ inventory to identify Windows PCs that meet various criteria, such as no malwarebytes, windows 8+)
  3. Hello helpful forum guides, I have just run into a major crash and reset my Lenovo G780 to factory default, thinking that it would clear everything off the computer, but it just crashed again and as I just loaded my Malwarebytes Anti-Malware Pro installation (from cd) trying to rebuild my installation, it installed but won't update. I get the following error message: Program error upating 404, 0, HTTPstatuscode..... Lenovo is running Windows 8 on 8gb of ram 64-bit Here are my logs from running Farbar: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015 Ran by sage (administrator) on NEWCHEESE (19-10-2015 19:59:19) Running from C:\Users\sage\Desktop\FIX Loaded Profiles: sage (Available Profiles: sage) Platform: Windows 8 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-21] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-21] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [443728 2010-12-20] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-04-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{37BF745F-72DB-4FF8-9A1D-873272B70377}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{C3FC4D55-E12F-4416-9C0E-48A59D95B6C4}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com SearchScopes: HKU\S-1-5-21-4261140362-3101362919-3132725976-1001 -> DefaultScope {8F11315E-C2E6-40C3-8DF4-5DD2E273DD17} URL = SearchScopes: HKU\S-1-5-21-4261140362-3101362919-3132725976-1001 -> {8F11315E-C2E6-40C3-8DF4-5DD2E273DD17} URL = DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} FireFox: ======== FF ProfilePath: C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default FF DefaultSearchEngine.US: Google FF Homepage: www.google.com FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF) FF Plugin HKU\S-1-5-21-4261140362-3101362919-3132725976-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File] FF Extension: HTTPS-Everywhere - C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default\Extensions\https-everywhere-eff@eff.org [2015-10-19] FF Extension: NoScript - C:\Users\sage\AppData\Roaming\Mozilla\Firefox\Profiles\7dcxwru8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-19] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-01] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [83968 2012-09-04] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [363344 2010-12-20] (Malwarebytes Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-01] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24152 2010-12-20] (Malwarebytes Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-19 19:27 - 2015-10-19 19:59 - 00000000 ____D C:\FRST 2015-10-19 18:52 - 2015-10-19 18:53 - 00000000 ____D C:\Users\sage\Desktop\tools 2015-10-19 18:46 - 2015-10-19 18:46 - 00000000 ____D C:\Users\ADMINI~1 2015-10-19 18:45 - 2015-10-19 18:45 - 00001944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk 2015-10-19 18:45 - 2015-10-19 18:45 - 00000000 ____D C:\Users\sage\AppData\Roaming\SumatraPDF 2015-10-19 18:45 - 2015-10-19 18:45 - 00000000 ____D C:\Program Files (x86)\SumatraPDF 2015-10-19 18:30 - 2014-05-14 18:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-10-19 18:30 - 2014-05-14 15:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-10-19 18:30 - 2014-05-14 15:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-10-19 18:30 - 2014-05-14 15:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll 2015-10-19 18:30 - 2014-05-14 15:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll 2015-10-19 18:29 - 2015-10-19 18:35 - 00000000 ____D C:\Users\sage\AppData\Local\Mozilla 2015-10-19 18:29 - 2015-10-19 18:29 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-10-19 18:29 - 2015-10-19 18:29 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Users\sage\AppData\Roaming\Mozilla 2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-19 18:29 - 2015-10-19 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-19 18:29 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-10-19 18:13 - 2015-10-19 18:13 - 00001279 _____ C:\Users\sage\Desktop\Revo Uninstaller.lnk 2015-10-19 18:13 - 2015-10-19 18:13 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-19 18:12 - 2015-10-19 19:37 - 00000000 ____D C:\Users\sage\Desktop\FIX 2015-10-19 18:12 - 2015-10-09 12:47 - 01682432 _____ C:\Users\sage\Desktop\adwcleaner_5.013.exe 2015-10-19 18:11 - 2015-10-14 17:05 - 34033992 _____ (Mozilla) C:\Users\sage\Desktop\Thunderbird Setup 38.3.0.exe 2015-10-19 18:11 - 2015-10-10 00:49 - 04184064 _____ (BrightFort LLC ) C:\Users\sage\Desktop\spywareblastersetup52.exe 2015-10-19 18:11 - 2015-10-09 12:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\sage\Desktop\revosetup.exe 2015-10-19 18:02 - 2015-10-19 19:55 - 00000000 ____D C:\Users\sage\AppData\Roaming\Nitro PDF 2015-10-19 18:02 - 2015-10-19 18:02 - 00000000 ____D C:\Users\sage\AppData\Roaming\Malwarebytes 2015-10-19 18:02 - 2015-10-19 18:02 - 00000000 ____D C:\Users\sage\AppData\Local\LSC 2015-10-19 18:01 - 2010-04-22 05:46 - 00065232 _____ (Malwarebytes) C:\Users\sage\Desktop\RegASSASSIN.exe 2015-10-19 17:58 - 2015-10-19 19:50 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4261140362-3101362919-3132725976-1001 2015-10-19 17:58 - 2015-10-19 17:58 - 00001070 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk 2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Roaming\LSC 2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Local\Adobe 2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN 2015-10-19 17:58 - 2015-10-19 17:58 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN 2015-10-19 17:56 - 2015-10-19 17:56 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk 2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-19 17:56 - 2015-10-19 17:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-10-19 17:56 - 2010-12-20 18:09 - 00038224 _____ (Malwarebytes Corporation) C:\windows\SysWOW64\Drivers\mbamswissarmy.sys 2015-10-19 17:56 - 2010-12-20 18:08 - 00024152 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-10-19 17:53 - 2015-10-19 17:58 - 00000000 ____D C:\Users\sage\AppData\Roaming\Adobe 2015-10-19 17:53 - 2015-10-19 17:53 - 00001445 _____ C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-10-19 17:53 - 2015-10-19 17:53 - 00000139 _____ C:\Users\Public\Desktop\eBay.url 2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\Documents\Bluetooth Exchange Folder 2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Roaming\Lenovo 2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Local\Broadcom 2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\ProgramData\Energy Management 2015-10-19 17:53 - 2015-10-19 17:53 - 00000000 ____D C:\ProgramData\eBay 2015-10-19 17:52 - 2015-10-19 17:55 - 00000000 ____D C:\Users\sage\AppData\Local\VirtualStore 2015-10-19 17:52 - 2015-10-19 17:53 - 00001133 _____ C:\Users\sage\Desktop\Cyberlink Power2Go.lnk 2015-10-19 17:52 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage\AppData\Local\Packages 2015-10-19 17:52 - 2015-10-19 17:53 - 00000000 ____D C:\Users\sage 2015-10-19 17:52 - 2015-10-19 17:52 - 00000020 ___SH C:\Users\sage\ntuser.ini 2015-10-19 17:52 - 2013-04-21 09:11 - 00000000 ____D C:\Users\sage\AppData\Roaming\Macromedia 2015-10-19 17:52 - 2013-04-21 09:07 - 00000000 ____D C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ___RD C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-19 17:52 - 2012-07-26 01:13 - 00000000 ____D C:\Users\sage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-10-19 17:52 - 2010-12-18 22:31 - 00000189 _____ C:\Users\sage\Desktop\Lenovo Telephony Start Now.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-19 19:47 - 2013-04-21 09:11 - 00000000 ____D C:\windows\System32\Tasks\Lenovo 2015-10-19 19:46 - 2012-07-26 00:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI 2015-10-19 19:29 - 2013-04-21 08:26 - 02018775 _____ C:\windows\WindowsUpdate.log 2015-10-19 19:18 - 2012-07-26 01:12 - 00000000 ____D C:\windows\AUInstallAgent 2015-10-19 19:04 - 2012-07-26 00:59 - 00000000 ____D C:\windows\CbsTemp 2015-10-19 19:02 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\sru 2015-10-19 18:56 - 2013-04-21 08:38 - 00000000 ____D C:\ProgramData\Intel 2015-10-19 18:56 - 2013-04-21 08:35 - 00000000 ____D C:\Program Files (x86)\Intel 2015-10-19 18:48 - 2013-04-21 09:06 - 00000000 ____D C:\Program Files (x86)\SugarSync 2015-10-19 18:47 - 2013-04-21 09:10 - 00000000 ____D C:\ProgramData\FreeRide Games 2015-10-19 18:47 - 2013-04-21 08:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-10-19 18:23 - 2013-04-21 09:11 - 00000000 ____D C:\ProgramData\McAfee 2015-10-19 18:23 - 2013-04-21 09:11 - 00000000 ____D C:\Program Files\mcafee 2015-10-19 18:23 - 2012-10-09 16:08 - 00022206 _____ C:\windows\PFRO.log 2015-10-19 18:23 - 2012-07-26 00:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-10-19 18:20 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\BBI 2015-10-19 18:15 - 2012-07-26 01:12 - 00000000 ___HD C:\windows\ELAMBKUP 2015-10-19 18:11 - 2012-07-26 00:21 - 00021487 _____ C:\windows\setupact.log 2015-10-19 17:55 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2015-10-19 17:53 - 2013-04-21 10:25 - 00100460 _____ C:\windows\modules.log 2015-10-19 17:52 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel 2015-10-19 17:52 - 2012-07-26 01:12 - 00000000 ____D C:\windows\WinStore 2015-10-19 17:50 - 2012-07-26 01:12 - 00000000 ____D C:\windows\rescache ==================== Files in the root of some directories ======= 2013-04-21 08:47 - 2013-04-21 08:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-21 09:13 - 2013-04-21 09:13 - 0000198 ____H () C:\ProgramData\Lenovo-4279.vbs Files to move or delete: ==================== C:\ProgramData\Lenovo-4279.vbs ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-10-09 16:08 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015 Ran by sage (2015-10-19 19:28:08) Running from C:\Users\sage\Desktop\FIX Windows 8 (X64) (2015-10-20 00:52:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4261140362-3101362919-3132725976-500 - Administrator - Disabled) Guest (S-1-5-21-4261140362-3101362919-3132725976-501 - Limited - Disabled) sage (S-1-5-21-4261140362-3101362919-3132725976-1001 - Administrator - Enabled) => C:\Users\sage ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo) Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.) Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo) Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla) Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-10-2015 18:13:47 Revo Uninstaller's restore point - McAfee Internet Security ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {116D5BDF-7EEF-41DF-8DBB-7002FF3785EF} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {182460AC-C6E7-4353-B4C2-8F6A84ADDE2C} - System32\Tasks\Lenovo\Lenovo-4279 => C:\ProgramData\Lenovo-4279.vbs [2013-04-21] () Task: {1DFBB644-095A-44CC-896D-5754AA177A36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo) Task: {32D11F64-C1F9-43B1-9E29-634877F48D90} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {39F60083-465E-4ECA-B31B-F27EB8052094} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {73337A2E-21DC-4930-A1DE-FB8AC343975C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {A1072B43-55C7-4D47-B5F9-20A7045B9F9F} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {CBD80462-021D-40F3-959D-72ACFBAE6CFB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-08] () Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2012-11-15 15:51 - 2012-11-15 15:51 - 00048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll 2013-04-21 09:17 - 2013-01-02 12:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-03-13 17:19 - 2013-02-04 22:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-21 08:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4261140362-3101362919-3132725976-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E5D64CD1-CDDE-49D3-9790-3E6A40A2D130}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{4C865D84-B9F2-40AE-9B69-5CCB749F8309}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{AFF7B360-8136-44A4-9626-3C0FA631914F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{1D5E233E-B62F-4A00-814A-9AFD0E142867}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{C6E5E6CC-CC9E-4F2A-A630-F0F7D73668DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{08CB98C0-7133-43C6-A8E9-CC21315E66E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY) Description: 1 Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY) Description: 0x7eThe specified module could not be found. Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY) Description: 1 Error: (10/19/2015 06:15:47 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY) Description: 0x7eThe specified module could not be found. Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac Error: (10/19/2015 05:52:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 System errors: ============= Error: (10/19/2015 06:23:19 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code. Error: (10/19/2015 05:53:25 PM) (Source: DCOM) (EventID: 10000) (User: newcheese) Description: "C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Platform.Service.RemoteProcess Error: (10/19/2015 05:47:00 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code. Error: (10/19/2015 05:44:55 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! ==================== Memory info =========================== Processor: Intel® Core i7-3520M CPU @ 2.90GHz Percentage of memory in use: 27% Total physical RAM: 8057.77 MB Available physical RAM: 5846.2 MB Total Virtual: 12665.77 MB Available Virtual: 10505.58 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:844.54 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.64 GB) NTFS Drive f: () (Removable) (Total:115.66 GB) (Free:72.06 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 526FC775) Partition: GPT. ======================================================== Disk: 1 (Size: 115.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ THANKS BIG for any help that can be rendered Much appreciation Sage
  4. i just bought a computer from the store and the salesman downloaded Apache OpenOffice by putting a USB in the computer. Maybe there was a virus in the folder as that moments onwards my computer was infected. There were multiple unknown programs installed including: eye perform, crossbrowse, oursurfing, cinemaplus, etc... I tried reinstalling windows and did a whole system reset but the advertisements came a week later. After that I tried uninstalling the programs but they did no effect or didn't allow me to stating that there were windows not closed concerning the program but I checked Task Manager and there were no open programs. Symptoms 1. When opening google chrome, I am redirected to an oursurfing site with advertisements on the screen. 2. Computer slows down 3. Whenever I turn on the computer, a Plus! site opens automatically. I tried a repair software but I am afraid it did more harm than good. What should I do? P.S. i have a remote desktop connection on the infected computer. And i am typing this in a separate computer.
  5. Antimalware release 2.1.8 sys driver crashes in windows 8, and causes blue screen on death with error code SYSTEM_SERVICE_EXCEPTION (tcpip). The mini dumpfile created by windows on crash identifies the sys driver of Antimalware as source of crash. I assume the solution is that Antimalwarebytes needs to update its driver. Or is there antother solution?
  6. Every time malwarebytes runs it finds three or four instances of searchscopes in IE in the registry. I can't get rid of it. There is nothing in my programs and features to uninstall. I've gone into the settings and extensions for IE and can't find anything. I have MWB delete them each time but next time it runs, it finds it. I've even tried to delete it from my registry, but it always comes back. If this isn't malware, why does MWB keep flagging it? How can I get rid of it for good??? Thanks,
  7. My Malwarebytes doesn't open. I've uninstalled it and reinstalled the free version. I do own the premium version and it still won't open. In the past, it's worked erratically and I don't know why. Is there some problem with Windows 8?
  8. No matter what I change my sleep settings to--screen off after 15 minutes, sleep after 20, etc., eventually they both get changed back to "Never". You can set them, click around in the control panel, then come back and see they changed. I've run several virus scans (Malwarebytes, Eset online, Bitdefender) and got nothing. I don't know if this is connected, but when I open the sleep settings from the "charm" menu on the right, once I've changed the settings I can't close the settings. I can close the window, it's gone from the task bar, but it shows up in file manager. This has been going on for a week or two, then today it started changing the power options from whatever I've set them to (high performance, custom, etc.) to "balanced." I'm running Windows 8.1 64 bit. Any ideas? I've posted in a couple of other forums and no one has even replied. I know it's off-topic, but I'm hoping the MBAM community can help. Thanks.
  9. Dear all, I was just wanting to play Colin Mcrae Rally 2005 and realised I needed to make it 64 bit/ windows 8 compatible, went online did some searching and I found out I needed to download some 3rd party programs. It looks like, they were not 100% legit and now my computer cannot boot, not even in safe mode, or safe mode with command prompt. When I boot up the computer now, it says, my motherboard screen, then "Preparing Automatic Repair", then "Diagnosing your PC". After it has done this it says Automatic Repair, your pc did not start correctly. It gives me 2 options, Restart or Advanced options. In adv. options I can continue (restarts the Repair, Troubleshoot which gives more options and turn off. In the advanced options of the advanced options I can use Startup settings (which to my attempts do not much), run Command Prompt, which for some reason Accesses my X:\ drive which is where I have CMR2005 installed and is where I applied both patches instead of my C:\ drive where windows is installed. From Adv. Adv. options I can System Restore, System Image Recovery and Start-Up repair. I have custom built PC, windows 8, up to date Drivers and up to date Avast (needing registration in 8 days). I do not mean to sound stupid, but I was trying to Run original CMR2005.exe, so I put it on Admin and win 2000 compatibility and then when I replaced the suspect viral files, it kept the same commands, which meant it ran in Administrator mode, I do not know if that is any worse, but may be helpful. Please aid me, I really want my computer back up and running, and it would be great to have some friendly help! The Suspects: I am not asking you to download these and give them a go yourselves, but knowing the source might aid a little. Link to website I believe to have gotten it from: Pretty sure is the top one http://www.ausgamers.com/files/download/19192/colin-mcrae-rally-2005-patch-v11-for-win64 ^ this one because it installed the patch and then asked me to reboot my pc v this one because it was the other patch I installed at the time: http://www.gamershell.com/download_7141.shtml Thanks in advance Alex.
  10. I downloaded the trial version last week. I ran a complete scan and quaranteened then removed all the malware found. After I restarted the computer I tried logging into my wife's account to check something and it would only allow me to log in as a temporary user. This happened to all the user accounts. Also, I remember that after restarting my PC and logging into my account, which is an admin account, the desktop was blank and all my tiles were gone. I restarted again and logged in and it seemed okay. This is after running MB. The PC was okay till after I ran the scan and repair. Here are the scan and protection logs. I have since had to go in and delete the profile registry keys for the users and reload data into the profiles. Luckily I saved data before I took actions. I am about 95% convinced that MB did something to the registry profiles. If not perhaps there is another explanation but I can't find it. If so, then perhaps the logs will show where the action took place. I still have two profiles that are affected and have not been changed yet. It seems that a .bak extension is added to the profile each time it's accessed for the first time post MB cleaning. I should note that after the scans a "winspeed.dll" malware warning kept coming up. I tried uninstalling but it didn't seem to work. However, the alert has not come up again. Thanks, Ray Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/8/2014 Scan Time: 8:01:29 AM Logfile: scan log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.03.04.09 Rootkit Database: v2014.08.21.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Ray Scan Type: Threat Scan Result: Completed Objects Scanned: 404666 Time Elapsed: 17 min, 11 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 27 PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, No Action By User, [fa4fa857d3a7a88e16be802bf80b1de3], PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\Savings Bull, Quarantined, [301918e7dd9d06305ada523ecc36c13f], PUP.Optional.SavingsBull.A, HKLM\SOFTWARE\SavingsBull Filter, Quarantined, [0b3e7788156576c0ed48d0c0da28c53b], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [3118d22d65154de90339cbc3b84aaa56], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [07423bc45624a5911716cac67f834ab6], PUP.Optional.DiscountBuddy.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Discount Buddy, Quarantined, [6cdda7586e0c6acce7da7d118e7424dc], PUP.Optional.DiscountBuddy.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Discount Buddy, Quarantined, [c386b44ba7d3ef47b8095539c83af808], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3d0c3fc0e4965adc1266464ef11110f0], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [1d2ccd32f68485b1def02882659e6d93], PUP.Optional.DiscountBuddy.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Discount Buddy, Quarantined, [59f01ae53149a6908f32484632d03cc4], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [5aef9a656c0e88ae6c0ce3b14eb43ec2], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, Quarantined, [0049fe01b4c6a0964b446f40c63d13ed], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [2128a35c5a2012241eb001a9a261df21], PUP.Optional.DiscountBuddy.A, HKU\S-1-5-21-3748488648-554500065-4198442108-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Discount Buddy, Quarantined, [c28748b7a2d815217c45890590725da3], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{632D51D4-67C3-40CA-8A7E-D1E93E80B005}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{96B4DEA0-F89C-475C-8124-B247260B7CB5}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{632D51D4-67C3-40CA-8A7E-D1E93E80B005}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{632D51D4-67C3-40CA-8A7E-D1E93E80B005}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B74443DB-5A88-4583-860A-F0D06EF399E3}, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysearchdial, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], Registry Values: 2 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1N1M, Quarantined, [1d2ccd32f68485b1def02882659e6d93] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, Quarantined, [2128a35c5a2012241eb001a9a261df21] Registry Data: 1 PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3748488648-554500065-4198442108-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=suma_14_24_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0BtAyD0EyDtCtA0B0A0BtN0D0Tzu0SzzzytBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0Dzy0AyBtAtCzztG0DtDyEzytGyC0D0EyEtG0DyByCyCtGtBtBzy0EyB0CyDyC0F0F0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtA0E0F0EzztCtGzy0FtD0BtG0F0CyBtCtGyEtC0AzztGtCzztDyDtByB0A0F0B0CtBtD2Q&cr=784676162&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=suma_14_24_ie&cd=2XzuyEtN2Y1L1QzuyBzz0EtA0ByD0BtAyD0EyDtCtA0B0A0BtN0D0Tzu0SzzzytBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0Dzy0AyBtAtCzztG0DtDyEzytGyC0D0EyEtG0DyByCyCtGtBtBzy0EyB0CyDyC0F0F0Dzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtA0E0F0EzztCtGzy0FtD0BtG0F0CyBtCtGyEtC0AzztGtCzztDyDtByB0A0F0B0CtBtD2Q&cr=784676162&ir=),Replaced,[63e6cd329cde47ef3c6f8ea063a1f10f] Folders: 8 Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [fb4e639c08725bdb64783343bd45e41c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.Adpeak, C:\Program Files\Level Quality Watcher\v1.01, Quarantined, [4702b24d54260b2b96dd6a1ee22056aa], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0\bh, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], Files: 21 PUP.Optional.SafeInstall.A, C:\Users\Oliver\AppData\Roaming\.minecraft\dl-7zip_bimo-base.exe, Quarantined, [ea5fcf3022583bfb5437dcb28879bb45], PUP.Optional.SafeInstall.A, C:\$Recycle.Bin\S-1-5-21-3748488648-554500065-4198442108-1009\$RSMT8Q1.exe, Quarantined, [5bee7b84d0aa2e082c5f6e20a45d7888], PUP.Optional.SafeInstall.A, C:\Users\Oliver\Downloads\dl-7zip_bimo-base.exe, Quarantined, [1534a45b51299d994348c3cb49b8c33d], PUP.Optional.SafeInstall.A, C:\Users\The boys\Downloads\7zip_bimo.exe, Quarantined, [59f03dc22c4efa3ca6e51e70837e1fe1], PUP.Optional.OptimumInstaller.A, C:\Users\The boys\Downloads\Setup.exe, Quarantined, [0d3cce311f5b7cba04ada1ee4bb67789], PUP.Optional.SearchProtection.A, C:\Users\Ray\AppData\Roaming\Search Protection\SearchProtection.exe, Quarantined, [59f0ae51acce9e9809e195ff6999c040], PUP.Optional.ArcadeParlor.A, C:\Windows\Tasks\ArcadeParlor.job, Quarantined, [4efbc738e3977eb8ce5bc8f831d213ed], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc\config.dat, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc\info.dat, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc\STTL.DAT, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc\TTL.DAT, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe, Quarantined, [f8513fc07505e84ebdc0058145bda45c], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor\ap.config, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor\Arcadeparlor.dll, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor\broker.exe, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor\removal.exe, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.ArcadeParlor.A, C:\Users\Oliver\AppData\Local\ArcadeParlor\versioncheck.exe, Quarantined, [84c5788746346bcbb2291473cc368d73], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0\FavIcon.ico, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0\Sqlite3.dll, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0\uninst.dat, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], PUP.Optional.MySearchDial.A, C:\Users\The boys\AppData\Local\Mysearchdial\1.8.29.0\uninstall.exe, Quarantined, [52f7ab54c8b238fe4c380e7c07fb6b95], Physical Sectors: 0 (No malicious items detected) (end) Protection LOG: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 9/8/2014 8:00:43 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, Starting, Protection, 9/8/2014 8:00:43 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, Started, Protection, 9/8/2014 8:00:43 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 8:00:44 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Update, 9/8/2014 8:00:48 AM, SYSTEM, OFFICEPC8, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, Error, 9/8/2014 8:01:13 AM, SYSTEM, OFFICEPC8, Manual, 0, Protection, 9/8/2014 8:01:13 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Starting, Error, 9/8/2014 8:01:13 AM, SYSTEM, OFFICEPC8, Manual, 0, Protection, 9/8/2014 8:01:13 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 8:01:13 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopped, Protection, 9/8/2014 8:01:17 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Success, Protection, 9/8/2014 8:01:17 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 8:01:17 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Protection, 9/8/2014 8:01:29 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Starting, Protection, 9/8/2014 8:01:29 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 8:01:29 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopped, Protection, 9/8/2014 8:01:34 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Success, Protection, 9/8/2014 8:01:34 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 8:01:34 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Detection, 9/8/2014 8:08:40 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, C:\Users\Aleksander\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Detection, 9/8/2014 8:09:26 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:09:26 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:09:26 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:10:35 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:10:36 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:10:36 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:11:19 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:11:19 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:11:19 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:12:15 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:12:15 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:12:15 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:13:01 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:13:01 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:13:01 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:13:46 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:13:46 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:13:46 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:14:32 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:14:32 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:14:32 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:15:15 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:15:15 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:15:15 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:18:23 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:18:23 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:18:23 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:19:12 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:19:12 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:19:12 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:19:52 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:19:52 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:19:52 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:20:05 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:20:05 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:20:05 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:20:32 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:20:32 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:20:32 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:20:41 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:20:41 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:20:41 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:20:48 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:20:48 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:20:48 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:20:52 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:20:52 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:20:52 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:21:28 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:21:28 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:21:28 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:22:42 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:22:43 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:22:43 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:27:46 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:27:46 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:27:46 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Detection, 9/8/2014 8:28:26 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, PUP.Optional.Updater, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Quarantine, [0346936c80fa063000c404901de560a0] Protection, 9/8/2014 8:28:26 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Error, 9/8/2014 8:28:26 AM, SYSTEM, OFFICEPC8, Protection, SDKQuarantine, 2, Failed, c:\users\aleksander\appdata\roaming\digitalsites\updateproc\updatetask.exe, Protection, 9/8/2014 8:41:19 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, Starting, Protection, 9/8/2014 8:41:19 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, Started, Protection, 9/8/2014 8:41:19 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 8:41:20 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Update, 9/8/2014 8:47:16 AM, SYSTEM, OFFICEPC8, Scheduler, Malware Database, 2014.3.4.9, 2014.9.8.2, Protection, 9/8/2014 8:47:18 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Starting, Protection, 9/8/2014 8:47:18 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 8:47:18 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopped, Protection, 9/8/2014 8:47:24 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Success, Protection, 9/8/2014 8:47:24 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 8:47:24 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Detection, 9/8/2014 8:50:31 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:50:32 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:50:32 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:50:53 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:50:53 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:50:53 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:50:59 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:50:59 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:50:59 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:04 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:04 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:04 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:08 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:08 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:08 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:12 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:12 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:12 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:15 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:15 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:15 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:20 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:21 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:21 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:27 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:27 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:27 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:33 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:33 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:33 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:36 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:37 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:37 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:40 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:40 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:40 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:44 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:44 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:44 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:48 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:48 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:48 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:52 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:52 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:52 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:51:57 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:51:57 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:51:57 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:52:02 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:52:02 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:52:02 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 8:52:05 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 8:52:05 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 8:52:05 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:01:18 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:01:18 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:01:18 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:16:46 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:16:46 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:16:46 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:25:29 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:25:29 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:25:29 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:25:42 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:25:42 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:25:42 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:25:50 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:25:50 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:25:50 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:25:53 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:25:53 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:25:53 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:25:58 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:25:59 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:25:59 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:26:15 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:26:15 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:26:15 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:26:24 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:26:25 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:26:25 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:26:36 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:26:36 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:26:36 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:27:02 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:27:02 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:27:02 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:27:18 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:27:18 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:27:18 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Detection, 9/8/2014 9:27:21 AM, SYSTEM, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [87ab94570c6f76c0cf94f7bf837ec739] Protection, 9/8/2014 9:27:22 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:27:22 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Update, 9/8/2014 9:29:36 AM, SYSTEM, OFFICEPC8, Manual, Malware Database, 2014.9.8.2, 2014.9.8.3, Protection, 9/8/2014 9:29:38 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Starting, Protection, 9/8/2014 9:29:38 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 9:29:38 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopped, Protection, 9/8/2014 9:29:44 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Success, Protection, 9/8/2014 9:29:44 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 9:29:45 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Detection, 9/8/2014 9:42:05 AM, Ray, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [2a098d5e47348aac0e56991d16ebec14] Protection, 9/8/2014 9:42:05 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:42:05 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Update, 9/8/2014 9:43:40 AM, SYSTEM, OFFICEPC8, Scheduler, Malware Database, 2014.9.8.3, 2014.9.8.4, Protection, 9/8/2014 9:43:40 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Starting, Protection, 9/8/2014 9:43:40 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 9:43:40 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Stopped, Protection, 9/8/2014 9:43:46 AM, SYSTEM, OFFICEPC8, Protection, Refresh, Success, Protection, 9/8/2014 9:43:46 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 9:43:46 AM, SYSTEM, OFFICEPC8, Protection, Malicious Website Protection, Started, Detection, 9/8/2014 9:54:03 AM, Ray, OFFICEPC8, Protection, Malware Protection, File, Trojan.SProtector, C:\ProgramData\WinSpeed\WinSpeed.dll, Quarantine, [8da735b67506ff37caba476fa45de719] Protection, 9/8/2014 9:54:03 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, Error, 9/8/2014 9:54:03 AM, SYSTEM, OFFICEPC8, Protection, DeleteFile, 5, Failed, C:\ProgramData\WinSpeed\WinSpeed.dll, (end) scan log.txt protection log.txt
  11. Hi there I am having problems with my windows 8 not downloading malwarebytes and other programs. I recieve a message saying this system cannot run this app please contact the software administrator. I have followed the instructions and downloaded the farbar recovery tool and followed through with the scan and have copies of the FRST.txt and ADDITION.txt see attached. I thank you soooooo much for your help. Farbar scan ADDITION.txt
  12. Over the last few weeks while browsing items on the net I have had many sites not formatting correctly (Particularly banking sites) and so have not been using them on this PC. Today I was having issues logging into Dropbox and so decided to go the the task manager and see if I could figure out the problem. I came across some interesting processes so decided to use CCleaner to check start up programs. I did not find anything there but when I went on to check the registry (also using CCleaner) I found a suspicious looking item. When I went to google to look up this item I found many site refering to the process as part of a Back Door Trojan. The items were: URLRedirection.URLRedirectionBHO URLRedirection.URLRedirectionBHO(1) I decided to start scanning for issues. I used my Anti-Virus (Webroot) and Malwarebytes (free version) and have not found anything with either I've read that this could be a backdoor infection? I am unsure what to do... I've read that ComboFix could help, but I've been reluctant to try it since I've also read that it can be dangerous when used by non-professionals. Any help anyone could give me would be most appreciated! I'm by no means computer illiterate, but when I start to read about hidden files and rootkits in drivers, I find myself a bit lost. Thanks in advance, Also here is some information to help get things started FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by Jason (administrator) on HOME on 28-04-2014 20:50:53 Running from C:\Users\Jason\Downloads Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Webroot) C:\Program Files\Webroot\WRSA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.) HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Agomo] => C:\Program Files (x86)\Agomo\Agomo.exe [2111256 2014-04-28] (Piriform) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Run: [Fitbit Connect] => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-818747085-208782630-2158677018-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20548256 2013-10-21] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Carley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.broadviewsoftware.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.broadviewsoftware.com%2fowa&reason=0 SearchScopes: HKLM - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - {F40D7961-40C2-440A-B1BA-EA5D4BA4613D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKCU - {04FCE88C-BD9D-4874-B7F0-916B3262C605} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=20C79B1A-D45F-4C84-819B-8306A4E7B202&apn_sauid=6F4E98A5-32C4-4826-948E-4ED390E8D9E4 BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 mpa.one.microsoft.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\lcqfrels.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-02] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Extension: (Media Hint) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-12-05] CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06] CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06] CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06] CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06] CHR Extension: (Hola Better Internet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-05] CHR Extension: (Webroot Filtering Extension) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-05] CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Webroot Password Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-06-28] CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30] CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-06-28] ==================== Services (Whitelisted) ================= S2 AgomoService; C:\Program Files (x86)\Agomo\AgomoClient.exe [13562136 2014-04-28] (Piriform) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [766040 2014-04-19] (Webroot) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S4 DNE; C:\Windows\system32\DRIVERS\dne64x.sys [161368 2011-08-04] (Citrix Systems, Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-29] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) S3 NxDrv; C:\Windows\system32\DRIVERS\NxDrv.sys [24264 2012-11-04] (SonicWALL Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-29] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-04-19] (Webroot) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider) R3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] S3 SWVNIC; \SystemRoot\system32\DRIVERS\swvnic.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-28 20:50 - 2014-04-28 20:51 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt 2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST 2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe 2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink 2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle 2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 20:07 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-28 20:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-28 20:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-28 20:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-21 19:31 - 2014-04-21 19:45 - 00000000 ____D () C:\Users\Jason\DesignerVista 2014-04-21 19:30 - 2014-04-28 20:25 - 00000000 ____D () C:\Program Files (x86)\DesignerVista 2014-04-21 19:23 - 2014-04-21 19:28 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder 2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment 2014-04-19 21:44 - 2014-04-24 22:41 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net 2014-04-19 21:44 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-19 21:40 - 2014-04-19 21:41 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 19:39 - 2014-04-19 19:43 - 00004876 _____ () C:\Users\Jason\Desktop\save.log 2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-19 19:15 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-19 19:15 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-04-19 19:15 - 2014-03-10 06:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-04-19 19:15 - 2014-03-10 06:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-04-19 19:15 - 2014-03-06 05:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-19 19:15 - 2014-03-06 05:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-04-19 19:15 - 2014-03-06 02:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-04-19 19:15 - 2014-03-06 02:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe ==================== One Month Modified Files and Folders ======= 2014-04-28 20:51 - 2014-04-28 20:50 - 00026129 _____ () C:\Users\Jason\Downloads\FRST.txt 2014-04-28 20:50 - 2014-04-28 20:50 - 00000000 ____D () C:\FRST 2014-04-28 20:50 - 2013-06-28 18:20 - 00000000 ____D () C:\ProgramData\WRData 2014-04-28 20:48 - 2014-04-28 20:48 - 02061824 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe 2014-04-28 20:32 - 2013-08-13 19:09 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-04-28 20:32 - 2013-08-13 19:09 - 00000000 ____D () C:\Program Files\CCleaner 2014-04-28 20:31 - 2014-04-28 20:31 - 04745984 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup413.exe 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Public\Documents\CyberLink 2014-04-28 20:29 - 2014-04-28 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CyberLink 2014-04-28 20:29 - 2013-06-06 22:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-818747085-208782630-2158677018-1002 2014-04-28 20:27 - 2013-03-25 09:59 - 00000000 ____D () C:\ProgramData\CyberLink 2014-04-28 20:26 - 2013-05-25 16:23 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-28 20:25 - 2014-04-21 19:30 - 00000000 ____D () C:\Program Files (x86)\DesignerVista 2014-04-28 20:20 - 2014-04-28 20:20 - 17931952 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2014-04-28 20:20 - 2014-01-17 23:32 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-04-28 20:20 - 2014-01-17 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-28 20:18 - 2013-05-25 16:23 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-28 20:10 - 2014-04-28 20:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Oracle 2014-04-28 20:08 - 2013-10-10 20:25 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-28 20:07 - 2014-04-28 20:07 - 00004129 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-28 20:07 - 2014-04-28 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 20:07 - 2013-10-10 20:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-28 20:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-28 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\security 2014-04-28 19:53 - 2013-05-25 16:23 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-28 19:52 - 2013-12-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Agomo 2014-04-28 19:52 - 2013-05-25 16:23 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-24 22:41 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Local\Battle.net 2014-04-21 21:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-04-21 20:55 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-21 19:45 - 2014-04-21 19:31 - 00000000 ____D () C:\Users\Jason\DesignerVista 2014-04-21 19:45 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Jason 2014-04-21 19:40 - 2013-08-13 20:54 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-04-21 19:39 - 2013-12-29 20:09 - 00000761 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2014-04-21 19:39 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-21 19:28 - 2014-04-21 19:23 - 00000000 ____D () C:\Users\Jason\Desktop\BroadView Work Folder 2014-04-21 19:27 - 2013-11-14 03:28 - 00820548 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-20 04:35 - 2013-12-29 19:58 - 00000000 ____D () C:\Users\Carley 2014-04-20 04:33 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-19 21:45 - 2014-04-19 21:45 - 00000000 ____D () C:\Users\Jason\AppData\Local\Blizzard Entertainment 2014-04-19 21:45 - 2014-04-19 21:44 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2014-04-19 21:44 - 2014-04-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-19 21:41 - 2014-04-19 21:40 - 07583696 _____ (Blizzard Entertainment) C:\Users\Jason\Downloads\Diablo-III-Setup-enUS.exe 2014-04-19 21:04 - 2013-06-29 12:49 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-04-19 20:35 - 2013-11-14 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-04-19 20:34 - 2013-06-06 22:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 19:52 - 2014-01-16 00:03 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\QuickScan 2014-04-19 19:43 - 2014-04-19 19:39 - 00004876 _____ () C:\Users\Jason\Desktop\save.log 2014-04-19 19:23 - 2013-06-28 18:20 - 00154248 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll 2014-04-19 19:23 - 2013-06-28 18:20 - 00115680 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys 2014-04-19 19:23 - 2013-06-28 18:20 - 00105320 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 19:17 - 2013-06-06 21:52 - 00000000 ___RD () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 19:15 - 2014-04-19 19:15 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-19 19:14 - 2014-04-19 19:14 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-19 19:13 - 2013-05-25 16:23 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-19 19:13 - 2013-05-25 16:23 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-19 19:04 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-04-14 20:13 - 2014-04-28 20:07 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-28 20:07 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-28 20:07 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-28 20:07 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-05 00:09 - 2014-04-05 00:09 - 04787368 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup412.exe 2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-05 00:03 - 2013-12-07 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-04 20:38 - 2013-12-07 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-03-31 17:23 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-31 17:23 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 21:16 - 2014-04-19 19:15 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-30 19:57 - 2014-04-19 19:15 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll Files to move or delete: ==================== C:\Users\Carley\CTX.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-12 00:34 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014 Ran by Jason at 2014-04-28 20:51:40 Running from C:\Users\Jason\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Agomo (HKLM-x32\...\Agomo) (Version: 1.0.0.5302 - Piriform) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 5.0 - Bastien Mensink - A Must in Every Office BV) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel) Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.10.104 - Skype Technologies S.A.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD Quick View (HKLM-x32\...\{455EC32F-4157-438D-9E3A-40E93B09FC3C}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{01b19ee2-f793-4fda-8aab-60fa495c4869}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 05-04-2014 00:38:45 Windows Modules Installer 18-04-2014 15:18:45 Windows Update 21-04-2014 23:29:44 Installed DesignerVista 29-04-2014 00:06:48 Installed Java 7 Update 55 ==================== Hosts content: ========================== 2012-07-26 01:26 - 2013-11-14 10:16 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 mpa.one.microsoft.com ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {33C91E20-82F7-48CE-BA1C-91E948B6974C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.) Task: {34A47C74-6E77-44D1-AF08-8C3D6D30CA10} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {40FCE3AA-36BD-423B-B6AD-420B1C692E1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5114689A-8C50-4887-B1DA-25B195C5969C} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated) Task: {52351A25-7DFA-4F3F-9158-68BBBB1A7EB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-04-19] (Microsoft Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {73C921C1-D44F-4593-BE1B-A3AD6CFCCFE7} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.) Task: {753AE097-3E31-489B-9FA8-43863A9F99A1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {830EE15C-824E-419E-A013-C46DED12DCAC} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMMJJMNJKJNJPMJJJJCNHMIMHMLMCNLMIMHMOJCNNJMJJJMMCNMMIMLMNMLJJMIMPMNJLMIMLMJNJICMIMCNGMCNOMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMFMOMMMJNHICMEKMICNJJCKJNBJCMFLOJMIAJBJPNMLDJOJNIEJJNKJCMJNNICMJNDJCMKJBJ" Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A0929775-F303-4633-AB3F-D45404DFE6D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-19] (Microsoft Corporation) Task: {A1EDD439-C521-44FB-A2A2-97E0EC86FDB9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated) Task: {A8F65224-685E-49DF-8E72-19F7C9CA6AF7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {AEDFDF6D-6944-4A0F-A038-F47B4EA07EFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation) Task: {B91370F7-8614-4605-8A14-E88A394911D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {C9912E22-5B72-4CFE-A972-4C85419BB900} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {ED54EC6F-A39A-45C0-B784-3B2C5586127F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-19 20:32 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-06-06 22:47 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2013-03-25 10:02 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-03-19 20:34 - 2014-04-19 20:10 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-03-12 02:52 - 2014-03-12 02:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\16d775b1ea12cb97ca0cc77cde8e9fd8\PSIClient.ni.dll 2013-03-25 09:52 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-04-19 19:58 - 2014-04-19 19:58 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Syst06DF097A:$WIMMOUNTDATA AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade AlternateDataStreams: C:\Users\Jason\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2014 08:23:18 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1264 Start Time: 01cf633fa728c17a Termination Time: 62 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 72901b54-cf34-11e3-beb3-606c66166da8 Faulting package full name: Faulting package-relative application ID: Error: (04/28/2014 07:52:48 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/24/2014 09:03:55 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/22/2014 09:44:01 PM) (Source: Perflib) (User: ) Description: rdyboost4 System errors: ============= Error: (04/28/2014 08:19:11 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2014 08:17:36 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/28/2014 08:13:13 PM) (Source: Service Control Manager) (User: ) Description: The Agomo service terminated unexpectedly. It has done this 2 time(s). Error: (04/28/2014 07:55:16 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/28/2014 07:51:16 PM) (Source: Service Control Manager) (User: ) Description: The Agomo service terminated unexpectedly. It has done this 1 time(s). Error: (04/24/2014 09:06:59 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/22/2014 09:47:02 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (04/22/2014 09:43:48 PM) (Source: BTHUSB) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: %%1053 Error: (04/21/2014 07:42:03 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Microsoft Office Sessions: ========================= Error: (04/28/2014 08:23:18 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.5186126401cf633fa728c17a62C:\Program Files (x86)\Mozilla Firefox\firefox.exe72901b54-cf34-11e3-beb3-606c66166da8 Error: (04/28/2014 07:52:48 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8375 Error: (04/24/2014 10:45:49 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/24/2014 09:03:55 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7484 Error: (04/22/2014 10:47:50 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/22/2014 09:44:01 PM) (Source: Perflib)(User: ) Description: rdyboost4 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8061.27 MB Available physical RAM: 6072.64 MB Total Pagefile: 16253.27 MB Available Pagefile: 14232.25 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.19 GB) (Free:534.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: FAAC2938) Partition: GPT Partition Type. ==================== End Of Log ============================
  13. Updated malware bytes, non-beta, this morning and let it run a scan on my kids windows 8 laptop. After removing all recommended items, I get an error when trying to connect to anything online: Unable to connect to property server. WIndows 8 and malware byte versions are up to date as of this morning. All I can find even close to this issue are related to windows home server and not windows 8. Could it be possible that malware bytes deleted something the prevents all internet connetions?
  14. Hello, I am not sure how to describe the problem I am having right now. But I am trying to :-) Yesterday I try to install a programm called jpg converter but I got lots of unwanted program installed in my laptop in a second. Now, its giving me problem like taking control of my control panel, I can't uninstall the program. Trying to uninstall/remove but its not working. Can you help, please. OS: Windows 8 Dell laptop Please help, there is lots of my important doc on my pc. Thanks in advance Murshid
  15. Hello, my comp info: Windows 8.1 Pro / 64bit / google chrome Version 32.0.1700.102 m I've read many forums dealing with this problem. I am trying to use my normal google browser but this " http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch " comes up instead EVERY time... I have uninstalled google chrome many times and reinstalled. It does not work..! I notice an issue with this "spigot" thing that people are mentioning. I downloaded anti malware softwares and what not but I can't seem to get rid of the problem (don't understand either). I don't see the spigot name anywhere any more but my browser keeps changing. I would like the help of one of you professionals PLEASE. Let me know all of the info you need. I have: Malwarebytes, adwcleaner, ccleaner, roguekiller, and security check downloaded...
  16. I got redirected to a suspected dodgey version of a bitcoin site (real site is .com this one identified itself as .cloudnet) Since then (few hours later) no apps would connect to the internet. Chrome would say could not connect to proxy, I don't use a proxy. Tor would connect though but that's because it uses its own proxy, not the system one. USB memory sticks have been acting weird too. I've been getting the 'this USB has a problem click to fix' error and an I/O error due to an invalid system string or application request. The laptop is pretty high spec and used to boot up in a flash and be very responsive. Now for the last day or so it's booting up slower, apps are slower and general response is sluggish. I've ran malware bytes on it in safe mode and nothing has come up. Would should I do next as I can get most of my data off. It's an HP laptop running Windows 8 Standard Edition x64. Cheers
  17. When i run Malwarebytes using windows 8 it says file: windows/syswow64/rund1132.exe is a PUP and when I select to have it removed it says it was successfully removed but when I restart and run malwarebytes again it is still there. Any ideas on what to do?
  18. I have a Toshiba P850 with Windows 8 loaded with Norton 360.. which is why I'm baffled how MBAM found a list of PUP.Optional.PassShow.A's and PUP.Optional.NextLive.A's particularly attached to Registry keys. (My subscription to System Mechanic Pro expired yesterday.) I'm not a techie or even well read in computers but know enough to realize 'you' don't mess with the registry. Here's the latest log, from the Pro trial as I don't have the money to pay for a subscription.: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.12.29.02 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476JC :: 1PREMIER-PC [administrator] Protection: Enabled 12/29/2013 7:12:37 AMMBAM-log-2013-12-29 (11-59-51).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 413231Time elapsed: 56 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 7HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> No action taken.HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> No action taken.HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> No action taken. Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\JC\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Data: C:\Program Files (x86)\PassShow\150.xpi -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 2C:\Users\JC\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.C:\Users\JC\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken. Files Detected: 0(No malicious items detected) (end) There are fairly recent oddities in performance such as Chrome refusing to load and the indication of the button on the taskbar fading as though it wasn't pressed at all. Sometimes I click it multiple times to load. Another recent oddity is my connection drops a lot and it's not due to a lack of provision from the providing company. I get the impression that someone is somewhere just flipping a switch to my connection and toying with me cuz it'll disconnect several times in succession. I deleted some other files it found and I get boxes (f.e. loading Sims 3) that reference the missing file once found in the pup list. "There was a problem startingC:\Users\JC\AppData\Roaming\newnext.me\nengine.dll The specified module could not be found." I appreciate any and all help possibly offered.
  19. Windows 8/64, Dell Inspiron N15, AVG 2014, MWB Pro. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.40.2Run by LyndaBarry at 15:30:49 on 2013-09-15Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3965.2032 [GMT -10:00].AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\dwm.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Prey\platform\windows\cronsvc.exec:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\AVG\AVG2014\avgnsa.exeC:\Program Files\pia_manager\pia_manager.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\taskeng.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\msiexec.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\igfxtray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\hkcmd.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Brother\BPRSP\resources\BrSupSsp.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Browny02\BrYNSvc.exeC:\Program Files (x86)\ControlCenter4\BrCcUxSys.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Users\LyndaBarry\AppData\Local\Apps\2.0\47NMW19A.8OX\0T5DDXY8.AC5\dell..tion_0f612f649c4a10af_0005.0001_240bd831ade3aeac\DellSystemDetect.exeC:\Users\LYNDAB~1\AppData\Local\Temp\ocrE8C9.tmp\bin\rubyw.exeC:\Program Files\pia_manager\pia_manager.exeC:\Users\LYNDAB~1\AppData\Local\Temp\ocr15B1.tmp\bin\rubyw.exeC:\Program Files\pia_manager\pia_tray\pia_tray.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Dell Backup and Recovery\SftService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [DellSystemDetect] C:\Users\LyndaBarry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-msuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYmRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunmRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mExplorerRun: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BROTHE~1.LNK - C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exemPolicies-System: DisableCAD = dword:1mPolicies-System: HideFastUserSwitching = dword:0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllTrusted Zone: dell.comTCP: NameServer = 192.168.1.1TCP: Interfaces\{0A25D81A-90E9-4200-AD59-917D464AF8B8} : DHCPNameServer = 8.8.8.8 8.8.4.4TCP: Interfaces\{546E94E4-2B77-4292-9D70-8B15C4989825} : DHCPNameServer = 192.168.1.1Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [btPreLoad] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe"x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"x64-mPolicies-System: DisableCAD = dword:1x64-mPolicies-System: HideFastUserSwitching = dword:0x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\LyndaBarry\AppData\Roaming\Mozilla\Firefox\Profiles\gvhebwbf.default\FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLLFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-8-22 192824]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-8-22 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-8-20 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-8-1 31544]R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-6-25 652344]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-8-1 147768]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-8-22 241464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-8-22 212280]R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-23 252728]R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-6-25 92536]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-6-25 98208]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-28 226944]R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-8-26 1358432]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-8-27 3534896]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-8-20 300640]R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-25 14904]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-25 165760]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-10 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-10 701512]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-10 1901752]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-6-25 201872]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-6-25 1914728]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-25 364416]R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-6-25 81536]R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-28 89320]R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-9-13 266240]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-12-28 345832]R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-12-28 115432]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-28 33944]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-28 179432]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-28 77464]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-12-28 136424]R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-28 578792]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-6-25 342528]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-10 25928]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-6-25 315536]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-6-25 683664]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-6-25 32136]R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-6-25 23552]S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-25 20912]S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-8-7 199176]S2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2013-4-30 125440]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-6-25 28040].=============== File Associations ===============.ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1".=============== Created Last 30 ================.2013-09-15 23:01:08 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Wise Disk Cleaner2013-09-15 22:54:52 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Wise Registry Cleaner2013-09-15 22:51:42 -------- d-----w- C:\Program Files (x86)\Wise2013-09-15 21:14:08 -------- d-----w- C:\ProgramData\Kaspersky Lab2013-09-14 20:24:47 -------- d-----w- C:\Users\LyndaBarry\.phet2013-09-14 20:21:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-14 20:19:33 -------- d-----w- C:\ProgramData\Oracle2013-09-14 20:08:14 973736 ----a-w- C:\Windows\System32\deployJava1.dll2013-09-14 20:08:12 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-09-14 20:07:54 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-09-14 03:26:38 -------- d-----w- C:\Prey2013-09-14 02:03:03 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-09-14 02:03:02 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-09-14 01:56:44 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\ControlCenter42013-09-14 00:43:58 -------- d-----w- C:\Program Files (x86)\ControlCenter42013-09-14 00:43:48 290304 ------w- C:\Windows\System32\BrfxDA5c.dll2013-09-14 00:36:13 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL2013-09-14 00:36:12 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL2013-09-14 00:36:12 50176 ----a-w- C:\Windows\SysWow64\BRPRTINK.DLL2013-09-14 00:36:12 25299 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL2013-09-14 00:36:12 103792 ----a-w- C:\Windows\SysWow64\BRRBI110.EXE2013-09-14 00:24:04 -------- d-----w- C:\ProgramData\Brother2013-09-14 00:05:49 -------- d-----r- C:\Users\LyndaBarry\Google Drive2013-09-13 07:24:31 -------- d-----w- C:\Program Files (x86)\Karnaugh Map Minimizer2013-09-13 06:11:01 -------- d-----w- C:\ProgramData\Package Cache2013-09-13 03:13:40 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\AVG2013-09-13 03:11:43 -------- d-----w- C:\ProgramData\AVG2013-09-13 03:11:33 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2013-09-12 15:33:11 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Trillian2013-09-12 07:28:44 -------- d-----w- C:\Windows\System32\MRT2013-09-12 07:26:01 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-09-12 07:26:00 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-09-12 07:23:55 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll2013-09-12 07:22:18 888320 ----a-w- C:\Windows\System32\autochk.exe2013-09-12 07:22:18 793088 ----a-w- C:\Windows\SysWow64\autochk.exe2013-09-12 07:22:18 542208 ----a-w- C:\Windows\System32\untfs.dll2013-09-12 07:22:18 482816 ----a-w- C:\Windows\SysWow64\untfs.dll2013-09-12 06:45:39 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Apple Computer2013-09-12 06:45:37 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Titanium2013-09-12 06:44:47 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys2013-09-12 06:44:45 -------- d-----w- C:\Program Files\pia_manager2013-09-12 06:25:05 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-09-12 03:57:11 -------- d-----w- C:\Users\LyndaBarry\Cisco Packet Tracer 6.0.12013-09-12 03:30:55 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Macromedia2013-09-12 03:19:03 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Adobe2013-09-11 18:00:05 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-09-11 16:18:01 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\ElevatedDiagnostics2013-09-11 16:17:42 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Diagnostics2013-09-11 08:17:28 -------- d-----w- C:\ProgramData\PC-Doctor for Windows2013-09-11 08:16:55 -------- d-----w- C:\Program Files\My Dell2013-09-11 08:05:11 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\PCDr2013-09-11 07:43:21 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery2013-09-11 07:38:29 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\softthinks2013-09-11 06:52:58 688640 ----a-w- C:\Windows\System32\WSShared.dll2013-09-11 06:51:04 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-09-11 06:51:03 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-11 06:51:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-11 06:51:01 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2013-09-11 06:51:01 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-11 06:41:35 1606112 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-09-11 06:37:10 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\AVG20142013-09-11 06:36:16 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\TuneUp Software2013-09-11 06:35:06 -------- d--h--w- C:\$AVG2013-09-11 06:35:06 -------- d-----w- C:\ProgramData\AVG20142013-09-11 06:34:10 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll2013-09-11 06:34:09 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-09-11 06:34:05 1838080 ----a-w- C:\Windows\System32\DWrite.dll2013-09-11 06:34:05 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-09-11 06:33:46 -------- d-----w- C:\Program Files (x86)\AVG2013-09-11 06:31:49 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-09-11 06:31:48 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-09-11 06:31:26 141312 ----a-w- C:\Windows\System32\cryptnet.dll2013-09-11 06:31:26 1255936 ----a-w- C:\Windows\System32\certutil.exe2013-09-11 06:31:26 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe2013-09-11 06:31:25 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-09-11 06:31:07 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-09-11 06:31:07 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-11 06:31:05 595968 ----a-w- C:\Windows\System32\qedit.dll2013-09-11 06:31:05 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-09-11 06:31:00 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-09-11 06:31:00 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-09-11 06:30:59 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-09-11 06:30:59 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-09-11 06:30:59 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-09-11 06:30:59 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-09-11 06:30:59 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-09-11 06:30:58 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-09-11 06:30:58 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-09-11 06:30:56 -------- d--h--w- C:\ProgramData\Common Files2013-09-11 06:30:56 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\MFAData2013-09-11 06:30:56 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Avg20142013-09-11 06:30:56 -------- d-----w- C:\ProgramData\MFAData2013-09-11 06:30:03 733184 ----a-w- C:\Windows\System32\win32spl.dll2013-09-11 06:29:39 861184 ----a-w- C:\Windows\System32\drivers\http.sys2013-09-11 06:29:07 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-09-11 06:29:07 112872 ----a-w- C:\Windows\System32\consent.exe2013-09-11 06:28:20 26624 ----a-w- C:\Windows\System32\ReAgentc.exe2013-09-11 06:28:20 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe2013-09-11 06:28:15 2382336 ----a-w- C:\Windows\SysWow64\esent.dll2013-09-11 06:28:14 2851840 ----a-w- C:\Windows\System32\esent.dll2013-09-11 06:27:53 4038144 ----a-w- C:\Windows\System32\win32k.sys2013-09-11 06:27:36 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-09-11 06:27:35 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-09-11 06:27:17 135680 ----a-w- C:\Windows\System32\appserverai.dll2013-09-11 06:27:17 126976 ----a-w- C:\Windows\System32\RDWebAI.dll2013-09-11 06:27:17 122880 ----a-w- C:\Windows\System32\VmHostAI.dll2013-09-11 06:27:13 148480 ----a-w- C:\Windows\System32\poqexec.exe2013-09-11 06:27:13 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe2013-09-11 06:25:57 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Malwarebytes2013-09-11 06:25:41 -------- d-----w- C:\ProgramData\Malwarebytes2013-09-11 06:25:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-11 06:25:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-11 03:22:05 -------- d-----w- C:\Program Files (x86)\Cisco Packet Tracer 6.0.12013-09-11 03:21:41 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Programs2013-09-11 02:52:10 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive2013-09-11 02:52:10 -------- d-----r- C:\Users\LyndaBarry\SkyDrive2013-09-11 02:51:57 -------- d-----w- C:\ProgramData\Microsoft SkyDrive2013-09-11 02:44:58 564432 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2013-09-11 02:42:01 -------- d-----w- C:\Program Files\Microsoft Office 152013-09-11 02:19:11 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Opera Software2013-09-11 02:19:11 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Opera Software2013-09-11 01:42:11 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Google2013-09-11 01:41:57 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Deployment2013-09-11 01:41:57 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Apps2013-09-11 01:34:44 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Intel Corporation2013-09-11 01:33:53 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\BMExplorer2013-09-11 01:33:42 -------- d-----w- C:\ProgramData\Atheros2013-09-11 01:33:37 -------- d-----w- C:\Users\LyndaBarry\AppData\Roaming\Atheros2013-09-11 01:33:10 -------- d-----r- C:\Users\LyndaBarry\Searches2013-09-11 01:33:10 -------- d-----r- C:\Users\LyndaBarry\Contacts2013-09-11 01:32:31 -------- d-----w- C:\Users\LyndaBarry\AppData\Local\Power2Go82013-08-23 04:25:44 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-08-23 04:08:14 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-08-23 03:55:04 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-08-23 03:54:54 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-08-21 03:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys.==================== Find3M ====================.2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll2013-08-07 05:15:02 144896 ----a-w- C:\Windows\System32\tssdisai.dll2013-08-01 21:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-08-01 21:04:56 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-07-24 05:34:52 252728 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys2013-06-25 19:24:58 8552448 ----a-w- C:\Windows\SysWow64\glcndFilter.dll2013-06-25 19:23:53 955904 ----a-w- C:\Windows\System32\WebcamUi.dll2013-06-25 19:22:59 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll2013-06-25 19:21:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-06-25 19:21:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-06-25 19:21:01 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll2013-06-19 05:36:21 183808 ----a-w- C:\Windows\System32\winmmbase.dll2013-06-19 05:36:21 115712 ----a-w- C:\Windows\System32\winmm.dll2013-06-18 22:38:00 160256 ----a-w- C:\Windows\SysWow64\winmmbase.dll2013-06-18 22:38:00 125440 ----a-w- C:\Windows\SysWow64\winmm.dll.============= FINISH: 15:31:39.90 =============== attach.zip dds.txt mbam-log-2013-09-15 (15-18-45).txt ARK.txt
  20. Will Norton utilities 16 run scheduled maintenance in sleep mode?
  21. HI, After a cnet download yesterday, my wife's new windows 8 laptop started misbehaving. Apparently Mixi.DJ toolbar was installed in chrome browser which quickly took control of all the browsers. In an attempt to remove this toolbar spyhunter4 was briefly installed. Now both of these have been uninstalled but there are still effects on the machine but these nothing is being picked by by malware or virus scanners. We're very grateful for any assistance! Thx Steve +++++++++++ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 Run by Taryn at 17:28:26 on 2013-03-20 Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.7642.4463 [GMT 0:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\McAfee\AppStats\MfeASUM.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\valWBFPolicyService.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe C:\PROGRA~1\McAfee\MSC\McAPExe.exe C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe C:\Program Files\Common Files\AuthenTec\TrueService.exe C:\Program Files\Common Files\AuthenTec\TrueService.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Users\Taryn\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\ProgramData\MFAData\pack\avgrunasx.exe C:\Program Files\iPod\bin\iPodService.exe C:\ProgramData\MFAData\pack\avgmfapx.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\HP SimplePass\TouchControl.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Taryn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Taryn\AppData\Roaming\Dropbox\bin\Dropbox.exe IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{8DDC1A49-ACD3-46F0-84FD-BE2E183F4DA0} : DHCPNameServer = 192.168.1.254 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528] R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280] R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-7-10 35496] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-2-8 311096] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2012-12-15 56336] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-2-26 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-8 206136] R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-2-24 247608] R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536] R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-2-1 31408] R1 MOBKFilter;MOBKFilter;C:\Windows\System32\Drivers\MOBK.sys [2013-2-1 66040] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984] R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-1 199008] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-2-19 1418184] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624] R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-19 2569168] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-20 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-20 682344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-2-1 103472] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-2-1 220856] R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\Drivers\McPvDrv.sys [2013-2-1 74120] R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-2-1 335216] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-2-1 1007288] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-1 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-1 177680] R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-13 1861288] R2 Sage AutoUpdate Manager Service;Sage AutoUpdate Manager Service;C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [2012-7-5 8192] R2 Sage SData Service;Sage SData Service;C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [2012-5-17 53248] R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-8-18 28160] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472] R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-20 24176] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528] R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-9-1 1958984] R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-1 294544] R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2012-8-9 695392] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 690832] R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272] R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-1 57000] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288] R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-17 23552] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912] S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-2-8 71480] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-2-1 69168] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264] S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-8 48736] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-2-1 197264] S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208] S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] . =============== Created Last 30 ================ . 2013-03-20 12:23:22 -------- d-----w- C:\Users\Taryn\AppData\Roaming\Malwarebytes 2013-03-20 12:23:00 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-20 12:22:49 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-20 12:22:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-20 12:22:31 -------- d-----w- C:\Users\Taryn\AppData\Local\Programs 2013-03-20 11:54:01 -------- d-----w- C:\Users\Taryn\AppData\Roaming\AVG2013 2013-03-20 11:53:08 -------- d-----w- C:\Users\Taryn\AppData\Roaming\TuneUp Software 2013-03-20 11:49:49 -------- d--h--w- C:\$AVG 2013-03-20 11:49:48 -------- d-----w- C:\ProgramData\AVG2013 2013-03-20 11:49:10 -------- d-----w- C:\Program Files (x86)\AVG 2013-03-20 11:30:32 -------- d--h--w- C:\ProgramData\Common Files 2013-03-20 11:30:31 -------- d-----w- C:\Users\Taryn\AppData\Local\MFAData 2013-03-20 11:30:31 -------- d-----w- C:\Users\Taryn\AppData\Local\Avg2013 2013-03-20 11:30:31 -------- d-----w- C:\ProgramData\MFAData 2013-03-20 10:06:24 -------- d-----w- C:\Program Files\Enigma Software Group 2013-03-20 10:05:58 -------- d-----w- C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-03-20 10:05:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-03-19 23:52:44 -------- d-----w- C:\Program Files (x86)\EPSViewer 2013-03-19 23:49:44 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-03-19 23:49:44 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-03-19 23:49:20 -------- d-----w- C:\ProgramData\BrowserProtect 2013-03-19 23:46:01 -------- d-----w- C:\Users\Taryn\AppData\Roaming\Babylon 2013-03-19 23:46:01 -------- d-----w- C:\ProgramData\Babylon 2013-03-17 11:36:41 -------- d-----w- C:\Program Files\iPod 2013-03-17 11:36:40 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-03-17 11:36:40 -------- d-----w- C:\Program Files\iTunes 2013-03-17 11:36:40 -------- d-----w- C:\Program Files (x86)\iTunes 2013-03-14 10:24:59 700928 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-03-14 10:23:52 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-14 10:23:51 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-14 10:23:49 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-03-14 10:23:49 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-03-14 10:23:49 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-03-14 10:23:49 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-03-14 10:23:46 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll 2013-03-14 10:23:45 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-03-12 11:26:04 192784 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10196.bin 2013-03-11 16:12:18 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-02-27 12:36:20 1010688 ----a-w- C:\Windows\System32\reseteng.dll 2013-02-27 12:36:19 443392 ----a-w- C:\Windows\System32\ReAgent.dll 2013-02-27 12:36:19 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-02-26 23:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-02-25 12:30:28 150600 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2013-02-25 12:30:04 1274456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll 2013-02-24 23:37:28 247608 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys 2013-02-22 05:13:58 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2013-02-22 05:13:58 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll . ==================== Find3M ==================== . 2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-02-08 04:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2013-02-08 04:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2013-02-08 04:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-02-08 04:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-02-08 04:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll 2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll 2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll 2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll 2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe 2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe 2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll 2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll 2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll 2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll 2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll 2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll 2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll 2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll 2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll 2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll 2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll 2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll 2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll 2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll 2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys 2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys 2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe 2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe 2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll 2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll 2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll 2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll 2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL 2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe 2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe 2013-01-09 23:23:23 240640 ----a-w- C:\Windows\System32\fsquirt.exe 2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll . ============= FINISH: 17:29:04.74 =============== ++++++++++++++++++++++++++++++. DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 08/12/2012 13:57:52 System Uptime: 20/03/2013 11:41:51 (6 hours ago) . Motherboard: Hewlett-Packard | | 18A7 Processor: AMD A8-4500M APU with Radeon™ HD Graphics | Socket FT1 | 1900/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 912 GiB total, 840.158 GiB free. D: is FIXED (NTFS) - 19 GiB total, 2.409 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP16: 27/02/2013 12:43:52 - Windows Update RP17: 08/03/2013 09:53:56 - McAfee Vulnerability Scanner RP18: 14/03/2013 10:48:40 - Windows Update RP19: 15/03/2013 11:51:24 - McAfee Vulnerability Scanner RP20: 17/03/2013 11:22:15 - Installed iCloud RP21: 20/03/2013 00:12:44 - Removed MixiDJ Chrome Toolbar . ==== Installed Programs ====================== . Accounts Adobe Flash Player 11 Plugin Adobe Photoshop Elements 11 Adobe Premiere Elements 11 Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.6 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD Quick Stream AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec TrueAPI 64-bit AVG 2013 Bonjour BrowserProtect Canon MG5200 series MP Drivers Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Connected Music powered by Universal Music Group version 1.0 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Elements 11 Organizer Energy Star EPS Viewer Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP SimplePass HP Software Framework HP Support Assistant HP Utility Center HP Wireless Button Driver iCloud IDT Audio iTunes Malwarebytes Anti-Malware version 1.70.0.1100 McAfee All Access – Total Protection McAfee Online Backup Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook 2013 - en-us Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component PRE11 STI 64Installer PSE11 STI Installer Ralink Bluetooth Stack64 Ralink RT3290 802.11bgn Wi-Fi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Sage 50 Accounts 2013 Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shared C Run-time for x64 swMSM Synaptics Pointing Device Driver Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Validity WBF DDK Visual Studio 2010 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 20/03/2013 16:54:59, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.74 did not allow the name to be claimed by this computer. 20/03/2013 15:04:42, Error: Microsoft-Windows-HttpEvent [15011] - Unable to create the error log file. Make sure that the error logging directory is correct. 20/03/2013 11:42:15, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. 20/03/2013 11:42:11, Error: Service Control Manager [7019] - The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started. 20/03/2013 11:42:11, Error: Service Control Manager [7018] - Detected circular dependencies auto-starting services. Check the service dependency tree. 20/03/2013 01:09:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service. 19/03/2013 23:49:59, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 17/03/2013 11:32:39, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 17/03/2013 11:31:39, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 17/03/2013 11:31:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/03/2013 13:04:36, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVEO_LAP-TOSH that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8DDC1A49-ACD3-46F0-84FD-BE2E183F4DA0}. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  22. Ok.. so first.. I love Malwarebytes.. Swear by it. Live by it .. etc.. Been Using it for like 3 years now .. I upgraded to Windows 8 2 months ago.. Everything was workin fine. All of sudden i dunno what the hell yall did.. but whenever it was my Malwarebytes Icon changed (after an update) .. Malwarebytes been doing some weird hidden stuff in the background.. and its making stuff not work on my PC correctly.. For instance I make music on my PC .. every since this new version of Malwarebytes installed.. now when Im recording or making music.. Malwarebytes is causing my Recording software to stall .. or like freeze for like 4 secs... and it happens like frequently .. so if im recording or playing back music using my audio interface thru my recording software ... it will just freeze for 3-4 secs.. and i'f have to press play again.. at first i didn't know wtf the issue was .. then i closed EVERYTHING and started testin it.. and narrowed it to Malwarebytes. . when its completely closed.. everything works.. if it running .. then my audio stuff freezes... Now i haven't really experienced no other issue outside of my audio software. .like if i just use other stuff on my PC i haven't specifically noticed anything else ... except maybe my Google Chrome been actin weird on youtube.. but i cant attribute that to MB ... although i cant thing of anything else that could be causing THAT either.. (another audio issue tho .. hmm) .. but those to applications use 2 different audio devices.. soo idk the co-relation... Is there any way to go back to the old Malwarebyte (red icon) ... if so how.. and will i be at risk? .. well right now my MB is OFF so it cant be any worse than this.. .. . Im just saying . Help? PCInfo http://valid.canardpc.com/2728175
  23. Today I went on my PC and went on Google chrome to check my xbox, on the website I got a popup saying you must have verification, then I realised tumbler opened. Is this a virus? (It has happened on a few websites)
  24. Hello, I have an HP Pavillion Elite HPE running Windows 8. Have not had many problems with the machine, but started getting a couple of malware warnings in Chrome while browsing today and decided to run something since it had been a while. Malwarebytes quick scan found 2 infected files which were deleted, restarted as prompted. Since that restart the computer will no longer boot, it hangs on the HP splash screen and I am unable to access my BIOS settings by hitting F10 or anything else. Not sure if it is my HD or if something happened to the registry, HD is a WD Green (1 TB) and was working fine before the restart. Any help or suggestions would be appreciated, have had success with Malwarebytes on other more deeply infected machines and did not expect this outcome on my own.
  25. When I run the scan (Antirootkit Beta V1.01.0.1016 ) my pc crashes with blue screen. I have Win 8 Pro, Processor I7 16GB Ram with 3 Gb of Ramdisk. The error is: "bad pool header :-(" Can you help me ? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.