Computer Hibernates Even When This is Disabled

[billyg1943]

Windows 8 Pro running on HP Elitebook 8440w. Lately computer has been either shutting down or hibernating, even though the Power Scheme is set to not do this when on mains power. I keep getting Malware Bytes popups about potentiall malicious IP addresses. I recently rebuilt this PC and it stopped doing this for a few days. I had BitTorrent installed but have since removed it.

I have run dds.scr and have attached the files produced.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16519

Run by bill at 5:21:45 on 2013-04-10

Microsoft Windows 8 Pro 6.2.9200.0.1252.61.2057.18.8119.5480 [GMT 10:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\WiTopia\WiTopiaService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Users\bill.GLIDDEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\program files (x86)\deal spy\deal spy-bg.exe

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE

C:\Windows\system32\mstsc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Defender\MpCmdRun.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

mWinlogon: Userinit = userinit.exe

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Deal Spy: {11111111-1111-1111-1111-110211621176} - C:\Program Files (x86)\Deal Spy\Deal Spy.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [skyDrive] "C:\Users\bill.GLIDDEN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\Users\BILL~1.GLI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: RunStartupScriptSync = dword:1

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.2.3

TCP: Interfaces\{4582BFF3-DE23-47CD-A19F-CC38EC5CC9B5} : DHCPNameServer = 192.168.2.3

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-mPolicies-System: RunStartupScriptSync = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\bill.GLIDDEN\AppData\Roaming\Mozilla\Firefox\Profiles\t308hdx6.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-03-29 17:12; mozilla_cc@internetdownloadmanager.com; C:\Users\bill.GLIDDEN\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2013-04-05 13:36; cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com; C:\Users\bill.GLIDDEN\AppData\Roaming\Mozilla\Firefox\Profiles\t308hdx6.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\Drivers\fltsrv.sys [2013-3-29 155272]

R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\Drivers\tib_mounter.sys [2013-3-29 1093256]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-3-29 3696632]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-4-5 166576]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-6 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-6 682344]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-4-3 390632]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]

R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2013-3-31 60528]

R3 afcdp;afcdp;C:\Windows\System32\Drivers\afcdp.sys [2013-3-29 367200]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-4-6 24176]

R3 NETwNe64;@oem15.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-19 4309032]

R3 RICOH SmartCard Reader;RICOH SmartCard Reader;C:\Windows\System32\Drivers\rismcx64.sys [2006-10-3 79488]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

.

=============== Created Last 30 ================

.

2013-04-09 18:55:38 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCDC117F-B2AC-4BDE-A689-5185EF89A555}\mpengine.dll

2013-04-09 18:46:03 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-04-06 03:23:12 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\Malwarebytes

2013-04-06 03:22:58 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-06 03:22:57 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-06 03:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-05 21:30:59 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2013-04-05 11:43:34 166576 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2013-04-05 05:04:05 -------- d-----w- C:\Program Files\Bulk Rename Utility

2013-04-05 03:36:40 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Deal Spy

2013-04-05 03:36:00 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Updater26276

2013-04-05 03:35:57 -------- d-----w- C:\Program Files (x86)\Deal Spy

2013-04-02 20:13:56 -------- d-----w- C:\ProgramData\SmartSound Software Inc

2013-04-02 20:13:54 -------- d-----w- C:\ProgramData\eSellerate

2013-04-02 20:13:54 -------- d-----w- C:\Program Files (x86)\SmartSound Software

2013-04-02 20:11:28 -------- d-----w- C:\ProgramData\install_clap

2013-04-01 08:06:52 14823424 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2013-03-31 21:47:30 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Macromedia

2013-03-31 09:35:07 -------- d-----w- C:\ProgramData\CLSK

2013-03-31 05:51:16 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2013-03-31 05:51:16 -------- d-----r- C:\Users\bill.GLIDDEN\SkyDrive

2013-03-31 05:26:34 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2013-03-31 04:59:18 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\WiTopia

2013-03-31 04:58:44 -------- d-----w- C:\Program Files\WiTopia

2013-03-31 04:54:35 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll

2013-03-31 04:54:34 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe

2013-03-31 04:54:32 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-03-31 04:54:30 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe

2013-03-31 04:54:28 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-03-31 04:54:24 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll

2013-03-31 04:43:40 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-03-31 04:43:40 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-03-31 04:43:36 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-03-31 03:42:30 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\BitTorrent

2013-03-29 22:39:04 -------- d-----r- C:\Program Files (x86)\Skype

2013-03-29 13:13:49 -------- d-----w- C:\Windows\Panther

2013-03-29 11:18:19 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin

2013-03-29 11:00:05 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-03-29 11:00:04 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-03-29 09:32:27 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-03-29 09:32:26 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-03-29 09:32:19 -------- d-----w- C:\Program Files\Synaptics

2013-03-29 09:31:11 -------- d-----w- C:\Program Files\NVIDIA Corporation

2013-03-29 09:26:25 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2013-03-29 09:26:25 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-03-29 09:26:25 26624 ----a-w- C:\Windows\System32\ReAgentc.exe

2013-03-29 09:26:25 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe

2013-03-29 09:26:25 1010688 ----a-w- C:\Windows\System32\reseteng.dll

2013-03-29 09:26:24 945152 ----a-w- C:\Windows\System32\resetengmig.dll

2013-03-29 09:26:24 132096 ----a-w- C:\Windows\System32\sysreset.exe

2013-03-29 09:26:23 405504 ----a-w- C:\Windows\System32\pcasvc.dll

2013-03-29 09:26:23 31232 ----a-w- C:\Windows\System32\pcadm.dll

2013-03-29 09:26:23 13312 ----a-w- C:\Windows\System32\pcalua.exe

2013-03-29 09:26:23 11776 ----a-w- C:\Windows\System32\pcaevts.dll

2013-03-29 09:15:00 -------- d-----w- C:\Windows\System32\appmgmt

2013-03-29 07:45:32 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-29 07:45:32 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-29 07:44:53 76288 ----a-w- C:\Windows\System32\newdev.exe

2013-03-29 07:44:53 75264 ----a-w- C:\Windows\System32\ndadmin.exe

2013-03-29 07:44:53 74240 ----a-w- C:\Windows\SysWow64\newdev.exe

2013-03-29 07:44:53 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe

2013-03-29 07:44:53 301568 ----a-w- C:\Windows\System32\newdev.dll

2013-03-29 07:44:53 275968 ----a-w- C:\Windows\SysWow64\newdev.dll

2013-03-29 07:42:00 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll

2013-03-29 07:40:59 389360 ----a-w- C:\Windows\System32\MMDevAPI.dll

2013-03-29 07:39:39 677888 ----a-w- C:\Windows\System32\mfnetcore.dll

2013-03-29 07:39:39 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll

2013-03-29 07:39:39 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll

2013-03-29 07:39:38 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll

2013-03-29 07:39:38 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-03-29 07:39:38 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll

2013-03-29 07:39:38 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll

2013-03-29 07:39:38 1048064 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-03-29 07:37:43 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll

2013-03-29 07:37:43 109568 ----a-w- C:\Windows\System32\dskquota.dll

2013-03-29 07:37:42 84992 ----a-w- C:\Windows\SysWow64\wbem\PolicMan.dll

2013-03-29 07:37:42 115712 ----a-w- C:\Windows\System32\wbem\PolicMan.dll

2013-03-29 07:34:59 94208 ----a-w- C:\Windows\SysWow64\mssitlb.dll

2013-03-29 07:33:49 368640 ----a-w- C:\Windows\System32\sppwinob.dll

2013-03-29 07:33:35 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll

2013-03-29 07:33:35 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll

2013-03-29 07:31:56 641536 ----a-w- C:\Windows\System32\WSShared.dll

2013-03-29 07:31:56 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll

2013-03-29 07:31:56 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll

2013-03-29 07:31:56 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-03-29 07:31:56 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-03-29 07:31:56 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-03-29 07:30:11 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll

2013-03-29 07:30:08 560640 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-03-29 07:28:59 90624 ----a-w- C:\Windows\System32\drivers\amdk8.sys

2013-03-29 07:28:59 89088 ----a-w- C:\Windows\System32\drivers\intelppm.sys

2013-03-29 07:28:59 88064 ----a-w- C:\Windows\System32\drivers\amdppm.sys

2013-03-29 07:28:59 87552 ----a-w- C:\Windows\System32\drivers\processr.sys

2013-03-29 07:28:59 22528 ----a-w- C:\Windows\System32\drivers\fxppm.sys

2013-03-29 07:28:58 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2013-03-29 07:28:51 8552448 ----a-w- C:\Windows\SysWow64\glcndFilter.dll

2013-03-29 07:28:51 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll

2013-03-29 06:49:58 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-03-29 06:41:45 -------- d-----r- C:\Windows\BrowserChoice

2013-03-29 06:39:48 94208 ----a-w- C:\Windows\System32\synceng.dll

2013-03-29 06:39:48 72192 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-03-29 06:34:58 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll

2013-03-29 06:34:58 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll

2013-03-29 06:33:26 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-29 06:32:20 144384 ----a-w- C:\Windows\System32\tssdisai.dll

2013-03-29 06:32:20 135680 ----a-w- C:\Windows\System32\appserverai.dll

2013-03-29 06:32:20 126976 ----a-w- C:\Windows\System32\RDWebAI.dll

2013-03-29 06:32:20 122880 ----a-w- C:\Windows\System32\VmHostAI.dll

2013-03-29 06:32:17 148480 ----a-w- C:\Windows\System32\poqexec.exe

2013-03-29 06:32:17 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe

2013-03-29 06:30:59 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-29 06:19:46 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-03-29 06:19:46 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-03-29 06:17:58 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-03-29 06:17:58 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-03-29 06:17:58 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2013-03-29 06:17:57 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-03-29 06:17:56 10115072 ----a-w- C:\Windows\System32\twinui.dll

2013-03-29 06:17:55 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-03-29 06:17:55 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-03-29 06:14:44 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-03-29 06:13:59 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2013-03-29 06:11:51 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-29 06:11:51 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-29 06:11:41 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-03-29 06:09:56 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-29 06:08:33 96256 ----a-w- C:\Windows\System32\fontsub.dll

2013-03-29 06:08:33 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-03-29 06:08:33 3072 ----a-w- C:\Windows\SysWow64\lpk.dll

2013-03-29 06:08:33 3072 ----a-w- C:\Windows\System32\lpk.dll

2013-03-29 06:08:33 14336 ----a-w- C:\Windows\System32\dciman32.dll

2013-03-29 06:08:33 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll

2013-03-29 06:08:32 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-03-29 06:08:32 362496 ----a-w- C:\Windows\System32\atmfd.dll

2013-03-29 06:08:32 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-03-29 06:08:32 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-03-29 06:06:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-29 06:06:59 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-29 06:06:50 2361344 ----a-w- C:\Windows\System32\msxml6.dll

2013-03-29 06:06:50 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll

2013-03-29 06:06:50 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2013-03-29 06:06:50 2048 ----a-w- C:\Windows\System32\msxml6r.dll

2013-03-29 06:06:50 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-03-29 06:06:50 1836032 ----a-w- C:\Windows\System32\msxml3.dll

2013-03-29 06:06:50 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-03-29 06:06:50 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-03-29 06:05:56 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\KeePass

2013-03-29 05:55:01 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA1.DLL

2013-03-29 05:55:01 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA1.DLL

2013-03-29 05:54:56 336896 ----a-w- C:\Windows\System32\CNMLMA1.DLL

2013-03-29 05:52:50 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\IDM

2013-03-29 05:52:50 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Roaming\DMCache

2013-03-29 05:52:50 -------- d-----w- C:\ProgramData\IDM

2013-03-29 05:52:39 -------- d-----w- C:\Program Files (x86)\Internet Download Manager

2013-03-29 05:47:37 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Apple Computer

2013-03-29 05:47:33 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-03-29 05:47:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-29 05:47:15 -------- d-----w- C:\Program Files\iTunes

2013-03-29 05:47:15 -------- d-----w- C:\Program Files\iPod

2013-03-29 05:47:15 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-29 05:46:58 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Apple

2013-03-29 05:45:45 -------- d-----w- C:\Program Files\Bonjour

2013-03-29 05:45:45 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-03-29 05:40:49 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Adobe

2013-03-29 05:40:49 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-03-29 05:40:37 52568 ----a-w- C:\Windows\System32\AdobePDF.dll

2013-03-29 04:56:55 -------- d-----w- C:\ProgramData\Brother

2013-03-29 04:56:02 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2013-03-29 04:40:54 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe

2013-03-29 04:40:37 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Programs

2013-03-29 04:25:35 -------- d-----w- C:\Windows\PCHEALTH

2013-03-29 04:25:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-03-29 04:23:40 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-03-29 04:23:36 -------- d-----w- C:\Users\bill.GLIDDEN\AppData\Local\Microsoft Help

2013-03-29 04:11:27 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys

2013-03-29 04:11:23 1340040 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2013-03-29 04:11:22 1093256 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys

2013-03-29 04:11:20 340104 ----a-w- C:\Windows\System32\drivers\snapman.sys

2013-03-29 04:11:19 155272 ----a-w- C:\Windows\System32\drivers\fltsrv.sys

2013-03-29 04:03:29 -------- d-----w- C:\Program Files\Windows Small Business Server

2013-03-29 04:03:26 -------- d-----w- C:\Program Files (x86)\Windows Small Business Server

2013-03-29 03:21:52 -------- d-----w- C:\ProgramData\PRICache

.

==================== Find3M ====================

.

2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-17 23:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-02-17 23:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2013-02-17 23:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll

2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe

2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe

2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll

2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll

2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll

2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll

2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll

2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll

2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll

2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll

2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll

2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll

2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll

2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll

2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-01-23 23:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll

2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll

2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll

2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL

2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll

2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe

2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll

2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll

2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll

.

============= FINISH: 5:22:17.33 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 29/03/2013 1:21:46 PM

System Uptime: 8/04/2013 3:54:00 PM (38 hours ago)

.

Motherboard: Hewlett-Packard | | 172B

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1734/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 465 GiB total, 401.833 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 216.763 GiB free.

E: is CDROM (UDF)

F: is FIXED (NTFS) - 931 GiB total, 864.074 GiB free.

G: is FIXED (NTFS) - 298 GiB total, 69.164 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_172B103C&REV_14\4&BE8304E&0&32F0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_172B103C&REV_14\4&BE8304E&0&32F0

Service:

.

Class GUID:

Description:

Device ID: USB\VID_138A&PID_0007\351009671C01

Manufacturer:

Name:

PNP Device ID: USB\VID_138A&PID_0007\351009671C01

Service:

.

==== System Restore Points ===================

.

RP1: 29/03/2013 2:13:51 PM - Installed Microsoft Office Professional Plus 2013

RP2: 29/03/2013 2:14:06 PM - PROPLUSR

RP3: 31/03/2013 2:43:13 PM - Installed Java 7 Update 17 (64-bit)

RP4: 2/04/2013 8:14:21 PM - Installed PowerDirector

RP5: 5/04/2013 1:39:52 PM - Configured PowerDirector 10 Content Pack II

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.4 - CPSID_83708

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Art Effects for PDR10

Bonjour

Bulk Rename Utility 2.7.1.2

Canon iP4700 series Printer Driver

CyberLink PowerDirector 10

CyberLink PowerDirector 10 Content Pack I

CyberLink PowerDirector 10 Content Pack II

CyberLink WaveEditor

Deal Spy

Definition update for Microsoft Office 2013 (KB2760587) 32-Bit Edition

Internet Download Manager

iTunes

Java 7 Update 17 (64-bit)

KeePass Password Safe 1.25

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 64-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 64-bit MUI (English) 2013

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft SkyDrive

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Word MUI (English) 2013

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

Outils de vérification linguistique 2013 de Microsoft Office - Français

QuickTime

Skype™ 6.3

SmartSound Quicktracks 5

Synaptics Pointing Device Driver

True Image 2013

Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition

Update for Microsoft Lync 2013 (KB2760512) 32-Bit Edition

Update for Microsoft Lync 2013 (KB2760556) 32-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition

Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition

Update for Microsoft Office 2013 (KB2727105) 32-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition

Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition

Update for Microsoft Office 2013 (KB2760311) 32-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition

Update for Microsoft Office 2013 (KB2768333) 32-Bit Edition

Update for Microsoft Office 2013 (KB2768349) 32-Bit Edition

Update for Microsoft Office 2013 (KB2768355) 32-Bit Edition

Update for Microsoft OneNote 2013 (KB2768011) 32-Bit Edition

Update for Microsoft Outlook 2013 (KB2727079) 32-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2727013) 32-Bit Edition

Update for Microsoft SkyDrive Pro (KB2768356) 32-Bit Edition

Update for Microsoft Visio 2013 (KB2752090) 32-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2767856) 32-Bit Edition

Update for Microsoft Word 2013 (KB2760244) 32-Bit Edition

Update for Microsoft Word 2013 (KB2767854) 32-Bit Edition

VLC media player 2.0.5

Windows Small Business Server 2011 Standard ClientAgent

Windows Small Business Server 2011 Standard WMI Provider

WiTopia

.

==== Event Viewer Messages From Past Week ========

.

8/04/2013 3:54:13 PM, Error: hpdskflt [1001] -

6/04/2013 5:24:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000005, 0xfffffa8006ce11a0, 0x0000000080863b34, 0xfffffa800b539c38). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040613-47299-01.

.

==== End Of File ===========================</orphaned></orphaned></orphaned></orphaned>

Edited April 16, 2013 by Maurice Naggar

[Maurice Naggar]

Hello Billyg and welcome to MalwareBytes forum.

This system has the Crossrider/Deal Spy pest. reference http://www.systemlookup.com/CLSID/77149-Deal_Spy_dll.html

Question: Did you agree to the install of it?

If at all possible, go to Control Panel >> Programs and Features and Uninstall Deal Spy

Task 2

To show all files:

• Press and hold Windows-key & then press R key to get the RUN menu.
  
• Type in

  explorer.exe

  and press Enter
  

• When in Windows Explorer, press ALT-key then V key to get VIEW menu
  
• Look at the top ribbon, right side. {the Show/Hide block}
  
• Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

Task 3

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Task 4

• Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

NOTE: I am putting aside any issue of hibernation, etc. for the time being.

We want to focus first on the issue of OUTGOING IP blocks {note I say, Outgoing}.

IF you see one, we need the IP address.

[billyg1943]

Thanks for your reply, Maurice.

No I did not intentionally install Deal Spy. Since removed.

Attached are the scan results requested. No too horrible?

Regards,

Bill

AdwCleanerR1.txt

RKreport1_S_04172013_02d0841.txt

[Maurice Naggar]

Going forward, please, do NOT attach any log ......unless it is way-too large to fit into the main-body.

You can use 1 reply per each report, if needed.

Thanks.

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

[billyg1943]

Point taken on attachments. Sorry.

Log after delete:

# AdwCleaner v2.200 - Logfile created 04/17/2013 at 20:03:08

# Updated 02/04/2013 by Xplode

# Operating system : Windows 8 Pro (64 bits)

# User : bill - BILL-WIN8-PC

# Boot Mode : Normal

# Running from : C:\Users\bill.GLIDDEN\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\Cr_Installer

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[R1].txt - [802 octets] - [17/04/2013 08:33:32]

AdwCleaner[s1].txt - [738 octets] - [17/04/2013 20:03:08]

########## EOF - C:\AdwCleaner[s1].txt - [797 octets] ##########

Cheers,

Bill

[Maurice Naggar]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

Edited April 17, 2013 by Maurice Naggar

[billyg1943]

Thanks, Maurice.

ESET log.txt:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Not very useful. Scan found 2 items and quarantined them. Did not note them down because I expected the log would tell me.

Occasional Malwarebytes block messages. One today:

2013/04/18 08:57:38 +1000 BILL-WIN8-PC bill IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51125, Process: chrome.exe)

2013/04/18 09:30:52 +1000 BILL-WIN8-PC bill IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 55454, Process: chrome.exe)

2013/04/18 11:22:12 +1000 BILL-WIN8-PC bill MESSAGE Executing scheduled update: Daily

2013/04/18 11:22:21 +1000 BILL-WIN8-PC bill MESSAGE Scheduled update executed successfully: database updated from version v2013.04.16.01 to version v2013.04.18.01

2013/04/18 11:22:21 +1000 BILL-WIN8-PC bill MESSAGE Starting database refresh

2013/04/18 11:22:22 +1000 BILL-WIN8-PC bill MESSAGE Stopping IP protection

2013/04/18 11:22:22 +1000 BILL-WIN8-PC bill MESSAGE IP Protection stopped successfully

2013/04/18 11:22:25 +1000 BILL-WIN8-PC bill MESSAGE Database refreshed successfully

2013/04/18 11:22:25 +1000 BILL-WIN8-PC bill MESSAGE Starting IP protection

2013/04/18 11:22:27 +1000 BILL-WIN8-PC bill MESSAGE IP Protection started successfully

Security Check results:

Results of screen317's Security Check version 0.99.62

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 11.6.602.180

Adobe Reader XI

Mozilla Firefox (20.0.1)

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Windows Defender MsMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

PC still hibernating, sometimes after only a few minutes of inactivity despite Power settings set to Never hibernate while connected to mains power. Did it during ESET scan. Otherwise system seems OK.

[Maurice Naggar]

Go to Control Panel >> Power Options

Re-review all your settings closely.

Click on the icon Change when the computer sleeps

I "presume" your system is a notebook/laptop.

Here is how I have my notebook power saving settings

As to the IP "blocks", you want to recheck/rewview closely your add-ons & extensions in the Chrome browser.

There may be an extension add-on that has bundled some adware.

When time is convenient, close all your open programs.

Then start your Windows Defender and do a Update run & then do a Full scan.

Let me know the result.

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

The Safety scanner is not intended as a substitute for your antivirus, nor is it intended as a permanent a-v replacement.

[billyg1943]

Hi Maurice,

No hibernations at all today. FWIW, I have changed to High Performance power plan.

Chrome only has Google Docs and Internet Download Manager add-ins.

Neither Defender of MS Safety Scanner found malware.

Thanks for your help,

Bill

[Maurice Naggar]

Hello Bill,

Good to hear of this news. Kudos.

Do these cleanups:

Delete DDS

adwcleaner.exe

roguekiller.exe

securitycheck.exe

the MS Safety Scanner

DDS

Go to Control Panel >> Programs and Features & un-install ESET Online scan

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  How to create a Windows system image in Windows 7 and Windows 8
  http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
  How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
  http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[Maurice Naggar]

P.S. You should make a Windows 8 rescue disc and store away for a rainy day

See Grinler's article http://www.bleepingc...em-repair-disc/