Infection, probably Sweetpacks hijacker

[konriar]

Hi folks,

My new HP Envy h8 desktop running Windows 8 x64 got a Sweetpacks hijacker and/or virus about two months ago. I've tried removing from many angles but still have symptoms.

(Fake Acrobat install prompts popup on Chrome browser, Malwarebytes and other scanners found malicious items, IE seems hijacked, JRT can't remove some Sweetpacks registry entries, Malwarebytes was blocking outgoing and incoming IP connections from svchost, occasional crashes.)

Any help would be much appreciated!

~

--------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Carly at 7:47:58 on 2013-05-26

#Option Extended Search is enabled.

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8129.4734 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\svchost.exe -k apphost

C:\windows\system32\dashost.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\taskhostex.exe

C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe

C:\Program Files\IDT\WDM\Beats64.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe

C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Carly\Downloads\Windows-KB890830-x64-V4.20.exe

c:\660293e94918c2eb3b7b8bed700f9a\mrtstub.exe

C:\windows\system32\MRT.exe

C:\Users\Carly\Downloads\SUPERAntiSpyware.exe

C:\Users\Carly\Downloads\SUPERAntiSpyware.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\windows\system32\srtasks.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\sysWow64\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={87E291A5-B1EF-11E2-BE75-7054D2BEF601}

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned>

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Carly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\EVOLUE~1.LNK - C:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5B6E9225-6C91-4309-A559-7C325E769974} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{BAB48341-8840-4FC0-BB67-5240DEEEC25C} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-4-30 65336]

R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-4-30 189936]

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-12-7 652344]

R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-4-9 56336]

R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-4-30 1025808]

R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-4-30 378432]

R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-11-14 239616]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-4-30 33400]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-4-30 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-9 128896]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-9 165760]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-29 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-29 701512]

R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-9 364416]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]

R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\windows\System32\Drivers\EvoMouseDriverFilterHidUsb.sys [2010-6-23 25144]

R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\windows\System32\Drivers\EvoMouseDriverMini.sys [2010-6-23 22584]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-8-21 110744]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-29 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 acsock;acsock;C:\windows\System32\Drivers\acsock64.sys [2013-4-29 107432]

S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2013-5-11 31800]

.

=============== Created Last 60 ================

.

2013-05-26 11:25:08 -------- d-----w- C:\ProgramData\SUPERSetup

2013-05-26 11:25:03 -------- d-----w- C:\660293e94918c2eb3b7b8bed700f9a

2013-05-26 10:53:56 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-26 01:28:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-05-23 02:18:07 -------- d-----w- C:\Program Files\CCleaner

2013-05-19 19:37:59 659456 ----a-w- C:\windows\SysWow64\mssvp.dll

2013-05-15 17:37:44 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-05-15 15:52:55 861184 ----a-w- C:\windows\System32\drivers\http.sys

2013-05-15 15:52:54 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-05-15 15:52:54 2382336 ----a-w- C:\windows\SysWow64\esent.dll

2013-05-15 15:52:53 2851840 ----a-w- C:\windows\System32\esent.dll

2013-05-15 11:26:58 70144 ----a-w- C:\windows\System32\appinfo.dll

2013-05-15 11:26:58 112872 ----a-w- C:\windows\System32\consent.exe

2013-05-12 00:32:36 -------- d-----w- C:\Users\Carly\AppData\Local\VS Revo Group

2013-05-12 00:32:33 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys

2013-05-12 00:32:33 -------- d-----w- C:\ProgramData\VS Revo Group

2013-05-12 00:32:32 -------- d-----w- C:\Program Files\VS Revo Group

2013-05-12 00:04:08 -------- d-----w- C:\Users\Carly\AppData\Local\Pokki

2013-05-12 00:01:01 971680 ----a-w- C:\windows\System32\deployJava1.dll

2013-05-12 00:01:01 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll

2013-05-12 00:01:00 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll

2013-05-11 22:57:39 -------- d-----w- C:\Program Files (x86)\ESET

2013-05-11 21:54:11 -------- d-----w- C:\windows\ERUNT

2013-05-11 21:54:06 -------- d-----w- C:\JRT

2013-05-01 01:19:46 -------- d-----w- C:\Program Files (x86)\Common Files\IVA

2013-05-01 01:19:28 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance

2013-05-01 01:18:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\calibre

2013-05-01 01:06:11 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-05-01 01:06:06 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-05-01 01:06:06 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-05-01 01:06:05 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-05-01 01:06:04 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-05-01 01:05:53 41664 ----a-w- C:\windows\avastSS.scr

2013-05-01 01:05:45 -------- d-----w- C:\Program Files\AVAST Software

2013-05-01 01:04:41 -------- d-----w- C:\ProgramData\AVAST Software

2013-05-01 00:54:39 12872 ----a-w- C:\windows\System32\bootdelete.exe

2013-05-01 00:47:58 -------- d-----w- C:\ProgramData\HitmanPro

2013-04-30 23:57:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nuance

2013-04-30 23:56:38 -------- d-----w- C:\Users\Carly\AppData\Roaming\FLEXnet

2013-04-30 23:54:27 -------- d-----w- C:\ProgramData\Nuance

2013-04-30 23:54:27 -------- d-----w- C:\Program Files (x86)\Nuance

2013-04-30 23:49:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-04-30 23:45:50 -------- d-----r- C:\Users\Carly\eBooks

2013-04-30 23:41:31 -------- d-----w- C:\Users\Carly\AppData\Roaming\DAEMON Tools Lite

2013-04-30 23:39:38 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-04-30 00:00:36 -------- d-----w- C:\Users\Carly\.swt

2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Roaming\cYo

2013-04-30 00:00:17 -------- d-----w- C:\Users\Carly\AppData\Local\cYo

2013-04-29 23:56:33 -------- d-----w- C:\Users\Carly\AppData\Roaming\Azureus

2013-04-29 23:56:16 -------- d-----w- C:\Program Files\ComicRack

2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\Nitro

2013-04-29 23:50:49 -------- d-----w- C:\Users\Carly\AppData\Roaming\FileOpen

2013-04-29 23:50:49 -------- d-----w- C:\ProgramData\FileOpen

2013-04-29 23:50:36 29712 ----a-w- C:\windows\System32\nitrolocalmon2.dll

2013-04-29 23:50:36 17936 ----a-w- C:\windows\System32\nitrolocalui2.dll

2013-04-29 23:50:33 -------- d-----w- C:\ProgramData\Nitro

2013-04-29 23:50:33 -------- d-----w- C:\Program Files\Common Files\Nitro

2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Nitro

2013-04-29 23:50:33 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro

2013-04-29 23:50:22 -------- d-----w- C:\Users\Carly\AppData\Roaming\Downloaded Installations

2013-04-29 23:35:50 -------- d-----w- C:\Program Files (x86)\Calibre2

2013-04-29 23:29:32 178688 ----a-w- C:\windows\SysWow64\unrar.dll

2013-04-29 23:29:30 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2013-04-29 20:35:24 -------- d-----w- C:\Program Files\Adblock Pro

2013-04-29 20:22:54 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-04-29 20:06:53 -------- d-----w- C:\Users\Carly\AppData\Local\MediaMonkey

2013-04-29 20:06:42 -------- d-----w- C:\Users\Carly\AppData\Roaming\MediaMonkey

2013-04-29 20:06:38 -------- d-----w- C:\ProgramData\MediaMonkey

2013-04-29 20:06:37 -------- d-----w- C:\Program Files (x86)\MediaMonkey

2013-04-29 19:29:35 -------- d-----w- C:\Users\Carly\AppData\Roaming\Malwarebytes

2013-04-29 19:29:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-04-29 19:29:26 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-29 19:29:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-29 19:29:11 -------- d-----w- C:\Users\Carly\AppData\Local\Programs

2013-04-19 23:51:29 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-04-19 23:49:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-04-19 23:49:28 -------- d-----w- C:\Users\Carly\AppData\Local\Microsoft Help

2013-04-19 23:42:30 -------- d-----w- C:\Users\Carly\Tracing

2013-04-19 23:42:30 -------- d-----w- C:\Program Files (x86)\OCSetup

2013-04-19 23:07:47 -------- d-----r- C:\Program Files (x86)\Skype

2013-04-19 22:48:03 -------- d-----w- C:\Program Files\Evoluent

2013-04-19 21:57:51 -------- d-----r- C:\Users\Carly\Dropbox

2013-04-19 21:55:50 -------- d-----w- C:\Users\Carly\AppData\Roaming\Dropbox

2013-04-19 21:37:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-04-19 11:01:44 -------- d-----w- C:\Users\Carly\AppData\Roaming\ViStart

2013-04-19 10:46:00 -------- d-----w- C:\Users\Carly\AppData\Roaming\hpqLog

2013-04-19 10:39:44 -------- d-----w- C:\Users\Carly\AppData\Local\Symantec

2013-04-19 10:38:45 56272 ----a-w- C:\windows\System32\snacnp.dll

2013-04-19 10:34:38 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2013-04-19 10:34:35 -------- d-----w- C:\Program Files (x86)\LastPass

2013-04-19 02:14:00 109568 ----a-w- C:\windows\System32\dskquota.dll

2013-04-19 02:12:59 665600 ----a-w- C:\windows\SysWow64\KernelBase.dll

2013-04-19 01:11:14 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-04-19 01:11:13 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-04-19 01:01:51 -------- d-----w- C:\Users\Carly\AppData\Local\Google

2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Deployment

2013-04-19 01:01:40 -------- d-----w- C:\Users\Carly\AppData\Local\Apps

2013-04-19 01:00:09 -------- d-----w- C:\ProgramData\Symantec

2013-04-19 00:36:42 775216 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-04-19 00:35:59 945152 ----a-w- C:\windows\System32\resetengmig.dll

2013-04-19 00:32:37 -------- d-----w- C:\Users\Carly\AppData\Local\ElevatedDiagnostics

2013-04-19 00:32:14 -------- d-----w- C:\Users\Carly\AppData\Local\Diagnostics

2013-04-19 00:28:26 -------- d-----w- C:\Users\Carly\AppData\Local\Hewlett-Packard

2013-04-19 00:07:36 -------- d-----w- C:\Users\Carly\AppData\Local\ATI

2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Searches

2013-04-19 00:06:10 -------- d-----r- C:\Users\Carly\Contacts

2013-04-19 00:04:50 -------- d-----w- C:\Users\Carly\AppData\Local\assembly

2013-04-19 00:04:26 -------- d-----w- C:\Users\Carly\AppData\Local\Power2Go8

2013-04-19 00:04:13 -------- d-----w- C:\Users\Carly\AppData\Local\VirtualStore

2013-04-15 11:02:04 334000 ----a-w- C:\windows\System32\RaCoInstx.dll

2013-04-15 11:02:04 2482960 ----a-w- C:\windows\System32\drivers\netr28x.sys

2013-04-10 01:20:58 -------- d-----w- C:\Program Files (x86)\SymSilent

2013-04-10 01:20:31 -------- d-----w- C:\ProgramData\Norton

2013-04-10 01:20:00 -------- d-----w- C:\ProgramData\NortonInstaller

2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DSETUP.dll

2013-04-10 01:18:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DSETUP.dll

2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\DXSETUP.exe

2013-04-10 01:18:59 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\DXSETUP.exe

2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\610443701ce358904\dsetup32.dll

2013-04-10 01:18:59 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60c5f6de1ce358903\dsetup32.dll

2013-04-10 01:18:58 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DSETUP.dll

2013-04-10 01:18:58 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\DXSETUP.exe

2013-04-10 01:18:58 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6080d24a1ce358902\dsetup32.dll

2013-04-10 01:18:56 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2013-04-10 01:18:38 -------- d-----r- C:\Program Files\Online Services

2013-04-10 01:14:40 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys

2013-04-10 01:14:40 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys

2013-04-10 01:14:40 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys

2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared

2013-04-10 01:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2013-04-10 01:12:29 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2013-04-10 01:12:29 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2013-04-10 01:12:29 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll

2013-04-10 01:08:20 -------- d-----w- C:\Program Files (x86)\HP Games

2013-04-10 01:07:35 -------- d-----w- C:\ProgramData\WildTangent

2013-04-10 01:07:35 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2013-04-10 01:07:21 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2013-04-10 01:06:51 -------- d-----w- C:\ProgramData\install_clap

2013-04-10 01:06:41 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-10 01:06:40 377344 ----a-w- C:\windows\System32\hpbrprtmon.dll

2013-04-10 01:06:40 355840 ----a-w- C:\windows\System32\hpbprtmon.dll

2013-04-10 01:06:40 170496 ----a-w- C:\windows\System32\hpbprtmonui.dll

2013-04-10 01:06:26 -------- d-----r- C:\Program Files (x86)\Online Services

2013-04-10 01:04:25 27456 ----a-w- C:\windows\System32\drivers\cpqdfw.sys

2013-04-10 01:03:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-04-10 01:03:14 -------- d-----w- C:\ProgramData\Ralink Driver

2013-04-10 01:03:08 -------- d-----w- C:\ProgramData\AMD

2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-04-10 01:03:08 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-04-10 01:03:07 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-04-10 01:02:52 -------- d-----w- C:\Program Files\ATI

2013-04-10 01:02:52 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-04-10 01:02:40 15168 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll

2013-04-10 01:02:25 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2013-04-10 01:02:10 -------- d-----w- C:\Program Files\IDT

2013-04-10 01:01:00 117248 ----a-w- C:\windows\System32\HPMUIDir.exe

2013-04-10 00:58:23 6102016 ----a-w- C:\windows\System32\stlang64.dll

2013-04-10 00:58:23 41664 ----a-w- C:\windows\System32\Beats64.exe

2013-04-10 00:58:23 224256 ----a-w- C:\windows\System32\HPToneCtrls64.dll

2013-04-10 00:58:23 1821184 ----a-w- C:\windows\System32\IDTNC64.cpl

2013-04-10 00:58:23 1664000 ----a-w- C:\windows\sttray64.exe

2013-04-10 00:58:23 -------- d-----w- C:\ProgramData\SoundResearch

2013-04-10 00:58:17 0 ----a-w- C:\windows\ativpsrm.bin

2013-04-10 00:58:15 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

.

==================== Find6M ====================

.

2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-04-30 00:16:16 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-30 00:16:16 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-04-30 00:16:16 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-09 23:17:44 2242048 ----a-w- C:\windows\System32\wininet.dll

2013-04-09 23:17:36 915968 ----a-w- C:\windows\System32\uxtheme.dll

2013-04-09 23:16:58 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-09 22:30:26 1767424 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-09 22:29:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll

2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll

2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe

2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys

2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll

2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll

2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll

2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll

2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe

2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe

2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe

2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe

2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe

2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe

2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll

2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll

2013-04-09 04:51:20 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll

2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll

2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll

2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll

2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll

2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll

2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll

2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll

2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll

2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll

2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll

2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll

2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll

2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll

2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll

2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll

2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll

2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll

2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll

2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll

2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll

2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll

2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll

2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll

2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll

2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl

2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys

2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys

2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys

2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys

2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys

2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys

2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys

2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys

2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys

2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll

2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll

2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll

2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll

2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe

2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe

2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe

2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe

2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll

2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi

2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe

2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe

2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi

2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll

2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll

2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS

2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys

2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys

2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys

2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys

2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys

2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys

2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys

2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys

2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe

2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll

2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll

2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll

2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll

2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll

2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll

2013-03-02 08:23:04 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll

.

============= FINISH: 7:48:12.83 ===============

-------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 4/18/2013 8:03:44 PM

System Uptime: 5/26/2013 6:56:39 AM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2AD5

Processor: Intel® Core i7-3770 CPU @ 3.40GHz | | 3401/25mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 912 GiB total, 778.246 GiB free.

D: is FIXED (NTFS) - 18 GiB total, 2.29 GiB free.

E: is Removable

F: is CDROM (UDF)

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP7: 4/30/2013 8:24:26 PM - Sweetspots virus

RP8: 5/11/2013 6:41:51 PM - Before registry edit to remove sweetpacks

RP9: 5/15/2013 3:00:08 AM - Windows Update

RP10: 5/19/2013 5:06:38 PM - Windows Update

RP12: 5/26/2013 7:44:34 AM - Revo Uninstaller Pro's restore point - µTorrent

.

==== Installed Programs ======================

.

Adobe Photoshop Elements 11

Adobe Premiere Elements 11

Adobe Reader XI (11.0.03)

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

avast! Free Antivirus

calibre

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Desktop

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

ComicRack v0.9.168

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dragon NaturallySpeaking 12

Dropbox

Elements 11 Organizer

ESET Online Scanner v3

Evoluent Mouse Manager

Google Chrome

Google Drive

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP Customer Experience Enhancements

HP Postscript Converter

HP Registration Service

HP Support Information

HydraVision

IDT Audio

Intel® Management Engine Components

Intel® Trusted Connect Service Client

Java 7 Update 21

Java 7 Update 21 (64-bit)

Java Auto Updater

K-Lite Codec Pack 9.9.0 (Basic)

LastPass(uninstall only)

Malwarebytes Anti-Malware version 1.75.0.1300

MediaMonkey 4.0

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 Parser and SDK

Nitro Reader 3

Photo Common

Photo Gallery

Pokki

Pokki Download Helper

PRE11 STI 64Installer

PSE11 STI Installer

Ralink RT5390R 802.11bgn Wi-Fi Adapter

Recovery Manager

Revo Uninstaller Pro 3.0.5

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype™ 6.3

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VLC media player 2.0.6

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

5/26/2013 6:56:42 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

5/26/2013 6:45:32 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/26/2013 6:45:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

5/26/2013 3:38:46 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/26/2013 3:00:01 AM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/26/2013 3:00:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}

5/26/2013 2:22:10 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/25/2013 8:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

5/25/2013 8:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

5/25/2013 8:29:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

5/25/2013 8:29:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service.

5/25/2013 8:27:50 AM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Group Policy Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

5/25/2013 8:27:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

5/25/2013 8:27:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

5/25/2013 8:26:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

5/25/2013 10:20:11 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/25/2013 10:20:08 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/24/2013 9:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

5/24/2013 9:41:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

5/24/2013 9:40:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.

5/24/2013 9:40:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

5/19/2013 9:58:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.

5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/19/2013 9:56:31 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/19/2013 8:46:04 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: DNS Client Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

5/19/2013 8:45:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

5/19/2013 8:45:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

5/19/2013 8:44:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

5/19/2013 8:18:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.

.

==== End Of File ===========================

[Maurice Naggar]

Hello kornriar and welcome to MalwareBytes forums.

As we go along in running some tools, I will be asking you to turn OFF your antivirus - Avast. When you do so, do not put any time limit for it to be off. We will want it to be off in-total.

The procedure for your Avast will be, as follows:

IF you have Avast installed, Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Always read all of the intructions before jumping in. If you have questions, please stop and ask me.

Do not do any fixes or tweaks nor run other tools on your own without first checking with me.

You have Windows 8 and on most tools you will need to start by doing a RIGHT-Click and selecting Run as Administrator and Allowing the run.

Disconnect any external storage drives. Eject/remove any CD or DVD that may be in the optical drive.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

IF you have Avast installed, Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

NEXT:

• Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external storage drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• When prompted to accept the EULA, please do so.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

Re-enable your antivirus when all done. You may use 1 reply per each log. Just do not use attach (unless the log is way huge & won't fir).

Always Copy > Paste all log contents directly into main-body of reply.

[konriar]

Hi Maurice, thanks for taking this on.

FYI: While downloading aswMBR, explorer.exe kept crashing. I tried restarting but it was stuck on the restart screen and I had to do a hard restart. I'd messed with the registry this morning to try to remove some Sweetpacks registry entries that JRT couldn't remove. Suspecting this was causing the crash, I just imported a registry backup from 5/22/2013. Let me know if that changes anything.

The aswMBR didn't have the "Fix" button enabled.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-05-26 15:16:14

-----------------------------

15:16:14.232 OS Version: Windows x64 6.2.9200

15:16:14.232 Number of processors: 8 586 0x3A09

15:16:14.233 ComputerName: SUPERFROG UserName: Carly

15:16:14.239 Initialze error 1

15:16:14.304 AVAST engine defs: 13052600

15:16:19.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000040

15:16:19.976 Disk 0 Vendor: WDC_WD10EZEX-60ZF5A0 80.00A80 Size: 953869MB BusType: 8

15:16:19.984 Disk 0 MBR read successfully

15:16:19.985 Disk 0 MBR scan

15:16:19.987 Disk 0 unknown MBR code

15:16:19.993 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

15:16:19.995 Disk 0 scanning C:\windows\system32\drivers

15:16:19.996 Service scanning

15:16:20.657 Modules scanning

15:16:20.661 AVAST engine scan C:\windows

15:16:20.666 AVAST engine scan C:\windows\system32

15:16:20.670 AVAST engine scan C:\windows\system32\drivers

15:16:20.675 AVAST engine scan C:\Users\Carly

15:16:20.680 AVAST engine scan C:\ProgramData

15:16:20.690 Scan finished successfully

15:17:07.058 Disk 0 MBR has been saved successfully to "C:\Users\Carly\Desktop\MBR.dat"

15:17:07.062 The log file has been saved successfully to "C:\Users\Carly\Desktop\aswMBR.txt"

[konriar]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Carly [Admin rights]

Mode : Scan -- Date : 05/26/2013 15:19:21

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermProc]

[sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 +++++

--- User ---

[MBR] c5fd88052c99979570bfd56899becca4

[bSP] 01302b46eaad1b6337bf4adb5c194084 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05262013_02d1519.txt >>

RKreport[1]_S_05262013_02d1519.txt

[Maurice Naggar]

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press and hold Windows-key & then press R key to get the RUN menu.
  
• Type in

  explorer.exe

  and press Enter
  

• When in Windows Explorer, press ALT-key then V key to get VIEW menu
  
• Look at the top ribbon, right side. {the Show/Hide block}
  
• Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

Step 3

Turn off your Avast so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Do -not- put any time limit on the turn off. We need to turn it off in total.

• Please disconnect any USB or external storage drives from the computer before you run this scan!
  
• Start RogueKiller
  For Vista or Windows 7 / 8, do a right-click on the roguekiller.exe program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermProc]
  [sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]
  UN-check any -other - lines shown on your screen that are not listed in the above list.
  
• Then click on Delete on the right hand column under Options.
  
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Step 4

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When all done, turn back on your Antivirus program.

Edited May 26, 2013 by Maurice Naggar

[konriar]

Done. Nothing showed up in the registry tab, before or after scanning. The Pokki entries showed up in the Processes tab. The log says they're killed but keep reappearing every time I re-scan. Is pokki bad?

I ran the MBAR scan twice, it came out clean both times.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Carly [Admin rights]

Mode : Remove -- Date : 05/26/2013 17:48:01

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermProc]

[sUSP PATH] pokki.exe -- C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 +++++

--- User ---

[MBR] c5fd88052c99979570bfd56899becca4

[bSP] 01302b46eaad1b6337bf4adb5c194084 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_D_05262013_02d1748.txt >>

RKreport[1]_S_05262013_02d1519.txt ; RKreport[2]_S_05262013_02d1742.txt ; RKreport[3]_S_05262013_02d1745.txt ; RKreport[4]_D_05262013_02d1748.txt

[Maurice Naggar]

Can't tell what pokki you have here. The pokki toolbar is an unwanted (undesirable) add-on toolbar.

Let's have you do an online submission for analysis.

Use your Internet Explorer browser to go here at Virustotal website

Click the Choose File button and then navigate to C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe, then click the Scan it button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Use your Internet Explorer browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe, then click the Upload button.

Save the results, and post back here in a reply.

Task 2

We Need to Run a Batch Script

1. Press the Windows-key+R key on keyboard to get RUN option.
   
2. In the RUN /OPEN box, type notepad and press Enter.
   
3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
   

   net stop pokki.exe
   sc delete pokki.exe
   ren C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe pokki.bad
   del /f /q "%~f0"

   
   

4. Select File -> Save AS.
   
5. Press the Desktop button on the left side of the save dialog.
   
6. In the box, type in Fix.bat.
   
7. Press .
   
8. Close Notepad.
   
9. Right click on your desktop, and choose .
   
10. Press Yes if prompted by User Account Control.
    

Task 3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes or so. Have ... infinite patience ... while this runs. It will eventually finish.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

[konriar]

Ok. I downloaded Pokki as an app to put a Windows-button back in Windows 8 . The first scan came out clean. Here's the results:

SHA256: a55b1829dee2d668d1909720ee1632eaced2990f64b5a2209ce0daa961ade707

File name: pokki.exe

Detection ratio: 0 / 47

Analysis date: 2013-05-27 23:52:29 UTC ( 0 minutes ago )

Agnitum  20130527

AhnLab-V3  20130527

AntiVir  20130528

Antiy-AVL  20130527

Avast  20130528

AVG  20130527

BitDefender  20130528

ByteHero  20130517

CAT-QuickHeal  20130527

ClamAV  20130523

Commtouch  20130527

Comodo  20130527

DrWeb  20130528

Emsisoft  20130528

eSafe  20130527

ESET-NOD32  20130528

F-Prot  20130527

F-Secure  20130527

Fortinet  20130528

GData  20130528

Ikarus  20130527

Jiangmin  20130527

K7AntiVirus  20130524

K7GW  20130527

Kaspersky  20130527

Kingsoft  20130506

Malwarebytes  20130527

McAfee  20130528

McAfee-GW-Edition  20130527

Microsoft  20130528

MicroWorld-eScan  20130528

NANO-Antivirus  20130528

Norman  20130527

nProtect  20130527

Panda  20130527

PCTools  20130521

Rising  20130527

Sophos  20130528

SUPERAntiSpyware  20130527

Symantec  20130528

TheHacker  20130526

TotalDefense  20130527

TrendMicro  20130528

TrendMicro-HouseCall  20130527

VBA32  20130527

VIPRE  20130528

ViRobot  20130527

PE signature block

Copyright

Copyright © 2010-2012 - SweetLabs, Inc

Publisher Pokki

Product Pokki

Version 0.260.9.16

Original name pokki.exe

Internal name pokki

File version 0.260.9.16

Description Pokki

Signature verification Signed file, verified signature

Signing date 5:15 PM 5/6/2013

Signers

[+] Pokki

Status Valid

Valid from 1:00 AM 2/28/2012

Valid to 12:59 AM 4/26/2015

Valid usage Code Signing

Algorithm SHA1

Thumbrint F41411F154A69B51A8DC29E49DDF1E64E2DBA5BF

Serial number 7F 0C 02 A0 B2 F2 B0 72 73 27 29 6C 87 36 18 3B

[+] VeriSign Class 3 Code Signing 2010 CA

Status Valid

Valid from 1:00 AM 2/8/2010

Valid to 12:59 AM 2/8/2020

Valid usage Client Auth, Code Signing

Algorithm SHA1

Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F

Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7

[+] VeriSign

Status Valid

Valid from 1:00 AM 11/8/2006

Valid to 12:59 AM 7/17/2036

Valid usage Server Auth, Client Auth, Email Protection, Code Signing

Algorithm SHA1

Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A

Counter signers

[+] Symantec Time Stamping Services Signer - G4

Status Valid

Valid from 1:00 AM 10/18/2012

Valid to 12:59 AM 12/30/2020

Valid usage Timestamp Signing

Algorithm SHA1

Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4

Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50

[+] Symantec Time Stamping Services CA - G2

Status Valid

Valid from 1:00 AM 12/21/2012

Valid to 12:59 AM 12/31/2020

Valid usage Timestamp Signing

Algorithm SHA1

Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1

Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B

[+] Thawte Timestamping CA

Status Valid

Valid from 1:00 AM 1/1/1997

Valid to 12:59 AM 1/1/2021

Valid usage Timestamp Signing

Algorithm MD5

Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656

Serial number 00

ExifTool file metadata

SubsystemVersion

5.0

LinkerVersion

9.0

ImageVersion

0.0

FileSubtype

0

FileVersionNumber

0.262.11.444

UninitializedDataSize

0

LanguageCode

English (U.S.)

FileFlagsMask

0x0017

CharacterSet

Unicode

InitializedDataSize

1711616

FileOS

Win32

MIMEType

application/octet-stream

LegalCopyright

Copyright © 2010-2012 - SweetLabs, Inc

FileVersion

0.260.9.16

TimeStamp

2013:05:06 17:14:37+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

pokki

FileAccessDate

2013:05:28 00:52:40+01:00

ProductVersion

0.260.9.16

FileDescription

Pokki

OSVersion

5.0

FileCreateDate

2013:05:28 00:52:40+01:00

OriginalFilename

pokki.exe

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Pokki

CodeSize

4228096

ProductName

Pokki

ProductVersionNumber

0.0.0.0

EntryPoint

0x3310d4

ObjectFileType

Executable application

MD5 9e4361bc63bb8c89929a2ee9b650f021

SHA1 77594b6a827008055c185813e36c1726eaf26e5a

SHA256 a55b1829dee2d668d1909720ee1632eaced2990f64b5a2209ce0daa961ade707

ssdeep

98304:VfVaQR2iGrGa1G64yqgDbQ4p1arzXJB4KL+:JVXR2FiEqZB4d

File size 5.6 MB ( 5923096 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID

InstallShield setup (50.7%)

Win32 Executable MS Visual C++ (generic) (36.8%)

Win32 Executable (generic) (7.6%)

Generic Win/DOS Executable (2.3%)

DOS Executable Generic (2.3%)

VirusTotal metadata

First submission 2013-05-15 22:58:03 UTC ( 1 week, 5 days ago )

Last submission 2013-05-27 23:52:29 UTC ( 7 minutes ago )

File names

pokki.exe

pokki

[konriar]

Here's OTL.txt in case you wanted it. I tried three times but it never made an Extras.txt log file.

----------

OTL logfile created on: 5/27/2013 8:28:40 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carly\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16580)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 80.00% Memory free

9.38 Gb Paging File | 7.15 Gb Available in Paging File | 76.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.73 Gb Total Space | 777.38 Gb Free Space | 85.26% Space Free | Partition Type: NTFS

Drive D: | 18.31 Gb Total Space | 2.29 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Drive F: | 1.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SUPERFROG | User Name: Carly | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2013/05/27 20:02:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carly\Desktop\OTL.exe

PRC - [2013/05/23 14:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/23 11:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2012/07/18 22:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

PRC - [2012/07/18 04:51:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/07/18 04:50:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/07/18 04:46:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012/07/18 04:45:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/06/07 11:35:02 | 000,522,744 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

PRC - [2012/06/07 11:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/06 12:12:06 | 000,061,952 | ---- | M] () -- C:\Users\Carly\AppData\Local\Pokki\Engine\chrome.dll

MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Carly\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/12/05 18:23:48 | 000,184,846 | ---- | M] () -- C:\Users\Carly\AppData\Local\Pokki\Engine\avformat-53.dll

MOD - [2012/12/05 18:23:44 | 001,093,646 | ---- | M] () -- C:\Users\Carly\AppData\Local\Pokki\Engine\avcodec-53.dll

MOD - [2012/12/05 18:23:44 | 000,117,262 | ---- | M] () -- C:\Users\Carly\AppData\Local\Pokki\Engine\avutil-51.dll

MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Carly\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)

SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/02/02 04:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/01/28 21:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/11/14 20:34:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/10/11 22:06:29 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/10/11 22:05:47 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012/10/11 22:05:41 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012/10/11 22:05:38 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 23:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/11 22:05:38 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/09/23 11:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)

SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2012/07/25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2012/07/18 22:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)

SRV - [2012/07/18 04:51:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/07/18 04:50:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/07/18 04:46:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2012/07/18 04:45:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/06/07 11:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/05/09 04:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2013/04/09 01:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/02 06:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/03/02 06:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/02/02 07:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/02/02 03:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/01/28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/01/28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/12/07 03:35:01 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/14 22:24:50 | 010,316,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/11/14 20:11:50 | 000,370,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/24 22:18:48 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 22:05:39 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012/10/11 22:05:37 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/10/11 22:05:37 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/10/11 22:05:37 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012/08/21 21:54:25 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)

DRV:64bit: - [2012/08/10 06:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/18 04:46:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/07/18 00:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/06/07 11:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2012/06/07 11:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)

DRV:64bit: - [2012/06/02 10:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/06/02 10:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2010/06/23 19:17:36 | 000,025,144 | ---- | M] (Evoluent) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)

DRV:64bit: - [2010/06/23 19:17:36 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\revoflt.sys -- (Revoflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)

FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\Carly\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://erichamiter.com

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - Extension: Google Docs = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\

CHR - Extension: Google Search = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Read Later Fast = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.6_0\

CHR - Extension: Print this page with CleanPrint = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.7.0_0\

CHR - Extension: Print Selection = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0\

CHR - Extension: LastPass = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\

CHR - Extension: Readability Redux = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia\1.3.4_0\

CHR - Extension: Eric Hamiter = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop\1.0_0\

CHR - Extension: HootSuite = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\

CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\

CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\

CHR - Extension: Autofill = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\

CHR - Extension: Print Friendly & PDF = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0\

CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.1.10_0\

CHR - Extension: Gmail = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: RSS Feed Reader = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.0.12_0\

CHR - Extension: Google Docs = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\

CHR - Extension: Google Search = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Read Later Fast = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.6_0\

CHR - Extension: Print this page with CleanPrint = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.7.0_0\

CHR - Extension: Print Selection = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkdpdnociibpkkpjgmcmdlnjlebpajk\0.5.3_0\

CHR - Extension: LastPass = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\

CHR - Extension: Readability Redux = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia\1.3.4_0\

CHR - Extension: Eric Hamiter = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplllfmgpkogegnjnkecmkdbeaeheop\1.0_0\

CHR - Extension: HootSuite = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\

CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\

CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\

CHR - Extension: Autofill = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\

CHR - Extension: Print Friendly & PDF = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0\

CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.1.10_0\

CHR - Extension: Gmail = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: RSS Feed Reader = C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.0.12_0\

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B6E9225-6C91-4309-A559-7C325E769974}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAB48341-8840-4FC0-BB67-5240DEEEC25C}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/22 00:24:09 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2010/03/12 06:06:18 | 000,464,248 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\Shell\configure\command - "" = F:\setup.exe -- [2010/03/12 06:06:18 | 000,464,248 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\Shell\install\command - "" = F:\setup.exe -- [2010/03/12 06:06:18 | 000,464,248 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\Shell - "" = AutoRun

O33 - MountPoints2\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\Shell\AutoRun\command - "" = "K:\MotoCastSetup.exe" -a

O33 - MountPoints2\{fe5d0441-b1af-11e2-be75-7054d2bef601}\Shell - "" = AutoRun

O33 - MountPoints2\{fe5d0441-b1af-11e2-be75-7054d2bef601}\Shell\AutoRun\command - "" = "J:\setup.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/27 20:02:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carly\Desktop\OTL.exe

[2013/05/26 17:54:40 | 000,000,000 | ---D | C] -- C:\Users\Carly\Desktop\mbar-1.06.0.1003

[2013/05/26 17:38:26 | 000,000,000 | ---D | C] -- C:\Users\Carly\Desktop\Registry Backup

[2013/05/26 17:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/05/26 17:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/05/26 17:35:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Carly\Desktop\erunt-setup.exe

[2013/05/26 16:20:59 | 008,771,072 | ---- | C] (IvoSoft) -- C:\Users\Carly\Desktop\ClassicShellSetup_3_6_7.exe

[2013/05/26 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\Adobe

[2013/05/26 14:57:09 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Carly\Desktop\aswMBR (1).exe

[2013/05/26 07:48:29 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\SUPERAntiSpyware.com

[2013/05/26 07:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/05/26 07:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/05/26 07:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/05/26 07:07:39 | 000,000,000 | R--D | C] -- C:\Users\Carly\Documents\2013 - Sodexo

[2013/05/26 06:53:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/05/25 21:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/05/24 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Nitro PDF

[2013/05/22 22:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/05/22 22:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/05/20 20:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/05/20 20:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2013/05/19 15:38:15 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll

[2013/05/19 15:38:15 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll

[2013/05/19 15:38:14 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll

[2013/05/19 15:38:13 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll

[2013/05/19 15:38:13 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll

[2013/05/19 15:38:13 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll

[2013/05/19 15:38:12 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll

[2013/05/19 15:38:12 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll

[2013/05/19 15:38:12 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll

[2013/05/19 15:38:11 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll

[2013/05/19 15:38:10 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll

[2013/05/19 15:38:09 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll

[2013/05/19 15:38:08 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll

[2013/05/19 15:38:07 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll

[2013/05/19 15:38:07 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll

[2013/05/19 15:38:07 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll

[2013/05/19 15:38:07 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe

[2013/05/19 15:38:07 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll

[2013/05/19 15:38:06 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll

[2013/05/19 15:38:06 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll

[2013/05/19 15:38:06 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll

[2013/05/19 15:38:06 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll

[2013/05/19 15:38:06 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2013/05/19 15:38:06 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe

[2013/05/19 15:38:06 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll

[2013/05/19 15:38:05 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe

[2013/05/19 15:38:03 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi

[2013/05/19 15:38:03 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll

[2013/05/19 15:38:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll

[2013/05/19 15:38:00 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll

[2013/05/19 15:38:00 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe

[2013/05/19 15:38:00 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi

[2013/05/19 15:38:00 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll

[2013/05/19 15:37:59 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe

[2013/05/19 15:37:59 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll

[2013/05/19 15:37:59 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll

[2013/05/19 15:37:59 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll

[2013/05/19 15:37:59 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll

[2013/05/19 15:37:59 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll

[2013/05/19 15:37:59 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2013/05/19 15:37:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll

[2013/05/19 15:37:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll

[2013/05/19 15:37:59 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll

[2013/05/19 15:37:59 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll

[2013/05/19 15:37:58 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll

[2013/05/19 15:37:58 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl

[2013/05/19 15:37:58 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll

[2013/05/19 15:37:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl

[2013/05/19 15:37:58 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll

[2013/05/19 15:37:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll

[2013/05/19 15:37:58 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys

[2013/05/19 15:37:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll

[2013/05/19 15:37:58 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll

[2013/05/19 15:37:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe

[2013/05/19 15:37:58 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll

[2013/05/19 15:37:58 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe

[2013/05/19 15:37:58 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe

[2013/05/19 15:37:58 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll

[2013/05/19 15:37:58 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys

[2013/05/19 15:37:58 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll

[2013/05/19 15:37:58 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll

[2013/05/19 15:37:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll

[2013/05/19 15:37:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll

[2013/05/19 15:37:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll

[2013/05/19 15:37:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll

[2013/05/19 15:37:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll

[2013/05/15 20:50:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/05/15 20:50:13 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll

[2013/05/15 20:50:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/05/15 20:50:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/05/15 20:50:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/05/15 20:50:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll

[2013/05/15 20:50:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/05/15 20:50:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll

[2013/05/15 11:52:54 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2013/05/15 11:52:54 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll

[2013/05/15 11:52:53 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll

[2013/05/15 07:26:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll

[2013/05/15 07:26:58 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe

[2013/05/12 06:52:52 | 000,000,000 | ---D | C] -- C:\Users\Carly\Desktop\Cleaning Tools

[2013/05/11 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Carly\Documents\mbar-1.05.0.1001

[2013/05/11 20:32:36 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\VS Revo Group

[2013/05/11 20:32:33 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys

[2013/05/11 20:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2013/05/11 20:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/05/11 20:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/05/11 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\Pokki

[2013/05/11 20:01:01 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll

[2013/05/11 20:01:01 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll

[2013/05/11 20:01:01 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe

[2013/05/11 20:01:00 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe

[2013/05/11 20:01:00 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe

[2013/05/11 20:01:00 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll

[2013/05/11 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/05/11 18:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/05/11 18:51:33 | 000,000,000 | ---D | C] -- C:\Users\Carly\Desktop\RK_Quarantine

[2013/05/11 17:54:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

[2013/05/11 17:54:06 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/08 06:34:09 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\vlc

[2013/04/30 21:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0

[2013/04/30 21:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA

[2013/04/30 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance

[2013/04/30 21:18:35 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\calibre

[2013/04/30 21:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2013/04/30 21:06:13 | 000,378,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2013/04/30 21:06:13 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2013/04/30 21:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/04/30 21:06:11 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2013/04/30 21:06:10 | 000,064,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2013/04/30 21:06:06 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2013/04/30 21:06:04 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2013/04/30 21:06:04 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2013/04/30 21:05:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2013/04/30 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/04/30 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/04/30 20:54:39 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe

[2013/04/30 20:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/04/30 19:57:33 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Nuance

[2013/04/30 19:56:38 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\FLEXnet

[2013/04/30 19:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance

[2013/04/30 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance

[2013/04/30 19:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision

[2013/04/30 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2013/04/30 19:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2013/04/30 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013/04/30 19:45:50 | 000,000,000 | R--D | C] -- C:\Users\Carly\eBooks

[2013/04/30 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\DAEMON Tools Lite

[2013/04/30 19:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2013/04/29 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\Carly\Documents\Vuze Downloads

[2013/04/29 20:16:59 | 000,107,432 | R--- | C] (Cisco Systems, Inc.) -- C:\windows\SysNative\drivers\acsock64.sys

[2013/04/29 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\Cisco

[2013/04/29 20:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2013/04/29 20:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco

[2013/04/29 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2013/04/29 20:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013/04/29 20:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/04/29 20:16:20 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll

[2013/04/29 20:16:20 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll

[2013/04/29 20:16:20 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe

[2013/04/29 20:16:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2013/04/29 20:16:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2013/04/29 20:16:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

[2013/04/29 20:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013/04/29 20:00:36 | 000,000,000 | ---D | C] -- C:\Users\Carly\.swt

[2013/04/29 20:00:17 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\cYo

[2013/04/29 20:00:17 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\cYo

[2013/04/29 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Azureus

[2013/04/29 19:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack

[2013/04/29 19:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack

[2013/04/29 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Nitro

[2013/04/29 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\FileOpen

[2013/04/29 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen

[2013/04/29 19:50:36 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalmon2.dll

[2013/04/29 19:50:36 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\windows\SysNative\nitrolocalui2.dll

[2013/04/29 19:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro

[2013/04/29 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro

[2013/04/29 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro

[2013/04/29 19:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro

[2013/04/29 19:50:22 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Downloaded Installations

[2013/04/29 19:36:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/04/29 19:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2

[2013/04/29 19:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

[2013/04/29 19:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2013/04/29 19:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2013/04/29 16:35:26 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adblock Pro x64

[2013/04/29 16:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Pro

[2013/04/29 16:34:54 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\WinRAR

[2013/04/29 16:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/04/29 16:29:50 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/04/29 16:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2013/04/29 16:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2013/04/29 16:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/04/29 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2013/04/29 16:06:53 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\MediaMonkey

[2013/04/29 16:06:42 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\MediaMonkey

[2013/04/29 16:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey

[2013/04/29 16:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey

[2013/04/29 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey

[2013/04/29 15:29:35 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Roaming\Malwarebytes

[2013/04/29 15:29:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2013/04/29 15:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/29 15:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/29 15:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/29 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Carly\AppData\Local\Programs

[2013/04/19 06:34:38 | 014,880,256 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/05/27 20:11:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/27 20:02:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carly\Desktop\OTL.exe

[2013/05/27 15:48:00 | 000,000,530 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 91ae0744-8bba-4233-88f6-16f36ca1a6fe.job

[2013/05/27 15:35:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/05/27 02:00:00 | 000,000,530 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 20c1a7fc-786b-484a-a9e0-d34ea7d2c463.job

[2013/05/26 21:12:35 | 000,876,494 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/05/26 21:12:35 | 000,726,998 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/05/26 21:12:35 | 000,150,826 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/05/26 21:11:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/26 17:51:15 | 013,169,742 | ---- | M] () -- C:\Users\Carly\Desktop\mbar-1.06.0.1003.zip

[2013/05/26 17:37:28 | 000,000,890 | ---- | M] () -- C:\Users\Carly\Desktop\NTREGOPT.lnk

[2013/05/26 17:37:28 | 000,000,871 | ---- | M] () -- C:\Users\Carly\Desktop\ERUNT.lnk

[2013/05/26 17:35:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Carly\Desktop\erunt-setup.exe

[2013/05/26 16:21:02 | 008,771,072 | ---- | M] (IvoSoft) -- C:\Users\Carly\Desktop\ClassicShellSetup_3_6_7.exe

[2013/05/26 15:17:38 | 000,816,128 | ---- | M] () -- C:\Users\Carly\Desktop\RogueKiller.exe

[2013/05/26 15:17:07 | 000,000,512 | ---- | M] () -- C:\Users\Carly\Desktop\MBR.dat

[2013/05/26 15:06:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/05/26 15:06:37 | 2524,155,903 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/26 14:58:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Carly\Desktop\aswMBR (1).exe

[2013/05/24 18:51:03 | 000,002,192 | -H-- | M] () -- C:\Users\Carly\Documents\Default.rdp

[2013/05/23 22:13:37 | 000,001,054 | ---- | M] () -- C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/05/23 22:13:26 | 000,001,022 | ---- | M] () -- C:\Users\Carly\Desktop\Dropbox.lnk

[2013/05/23 17:11:08 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/05/22 22:20:35 | 000,499,216 | ---- | M] () -- C:\Users\Carly\Documents\cc_20130522_222001.reg

[2013/05/21 05:58:18 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2013/05/20 22:03:55 | 003,368,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/05/11 20:01:26 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/05/11 20:00:57 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll

[2013/05/11 20:00:56 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe

[2013/05/11 20:00:56 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe

[2013/05/11 20:00:55 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll

[2013/05/11 20:00:55 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe

[2013/05/11 20:00:54 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll

[2013/05/11 18:34:43 | 000,000,512 | ---- | M] () -- C:\Users\Carly\Documents\MBR.dat

[2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2013/05/09 04:59:07 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys

[2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2013/05/09 04:59:07 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys

[2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2013/05/09 04:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2013/05/07 16:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/05/07 16:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/04 06:57:25 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf

[2013/05/04 06:32:52 | 000,001,275 | ---- | M] () -- C:\Users\Carly\AppData\Roaming\SAS7_000.DAT

[2013/04/30 21:20:10 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk

[2013/04/30 21:18:24 | 000,000,160 | ---- | M] () -- C:\windows\wininit.ini

[2013/04/30 21:06:14 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/04/30 20:54:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe

[2013/04/29 20:16:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll

[2013/04/29 20:16:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll

[2013/04/29 20:16:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe

[2013/04/29 20:16:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2013/04/29 20:16:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2013/04/29 20:16:16 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

[2013/04/29 19:56:17 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2013/04/29 19:50:34 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk

[2013/04/29 19:35:53 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

[2013/04/29 16:23:06 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/29 16:22:14 | 022,943,014 | ---- | M] () -- C:\Users\Carly\Desktop\vlc-2-0-6-win32.exe

[2013/04/29 16:06:42 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk

[2013/04/29 15:29:27 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/29 15:14:19 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/04/29 15:10:16 | 000,001,097 | ---- | M] () -- C:\Users\Carly\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2013/05/26 17:50:45 | 013,169,742 | ---- | C] () -- C:\Users\Carly\Desktop\mbar-1.06.0.1003.zip

[2013/05/26 17:37:28 | 000,000,890 | ---- | C] () -- C:\Users\Carly\Desktop\NTREGOPT.lnk

[2013/05/26 17:37:28 | 000,000,871 | ---- | C] () -- C:\Users\Carly\Desktop\ERUNT.lnk

[2013/05/26 15:17:38 | 000,816,128 | ---- | C] () -- C:\Users\Carly\Desktop\RogueKiller.exe

[2013/05/26 15:17:07 | 000,000,512 | ---- | C] () -- C:\Users\Carly\Desktop\MBR.dat

[2013/05/26 07:48:53 | 000,000,530 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 91ae0744-8bba-4233-88f6-16f36ca1a6fe.job

[2013/05/26 07:48:45 | 000,000,530 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 20c1a7fc-786b-484a-a9e0-d34ea7d2c463.job

[2013/05/22 22:20:05 | 000,499,216 | ---- | C] () -- C:\Users\Carly\Documents\cc_20130522_222001.reg

[2013/05/20 22:03:48 | 003,368,064 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/05/19 15:37:57 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml

[2013/05/11 20:01:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/05/11 20:01:26 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/05/08 17:48:49 | 000,000,512 | ---- | C] () -- C:\Users\Carly\Documents\MBR.dat

[2013/05/04 06:57:25 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf

[2013/05/04 06:32:52 | 000,001,275 | ---- | C] () -- C:\Users\Carly\AppData\Roaming\SAS7_000.DAT

[2013/04/30 21:20:10 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 12.0.lnk

[2013/04/30 21:07:38 | 000,000,291 | ---- | C] () -- C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

[2013/04/30 21:06:13 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/04/30 21:06:06 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys

[2013/04/30 21:06:05 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys

[2013/04/30 21:06:04 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2013/04/30 19:54:27 | 000,000,160 | ---- | C] () -- C:\windows\wininit.ini

[2013/04/30 19:42:28 | 000,002,021 | ---- | C] () -- C:\Users\Carly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox.lnk

[2013/04/29 19:56:17 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk

[2013/04/29 19:50:34 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk

[2013/04/29 19:50:33 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk

[2013/04/29 19:35:52 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

[2013/04/29 19:29:32 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2013/04/29 16:23:06 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/29 16:22:05 | 022,943,014 | ---- | C] () -- C:\Users\Carly\Desktop\vlc-2-0-6-win32.exe

[2013/04/29 16:06:42 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk

[2013/04/29 15:29:27 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/29 15:14:19 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf

[2013/04/29 15:10:16 | 000,001,097 | ---- | C] () -- C:\Users\Carly\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/04/09 20:58:17 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2012/11/14 20:40:44 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2012/11/14 20:40:44 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2012/10/11 22:05:41 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll

[2012/08/10 19:56:12 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin

[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin

[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin

[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[2012/05/10 18:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll

[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

[2011/09/13 10:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2013/04/09 21:04:02 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/22 22:19:22 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Azureus

[2013/04/30 21:21:01 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\calibre

[2013/04/29 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\cYo

[2013/05/22 22:19:22 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\DAEMON Tools Lite

[2013/04/29 19:50:22 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Downloaded Installations

[2013/05/27 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Dropbox

[2013/04/29 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\FileOpen

[2013/05/12 08:33:12 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\MediaMonkey

[2013/04/29 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Nitro

[2013/05/24 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Nitro PDF

[2013/04/30 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\Nuance

[2013/04/30 20:25:14 | 000,000,000 | ---D | M] -- C:\Users\Carly\AppData\Roaming\ViStart

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:0FF263E8

< End of report >

[Maurice Naggar]

Please confirm that you are not currently being helped elsewhere.

I see this system has a number of other tools, including S*perantispyware & HitmanPro

As long as you are not being actively helped elsewhere....

Task 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Task 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member konriar only. If you are a casual viewer, do NOT try this on your system!

If you are not konriar and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file KonOTL.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the KonOTL.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Task 4

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Delete any prior copy of jrt.exe

Please download Junkware Removal Tool by Thisisu to your Desktop.

• Please close your security software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  
• The tool will open and display information and disclaimer in a Command prompt window.
  
• I'd suggest you close all internet browsers at this point.
  
• Press a key on keyboard to start scanning your system.
  
• Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  
• There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  
• Please post the contents of JRT.txt into a new reply.
  
• Re-enable your security software.

Task 5

Delete any prior copy of adwcleaner.exe if you have one from before.

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

KonOTL.txt

Edited May 28, 2013 by Maurice Naggar

[konriar]

Nope, not being helped elsewhere. I tried reading forums and getting tools to fix things myself, but still had problems, so finally came here.

Here's the first log, gotta do the rest tomorrow.

---

Rkill 2.5.0 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/28/2013 06:50:47 AM in x64 mode.

Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe (PID: 6012) [uP-HEUR]

* C:\Users\Carly\AppData\Local\Pokki\Engine\pokki.exe (PID: 7716) [uP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\Carly\Desktop\rkill\rkill-05-28-2013-06-50-51.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* WinDefend => "%ProgramFiles%\Windows Defender\MsMpEng.exe" [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/28/2013 06:51:13 AM

Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

[Maurice Naggar]

Just so you know, it is best to get guided expert help rather than self-medicating. That is especially so when malware is onboard.

While I am helping you and as this is not completely cured, do not do any websurfing nor online games or online transactions.

Only go to this forum and the websites I guide you to for tools.

[konriar]

Roger that.

I don't have any cd emulator software that I know of (I think the original problem came with a bad copy of DaemonTools Lite, but I uninstalled). DeFogger didn't seem to catch anything and didn't reboot. OTL did reboot. Here's the log:

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

File move failed. F:\setup.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

File move failed. F:\setup.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bc75f41-a88b-11e2-be6f-806e6f6e6963}\ not found.

File move failed. F:\setup.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8cbb2b-b1f7-11e2-be76-7054d2bef601}\ not found.

File "K:\MotoCastSetup.exe" -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe5d0441-b1af-11e2-be75-7054d2bef601}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe5d0441-b1af-11e2-be75-7054d2bef601}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe5d0441-b1af-11e2-be75-7054d2bef601}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe5d0441-b1af-11e2-be75-7054d2bef601}\ not found.

File "J:\setup.exe" not found.

========== FILES ==========

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar\Plugins folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar\Languages folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar\imageformats folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar\Data\Configuration folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar\Data folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001\mbar folder moved successfully.

C:\Users\Carly\Documents\mbar-1.05.0.1001 folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\torrents folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\stats\2013\04 folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\stats\2013 folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\stats folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\vuzexcode\tmp folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\images folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\vuzexcode\profiles folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\vuzexcode folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\azemp\mplayer folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\azemp folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins\aercm folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\cache folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\Carly\AppData\Roaming\Azureus folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carly

->Temp folder emptied: 6093341 bytes

->Temporary Internet Files folder emptied: 3914253 bytes

->Java cache emptied: 2625361 bytes

->Google Chrome cache emptied: 191061151 bytes

->Flash cache emptied: 506 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 57748 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 3991021 bytes

Total Files Cleaned = 198.00 mb

[EMPTYFLASH]

User: All Users

User: Carly

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Carly

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05292013_064047

Files\Folders moved on Reboot...

File move failed. F:\setup.exe scheduled to be moved on reboot.

C:\Users\Carly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[konriar]

After JRT finished, the little windows menu button Pokki put in the bottom left of the screen disappeared.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 8 x64

Ran by Carly on Wed 05/29/2013 at 6:51:41.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 05/29/2013 at 6:54:36.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[konriar]

I deleted the prior adwareclean app. Looks like it kept the prior logs and labeled this one R6.

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 06:59:12

# Updated 16/05/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Carly - SUPERFROG

# Boot Mode : Normal

# Running from : C:\Users\Carly\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Carly\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1442 octets] - [30/04/2013 20:40:18]

AdwCleaner[R2].txt - [880 octets] - [11/05/2013 18:00:44]

AdwCleaner[R3].txt - [1071 octets] - [11/05/2013 20:25:33]

AdwCleaner[R4].txt - [1190 octets] - [11/05/2013 20:27:47]

AdwCleaner[R5].txt - [1238 octets] - [11/05/2013 20:31:33]

AdwCleaner[R6].txt - [930 octets] - [29/05/2013 06:59:12]

AdwCleaner[s1].txt - [1361 octets] - [30/04/2013 20:40:56]

AdwCleaner[s2].txt - [939 octets] - [11/05/2013 18:01:31]

AdwCleaner[s3].txt - [294 octets] - [11/05/2013 20:27:19]

AdwCleaner[s4].txt - [1253 octets] - [11/05/2013 20:28:51]

########## EOF - C:\AdwCleaner[R6].txt - [1227 octets] ##########

[Maurice Naggar]

Just so you know, there are easier/cleaner free utilities besides Pokki to get back the start menu on Win8.

Classic shell http://classicshell.sourceforge.net/

and Stardock Start8 http://www.stardock.com/products/start8/

Those do not have the added "app store" that comes with Pokki.

If you are set on Pokki, use Control Panel >>Programs and Features and uninstall Pokki (if still listed) and then you can download a new copy and do a new setup.

Task 2

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Press Windows-key+D key to see your Desktop

Look for Internet Explorer icon and do a Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/us/online-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Edited May 29, 2013 by Maurice Naggar

[konriar]

Looks good, I'll get one of those.

The eset scan came clean.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# IEXPLORE.EXE=10.00.9200.16384 (win8_rtm.120725-1247)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=cd614f9f61e3324b967584fa314b428f

# engine=13951

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-05-30 07:51:25

# local_time=2013-05-30 03:51:25 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT

# compatibility_mode=774 16777213 85 91 0 145735357 0 0

# compatibility_mode=5893 16776574 100 94 2687916 29363196 0 0

# scanned=218055

# found=0

# cleaned=0

# scan_time=33146

[Maurice Naggar]

OK. Excellent result from ESET scan.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

[konriar]

<p>Looking good. The system is working well, no problems recently. Think we got it?</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware (PRO) 1.75.0.1300</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2013.06.01.02</div>

<div> </div>

<div>Windows 8 x64 NTFS</div>

<div>Internet Explorer 10.0.9200.16580</div>

<div>Carly :: SUPERFROG [administrator]</div>

<div> </div>

<div>Protection: Enabled</div>

<div> </div>

<div>6/1/2013 7:05:55 AM</div>

<div>mbam-log-2013-06-01 (07-05-55).txt</div>

<div> </div>

<div>Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</div>

<div>Scan options disabled: </div>

<div>Objects scanned: 410796</div>

<div>Time elapsed: 30 minute(s), 24 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

[konriar]

<p>Sorry, not sure what happened with the formatting above.</p>

<p>The system is working well, no recent problems.</p>

<p> </p>

<p>-------------------------</p>

<p> </p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware (PRO) 1.75.0.1300</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2013.06.01.02</div>

<div> </div>

<div>Windows 8 x64 NTFS</div>

<div>Internet Explorer 10.0.9200.16580</div>

<div>Carly :: SUPERFROG [administrator]</div>

<div> </div>

<div>Protection: Enabled</div>

<div> </div>

<div>6/1/2013 7:05:55 AM</div>

<div>mbam-log-2013-06-01 (07-05-55).txt</div>

<div> </div>

<div>Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</div>

<div>Scan options disabled: </div>

<div>Objects scanned: 410796</div>

<div>Time elapsed: 30 minute(s), 24 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

[Maurice Naggar]

Very good then. Nothing detected by either ESET online or MBAM.

You are good to go after the following.

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

• Once downloaded, double-click on the DeFogger icon to start the tool.
  
• The application window will appear.
  
• You should now click on the Enable button to re-enable your CD Emulation drivers.
  
• When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  
• When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  
• If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

Print out/save the section below on Safer practices for future reference.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

roguekiller.exe

mbar.exe

RKILL

jrt.exe

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

One of the very early things you want to do is to make a Windows 8 rescue disc and store away for a rainy day

See Grinler's article http://www.bleepingcomputer.com/tutorials/create-a-windows-system-repair-disc/

The other safe practice is to make backups of your system on a regular basis.

How to create a Windows system image in Windows 7 and Windows 8

http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/

How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment

http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[konriar]

Many thanks, you've been a great help.

One more thing-- When I right click on any file, the context menu still has an option to "Add to Pokki menu." Is this just some leftover setting, or might it indicate Pokki is still lurking around? Any idea how to remove this from the menu?

[Maurice Naggar]

Likely just a leftover setting. Sorry can't think of a quick cure now.

You may try seeking help in our PC Help forum, and also do some looking around on "how to remove a specific entry" from the Right click windows setting at a super-site like winhelponline(dot)com

I wish you the best.

Cheers.