Jump to content

Black Screen


Recommended Posts

Malwarebytes found some malware but when I reboot after removing I go not boot all the way, I end up at a black screen with a mouse pointer.  I am running windows 7 and I recovered through safe mode.  Interestingly my Malwarebytes database had been removed.

 

Can anyone help? Here is the scan log:

 

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Priest :: SCHUMANN [administrator]
 
Protection: Disabled
 
8/30/2013 12:32:05 PM
MBAM-log-2013-08-30 (12-34-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221524
Time elapsed: 1 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
 
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Q1O1QtGtBtH0C2VtGtCtH1E1Q0EtG0V -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\Priest\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Priest\AppData\Roaming\OpenCandy\B2BF526247FA4543B1E33A476605B29F (PUP.Optional.OpenCandy) -> No action taken.
 
Files Detected: 15
C:\Users\Priest\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\Conduit\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\Conduit\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\ct2998365\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\ct2998365\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\ct2998365\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\ct2998365\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Local\Temp\ct2998365\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\CFZFUWAG\GenericInstaller_v1[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\FKOASWKK\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\Trustworthy_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Priest\AppData\Roaming\OpenCandy\B2BF526247FA4543B1E33A476605B29F\TrustWorthy_p1v2.exe (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
 
Link to post
Share on other sites

Hello Priest and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thank you.  here are the Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04
Ran by Priest (administrator) on SCHUMANN on 31-08-2013 15:38:07
Running from C:\Users\Priest\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Users\Priest\AppData\Local\Autobahn\nexdef.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [Google Update] - C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-26] (Google Inc.)
HKCU\...\Run: [Jump Desktop] - C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [424040 2012-05-18] (Phase Five Systems)
HKCU\...\Run: [GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54] - C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-03-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-08-31] ()
Startup: C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Priest\AppData\Local\Autobahn\nexdef.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Google Talk Plugin) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Drive) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (RealDownloader) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (RSS Alert) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemgijjifkaldmklohlmjaplmfobgich\0.2_0
CHR Extension: (FVD Video Downloader) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.0_0
CHR Extension: (Dragons of Atlantis) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.6.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Carina Nebula Jet Theme) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npebkpkiddfadallfhefpiphaagcfjdo\1_0
CHR Extension: (Edgeworld) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0
CHR Extension: (Gmail) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx"
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [kheelobnibmchifldedamogdmhemfjio] - C:\Users\Priest\AppData\Local\CRE\kheelobnibmchifldedamogdmhemfjio.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S4 eins1203; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-08-31] ()
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2012-05-18] (Phase Five Systems)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)
R3 iANSMiniport; C:\Windows\System32\DRIVERS\iansw60e.sys [161512 2011-01-04] (Intel Corporation)
S3 IANSPROTOCOL; C:\Windows\System32\DRIVERS\iansw60e.sys [161512 2011-01-04] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 StnSport; C:\Windows\System32\DRIVERS\StnSport.sys [128000 2010-08-20] ()
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 WinRing0_1_2_0; C:\Users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Downloads\FRST64.exe
2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Desktop\FRST64.exe
2013-08-31 15:35 - 2013-08-31 15:35 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (4).exe
2013-08-31 15:25 - 2013-08-31 15:25 - 00000000 ___RD C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-08-31 15:23 - 2013-08-31 15:23 - 00001144 _____ C:\Users\Priest\Desktop\JRT.txt
2013-08-31 15:10 - 2013-08-30 23:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Desktop\JRT_NEW.exe
2013-08-31 15:07 - 2013-08-31 15:07 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (3).exe
2013-08-31 15:07 - 2013-08-31 15:07 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (3).exe
2013-08-31 15:07 - 2013-08-31 15:07 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner (1).exe
2013-08-31 15:06 - 2013-08-31 15:06 - 00001229 _____ C:\Users\Priest\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-08-31 15:06 - 2013-08-31 15:06 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-31 15:04 - 2013-08-31 15:04 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner.exe
2013-08-31 15:03 - 2013-08-31 15:03 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (2).exe
2013-08-31 15:03 - 2013-08-31 15:03 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (2).exe
2013-08-31 10:42 - 2013-08-31 10:42 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (1).exe
2013-08-31 10:42 - 2013-08-31 10:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (1).exe
2013-08-30 21:26 - 2013-08-30 21:26 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix.exe
2013-08-30 21:26 - 2013-08-30 21:26 - 01023533 _____ (Thisisu) C:\Users\Priest\Downloads\JRT.exe
2013-08-30 21:13 - 2013-08-30 21:13 - 00022678 _____ C:\ComboFix.txt
2013-08-30 17:56 - 2013-08-30 21:23 - 00000000 ____D C:\Windows\erdnt
2013-08-30 17:56 - 2013-08-30 21:13 - 00000000 ____D C:\Qoobox
2013-08-30 16:42 - 2013-08-30 16:42 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 12:21 - 2013-08-31 15:08 - 00000000 ____D C:\AdwCleaner
2013-08-30 10:10 - 2013-08-30 10:10 - 00053304 _____ C:\Users\Priest\Desktop\KOM v3.xlsx
2013-08-30 10:09 - 2013-08-30 10:09 - 00012164 _____ C:\Users\Priest\Desktop\Book1.xlsx
2013-08-29 21:57 - 2013-08-29 21:57 - 00000887 _____ C:\Users\Priest\Downloads\soluble-salts_en.jnlp
2013-08-29 17:47 - 2013-08-29 17:47 - 00000068 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (2).rm
2013-08-29 15:17 - 2013-08-29 15:17 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-1.rm
2013-08-29 15:09 - 2013-08-29 15:09 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (1).rm
2013-08-29 15:07 - 2013-08-29 15:07 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2.rm
2013-08-27 22:40 - 2013-08-30 23:06 - 00000000 ____D C:\Users\Priest\Documents\Amanda School
2013-08-22 09:48 - 2013-08-22 09:48 - 00283648 _____ C:\Users\Priest\Downloads\PRS_August_2013_Project_Prioritization.ppt
2013-08-21 15:22 - 2013-08-21 15:22 - 00105964 _____ C:\Users\Priest\Downloads\ERCOT_Methodologies_for_Determining_Ancillary_Service_Requir.zip
2013-08-20 17:46 - 2013-08-22 21:42 - 00046472 _____ C:\Users\Priest\Desktop\KOM v2.xlsx
2013-08-15 19:34 - 2013-08-15 19:34 - 00003584 _____ C:\Users\Priest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 03:02 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:02 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:02 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:02 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:02 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:02 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:02 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:02 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:02 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:02 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:02 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:02 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:02 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:02 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:00 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:24 - 2013-08-14 21:24 - 116072138 _____ C:\Users\Priest\Desktop\ORDC V5.xlsx
2013-08-14 10:38 - 2013-08-14 10:38 - 00304640 _____ C:\Users\Priest\Downloads\04._ERS_Procurement_Methodology_WMS.ppt
2013-08-14 10:38 - 2013-08-14 10:38 - 00000000 ____D C:\Users\Priest\AppData\OICE_15_974FA576_32C1D314_364C
2013-08-14 08:32 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:32 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:32 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:32 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:32 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:32 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:32 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:32 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:32 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:32 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:32 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:32 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:32 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:32 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:32 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:32 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:32 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:32 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:32 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:32 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:32 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:32 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:32 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:32 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:32 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:32 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:32 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-01 17:16 - 2013-08-01 17:24 - 245984888 _____ C:\Users\Priest\Downloads\Interim_Solution_B+_AS_Imbalance_Posting.zip
2013-08-01 16:47 - 2013-08-01 16:47 - 00010009 _____ C:\Users\Priest\Documents\School districts.xlsx
2013-08-01 16:03 - 2013-08-01 16:03 - 03821468 _____ C:\Users\Priest\Downloads\Directory.csv
2013-08-01 15:33 - 2013-08-01 15:33 - 00310272 _____ C:\Users\Priest\Downloads\ERCOT2013D&E.xls
2013-08-01 15:31 - 2013-08-01 15:31 - 00257024 _____ C:\Users\Priest\Downloads\ERCOT_2009_Demand_and_Energy_Report_7-13-09.xls
2013-08-01 15:31 - 2013-08-01 15:31 - 00039424 _____ C:\Users\Priest\Downloads\historical-and-forecasted-energy-and-coincident-peak-demand.xls
2013-08-01 15:28 - 2013-08-01 15:28 - 00010723 _____ C:\Users\Priest\Downloads\cdr.00012311.0000000000000000.20130801.153003.LFCCONGESTNP3560_csv.zip
 
==================== One Month Modified Files and Folders =======
 
2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Downloads\FRST64.exe
2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Desktop\FRST64.exe
2013-08-31 15:36 - 2012-01-26 23:19 - 01459081 _____ C:\Windows\WindowsUpdate.log
2013-08-31 15:35 - 2013-08-31 15:35 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (4).exe
2013-08-31 15:33 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-31 15:33 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-31 15:30 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 15:27 - 2013-07-12 16:22 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job
2013-08-31 15:25 - 2013-08-31 15:25 - 00000000 ___RD C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-08-31 15:25 - 2013-01-28 09:22 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-1000
2013-08-31 15:25 - 2013-01-28 09:22 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-1000
2013-08-31 15:25 - 2010-11-20 22:47 - 00039078 _____ C:\Windows\PFRO.log
2013-08-31 15:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-31 15:25 - 2009-07-13 23:51 - 00073940 _____ C:\Windows\setupact.log
2013-08-31 15:24 - 2013-06-18 18:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-08-31 15:23 - 2013-08-31 15:23 - 00001144 _____ C:\Users\Priest\Desktop\JRT.txt
2013-08-31 15:21 - 2012-09-07 10:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-31 15:08 - 2013-08-30 12:21 - 00000000 ____D C:\AdwCleaner
2013-08-31 15:08 - 2009-07-14 00:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 15:07 - 2013-08-31 15:07 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (3).exe
2013-08-31 15:07 - 2013-08-31 15:07 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (3).exe
2013-08-31 15:07 - 2013-08-31 15:07 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner (1).exe
2013-08-31 15:06 - 2013-08-31 15:06 - 00001229 _____ C:\Users\Priest\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-08-31 15:06 - 2013-08-31 15:06 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-31 15:04 - 2013-08-31 15:04 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner.exe
2013-08-31 15:03 - 2013-08-31 15:03 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (2).exe
2013-08-31 15:03 - 2013-08-31 15:03 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (2).exe
2013-08-31 10:42 - 2013-08-31 10:42 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (1).exe
2013-08-31 10:42 - 2013-08-31 10:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (1).exe
2013-08-31 10:42 - 2012-01-28 13:37 - 00002381 _____ C:\Users\Priest\Desktop\Google Chrome.lnk
2013-08-30 23:42 - 2013-08-31 15:10 - 01027511 _____ (Thisisu) C:\Users\Priest\Desktop\JRT_NEW.exe
2013-08-30 23:06 - 2013-08-27 22:40 - 00000000 ____D C:\Users\Priest\Documents\Amanda School
2013-08-30 21:28 - 2012-07-26 11:35 - 00000000 ____D C:\Users\Priest\AppData\Roaming\Mozilla
2013-08-30 21:26 - 2013-08-30 21:26 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix.exe
2013-08-30 21:26 - 2013-08-30 21:26 - 01023533 _____ (Thisisu) C:\Users\Priest\Downloads\JRT.exe
2013-08-30 21:24 - 2012-01-29 18:53 - 00000000 ____D C:\Users\Priest\AppData\Local\CrashDumps
2013-08-30 21:24 - 2012-01-26 23:19 - 00000000 ____D C:\Users\Priest
2013-08-30 21:23 - 2013-08-30 17:56 - 00000000 ____D C:\Windows\erdnt
2013-08-30 21:23 - 2012-07-31 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-30 21:23 - 2012-01-26 23:37 - 00000000 ____D C:\ProgramData\Intel
2013-08-30 21:23 - 2012-01-26 23:37 - 00000000 ____D C:\ProgramData\Atheros
2013-08-30 21:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-30 21:22 - 2013-06-25 18:22 - 00000000 __RHD C:\MSOCache
2013-08-30 21:22 - 2012-02-21 09:52 - 00000000 ____D C:\ProgramData\Real
2013-08-30 21:13 - 2013-08-30 21:13 - 00022678 _____ C:\ComboFix.txt
2013-08-30 21:13 - 2013-08-30 17:56 - 00000000 ____D C:\Qoobox
2013-08-30 21:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-08-30 16:42 - 2013-08-30 16:42 - 00000000 ____D C:\Windows\ERUNT
2013-08-30 10:10 - 2013-08-30 10:10 - 00053304 _____ C:\Users\Priest\Desktop\KOM v3.xlsx
2013-08-30 10:09 - 2013-08-30 10:09 - 00012164 _____ C:\Users\Priest\Desktop\Book1.xlsx
2013-08-29 21:57 - 2013-08-29 21:57 - 00000887 _____ C:\Users\Priest\Downloads\soluble-salts_en.jnlp
2013-08-29 17:47 - 2013-08-29 17:47 - 00000068 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (2).rm
2013-08-29 15:17 - 2013-08-29 15:17 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-1.rm
2013-08-29 15:09 - 2013-08-29 15:09 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (1).rm
2013-08-29 15:07 - 2013-08-29 15:07 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2.rm
2013-08-26 16:27 - 2013-07-12 16:22 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job
2013-08-22 21:42 - 2013-08-20 17:46 - 00046472 _____ C:\Users\Priest\Desktop\KOM v2.xlsx
2013-08-22 09:48 - 2013-08-22 09:48 - 00283648 _____ C:\Users\Priest\Downloads\PRS_August_2013_Project_Prioritization.ppt
2013-08-21 15:22 - 2013-08-21 15:22 - 00105964 _____ C:\Users\Priest\Downloads\ERCOT_Methodologies_for_Determining_Ancillary_Service_Requir.zip
2013-08-21 01:21 - 2012-09-07 10:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 01:21 - 2012-09-07 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 01:21 - 2012-09-07 10:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 19:34 - 2013-08-15 19:34 - 00003584 _____ C:\Users\Priest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:01 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:00 - 2012-01-26 23:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 21:24 - 2013-08-14 21:24 - 116072138 _____ C:\Users\Priest\Desktop\ORDC V5.xlsx
2013-08-14 10:38 - 2013-08-14 10:38 - 00304640 _____ C:\Users\Priest\Downloads\04._ERS_Procurement_Methodology_WMS.ppt
2013-08-14 10:38 - 2013-08-14 10:38 - 00000000 ____D C:\Users\Priest\AppData\OICE_15_974FA576_32C1D314_364C
2013-08-08 14:31 - 2013-06-24 17:39 - 00025673 _____ C:\Users\Priest\Desktop\KOM.xlsx
2013-08-07 04:22 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-01 17:24 - 2013-08-01 17:16 - 245984888 _____ C:\Users\Priest\Downloads\Interim_Solution_B+_AS_Imbalance_Posting.zip
2013-08-01 16:47 - 2013-08-01 16:47 - 00010009 _____ C:\Users\Priest\Documents\School districts.xlsx
2013-08-01 16:03 - 2013-08-01 16:03 - 03821468 _____ C:\Users\Priest\Downloads\Directory.csv
2013-08-01 15:33 - 2013-08-01 15:33 - 00310272 _____ C:\Users\Priest\Downloads\ERCOT2013D&E.xls
2013-08-01 15:31 - 2013-08-01 15:31 - 00257024 _____ C:\Users\Priest\Downloads\ERCOT_2009_Demand_and_Energy_Report_7-13-09.xls
2013-08-01 15:31 - 2013-08-01 15:31 - 00039424 _____ C:\Users\Priest\Downloads\historical-and-forecasted-energy-and-coincident-peak-demand.xls
2013-08-01 15:28 - 2013-08-01 15:28 - 00010723 _____ C:\Users\Priest\Downloads\cdr.00012311.0000000000000000.20130801.153003.LFCCONGESTNP3560_csv.zip
 
Files to move or delete:
====================
C:\Users\Priest\DMOrganizer.dat
C:\Users\Priest\AppData\Local\Temp\contentDATs.exe
C:\Users\Priest\AppData\Local\Temp\GUR44FB.exe
C:\Users\Priest\AppData\Local\Temp\ij4oeqya.woe.tightvnc-2.0.2-setup.exe
C:\Users\Priest\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Priest\AppData\Local\Temp\InstHelper.exe
C:\Users\Priest\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Priest\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Priest\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Priest\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Priest\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Priest\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Priest\AppData\Local\Temp\lowproc.exe
C:\Users\Priest\AppData\Local\Temp\mssinstaller.exe
C:\Users\Priest\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Priest\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Priest\AppData\Local\Temp\nvStInst.exe
C:\Users\Priest\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Priest\AppData\Local\Temp\Quarantine.exe
C:\Users\Priest\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Priest\AppData\Local\Temp\stubhelper.dll
C:\Users\Priest\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Priest\AppData\Local\Temp\SymInstallStub.exe
C:\Users\Priest\AppData\Local\Temp\_is6048.exe
C:\Users\Priest\AppData\Local\Temp\~fvdsuite-3.0.2.exe
C:\Users\Priest\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll
C:\Users\Priest\AppData\Local\Temp\~rnsetu2\GEMSETUP\msvcr100.dll
C:\Users\Priest\AppData\Local\Temp\~rnsetu2\GEMSETUP\pnrs3260.dll
C:\Users\Priest\AppData\Local\Temp\~rnsetu1\GEMSETUP\msvcr100.dll
C:\Users\Priest\AppData\Local\Temp\~rnsetu1\GEMSETUP\pnrs3260.dll
C:\Users\Priest\AppData\Local\Temp\~rnsetu0\GEMSETUP\pnrs3260.dll
C:\Users\Priest\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Priest\AppData\Local\Temp\{FC5AB5C5-A44A-42D8-8E41-D4855348ABBF}\ISBEW64.exe
C:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleCrashHandler.exe
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleCrashHandler64.exe
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdate.exe
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdateBroker.exe
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdateOnDemand.exe
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdate.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_am.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ar.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_bg.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_bn.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ca.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_cs.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_da.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_de.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_el.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_en-GB.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_en.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_es-419.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_es.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_et.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fa.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fi.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fil.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fr.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_gu.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hi.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hr.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hu.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_id.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_is.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_it.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_iw.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ja.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_kn.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ko.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_lt.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_lv.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ml.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_mr.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ms.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_nl.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_no.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pl.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pt-BR.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pt-PT.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ro.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ru.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sk.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sl.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sr.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sv.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sw.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ta.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_te.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_th.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_tr.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_uk.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ur.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_vi.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_zh-CN.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_zh-TW.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\npGoogleUpdate3.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\psmachine.dll
C:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\psuser.dll
C:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{ADEF3D0E-4A64-46F4-BF33-F342F0FB1F3C}\ISBEW64.exe
C:\Users\Priest\AppData\Local\Temp\{A822101E-E4B5-48F3-91B8-134114F7FBA3}\ISBEW64.exe
C:\Users\Priest\AppData\Local\Temp\{A80D798A-5782-4412-B273-E2774D5AF29B}\ISBEW64.exe
C:\Users\Priest\AppData\Local\Temp\{90FCD821-C12F-461B-8FDE-00F029047CE2}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{90FCD821-C12F-461B-8FDE-00F029047CE2}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{69C77880-931B-47F7-9C3A-022799F5509C}\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{69C77880-931B-47F7-9C3A-022799F5509C}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleCrashHandler.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleCrashHandler64.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdate.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateBroker.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateOnDemand.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateSetup.exe
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdate.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_am.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ar.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_bg.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_bn.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ca.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_cs.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_da.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_de.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_el.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_en-GB.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_en.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_es-419.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_es.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_et.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fa.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fi.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fil.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fr.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_gu.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hi.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hr.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hu.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_id.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_is.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_it.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_iw.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ja.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_kn.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ko.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_lt.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_lv.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ml.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_mr.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ms.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_nl.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_no.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pl.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pt-BR.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pt-PT.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ro.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ru.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sk.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sl.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sr.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sv.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sw.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ta.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_te.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_th.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_tr.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_uk.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ur.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_vi.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_zh-CN.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_zh-TW.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\npGoogleUpdate3.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\psmachine.dll
C:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\psuser.dll
C:\Users\Priest\AppData\Local\Temp\{328EBC1A-EE4C-49AD-9C22-DEEE338D4CDF}\ISBEW64.exe
C:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\ISSetup.dll
C:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\setup.exe
C:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\Temp1_sqlite_export_windows.zip\sqlite_export.exe
C:\Users\Priest\AppData\Local\Temp\Temp1_sqlitebrowser_200_b1_win.zip\sqlitebrowser_200_b1_win\SQLite Database Browser 2.0 b1.exe
C:\Users\Priest\AppData\Local\Temp\Temp1_RealTemp_370.zip\RealTemp_370\RealTempGT.exe
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\BlackArmor Discovery.exe
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\gdiplus.dll
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_French.dll
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_German.dll
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_Italian.dll
C:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_Spanish.dll
C:\Users\Priest\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Priest\AppData\Local\Temp\ispF893.tmp\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\isp9B96.tmp\_Setup.dll
C:\Users\Priest\AppData\Local\Temp\is1394899945\fvdsuite-silent.exe
C:\Users\Priest\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Priest\AppData\Local\Temp\ct2998365\chLogic.exe
C:\Users\Priest\AppData\Local\Temp\ct2998365\ctbe.exe
C:\Users\Priest\AppData\Local\Temp\ct2998365\spch.exe
C:\Users\Priest\AppData\Local\Temp\ct2998365\statisticsStub.exe
C:\Users\Priest\AppData\Local\Temp\ct2998365\stub.exe
C:\Users\Priest\AppData\Local\Temp\b7a9706c-e9e2-4248-824d-54002e25d346\CliSecureRT.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-31 00:40
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2013 04
Ran by Priest at 2013-08-31 15:38:28
Running from C:\Users\Priest\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Application Profiles (x32 Version: 2.0.4420.36380)
Battle for Wesnoth 1.10.0 (x32 Version: 1.10.0)
BlackArmor Discovery (x32 Version: 1.20.0931.004)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
D3DX10 (x32 Version: 15.4.2368.0902)
DAPlayer 1.0.1.9 (x32)
DVDFab 8.2.0.0 (03/08/2012) Qt (x32)
DVDFab Media Player 1.0.1.5 (27/07/2012) (x32)
DVDFab Passkey 8.0.8.6 (27/12/2012) (x32)
ESET Smart Security (Version: 6.0.316.0)
Google Chrome (HKCU Version: 29.0.1547.62)
Google Talk Plugin (x32 Version: 4.5.3.14917)
iCloud (Version: 2.1.1.3)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JMicron JMB36X Driver (x32 Version: 1.17.62.0)
Jump Desktop (x32 Version: 3.2.5)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
League of Legends (x32 Version: 3.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 91xx driver (x32 Version: 1.1.0.6)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 15.0 (x86 en-US) (x32 Version: 15.0)
Mozilla Maintenance Service (x32 Version: 15.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NETGEAR Powerline Utility (x32 Version: 2.0.0.14)
NVIDIA Install Application (Version: 2.1002.46.235)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509)
Photo Gallery (x32 Version: 16.4.3508.0205)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
rosoft Office Home and Student 2013 - en-us (Version: 15.0.4517.1509)
Star Wars: The Old Republic (x32 Version: 1.00)
swMSM (x32 Version: 12.0.0.1)
Synology Assistant (remove only) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
WebEx (HKCU)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
XAV1004 Firmware Upgrade Tool (x32 Version: 2.0.0.0)
 
==================== Restore Points  =========================
 
27-08-2013 14:44:02 Windows Update
30-08-2013 15:52:18 Windows Update
30-08-2013 16:02:52 Windows Update
30-08-2013 17:04:10 Windows Update
30-08-2013 21:52:38 Windows Update
30-08-2013 22:36:25 Windows Update
31-08-2013 02:25:38 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-08-31 15:25 - 00109890 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups
127.0.0.1 aff.foxtab.com # hosts anti-adware / pups 
127.0.0.1 affilibot.eu # hosts anti-adware / pups
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01EE1ECE-BE8A-4711-BBB2-DEC7347ECD71} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {11B26850-9C33-41BF-A052-692BB5F8FF55} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {2CAAA35C-99D0-4DCB-AEB1-A8FDB1EA5A69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44 => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)
Task: {374D9D9B-F115-4C8D-AF40-0DD01D184753} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)
Task: {3E04DD71-45CE-41C7-8417-B9835EDF5680} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {63C89A43-A674-426E-94D8-94BC5B253D97} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8D22EA24-B2AA-4244-BB5A-7772030AB2F7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {9094EE8F-04C4-4FC0-8411-E22364FAD1A2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {93F2C753-8385-45C1-8226-CBC30DDDBE86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {94157446-9B5A-4E92-A46C-06982A3994B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A5D1DCAB-B62E-47A9-A461-5A892CF9D755} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8E7D801-278A-4FB7-AA7D-457CDF54D96F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {D044537B-2B4B-4DCF-85DB-0A09E2A72F01} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {DC57F58B-7688-4BDD-9C6F-78FD96AF33B1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {EC39E662-5AFA-42AE-B8D2-726782926DEF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-13 19:22 - 2009-07-13 20:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-10-26 10:21 - 2012-02-09 18:55 - 00040960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2011-04-20 03:07 - 2012-02-09 18:55 - 00892416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2011-04-20 02:49 - 2012-02-09 18:55 - 05041664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-06-18 18:22 - 2013-06-18 18:22 - 00261624 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
2013-06-18 18:22 - 2013-06-18 18:22 - 00661448 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll
2013-06-18 18:22 - 2013-06-18 18:22 - 00828872 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll
2013-08-15 03:36 - 2013-08-30 21:35 - 02328776 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
2013-06-18 18:19 - 2013-06-18 18:19 - 00158536 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ATL100.DLL
2013-08-15 03:36 - 2013-08-30 21:35 - 08865448 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-07-13 18:30 - 2009-07-13 20:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00061088 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll
2009-07-13 18:36 - 2009-07-13 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\sdautoplay.dll
2010-11-20 22:25 - 2010-11-20 22:25 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\SPP.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\VSSAPI.DLL
2009-07-13 18:36 - 2009-07-13 20:41 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\VssTrace.DLL
2010-11-20 22:25 - 2010-11-20 22:25 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2009-07-13 18:36 - 2009-07-13 20:41 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2012-01-26 23:32 - 2012-12-14 03:42 - 00064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2009-07-13 19:17 - 2009-07-13 20:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\drprov.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\ntlanman.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2011-03-13 11:59 - 2011-03-13 11:59 - 00066720 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Sync.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00073376 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GOEP_SINGLE.DLL
2011-03-13 11:59 - 2011-03-13 11:59 - 02233504 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00119456 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\L2capLib.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00043680 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BTBIP.DLL
2011-03-13 11:59 - 2011-03-13 11:59 - 00081056 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00044704 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BPP.DLL
2011-03-13 11:58 - 2011-03-13 11:58 - 00078496 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GOEP_bpp.DLL
2011-03-13 11:58 - 2011-03-13 11:58 - 00079008 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00207520 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtObexFt.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00029856 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtFileStore.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00208544 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BTOBEXOP.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00030368 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtFileStoreOpp.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00072352 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\goep.dll
2011-03-13 11:58 - 2011-03-13 11:58 - 00305824 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\filetransfer.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\wshBth.dll
2011-03-13 11:59 - 2011-03-13 11:59 - 00140448 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\skypeagent.dll
2013-06-18 03:00 - 2013-06-18 03:00 - 01658368 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80.DLL
2011-03-13 11:59 - 2011-03-13 11:59 - 00118944 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ObjPush.dll
2011-08-01 16:59 - 2011-08-01 16:59 - 01097096 _____ (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
2011-08-01 16:59 - 2011-08-01 16:59 - 01936776 _____ (Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
2011-08-01 16:59 - 2011-08-01 16:59 - 00798088 _____ (Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll
2012-01-26 23:32 - 2012-12-14 03:42 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2012-01-26 23:32 - 2011-05-23 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2013-03-21 15:20 - 2013-03-21 15:20 - 00254080 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiHips.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00691288 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00355008 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00123752 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00119144 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 01653320 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00241184 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 01010624 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00111416 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 01083248 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiParental.dll
2012-08-23 18:23 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\NETAPI32.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
Name: Communications Port (COM4)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2013 03:27:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/31/2013 03:24:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/31/2013 03:26:13 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (08/31/2013 03:26:09 PM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%1053
 
Error: (08/31/2013 03:26:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
 
Error: (08/31/2013 03:25:36 PM) (Source: Serial) (User: )
Description: While validating that \Device\Serial1 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers.
The device is assumed not to be a serial port and will be deleted.
 
 
Microsoft Office Sessions:
=========================
Error: (08/31/2013 03:27:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/31/2013 03:24:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 8097.03 MB
Available physical RAM: 4803.21 MB
Total Pagefile: 16192.24 MB
Available Pagefile: 12226.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (Krieslieriana) (Fixed) (Total:445.9 GB) (Free:235.73 GB) NTFS
Drive e: (130716_1322) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 446 GB) (Disk ID: 69A01086)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Manually delete all of your ComboFix copies and then:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 13-09-02.02 - Priest 09/03/2013  18:07:37.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8097.6181 [GMT -5:00]

Running from: c:\users\Priest\Desktop\ComboFix.exe

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-03 to 2013-09-03  )))))))))))))))))))))))))))))))

.

.

2013-09-03 23:11 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F9CAA9-940E-4C29-8631-64E1C7E99A47}\mpengine.dll

2013-09-03 23:10 . 2013-09-03 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-30 21:42 . 2013-08-30 21:42 -------- d-----w- c:\windows\ERUNT

2013-08-30 17:21 . 2013-08-31 20:08 -------- d-----w- C:\AdwCleaner

2013-08-15 08:00 . 2013-08-15 08:01 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-31 02:34 . 2013-06-18 23:18 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-08-21 06:21 . 2012-09-07 15:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 06:21 . 2012-09-07 15:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-15 08:00 . 2012-01-27 04:56 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-08-07 09:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-07-22 16:24 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-09 04:45 . 2013-08-14 13:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-05 19:41 . 2013-07-05 19:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-05 19:41 . 2012-09-11 16:08 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-07-05 19:41 . 2012-01-27 05:32 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]

"GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54"="c:\users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-26 295512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-08-31 302961]

.

c:\users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

NexDef Plug-in.lnk - c:\users\Priest\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 IANSPROTOCOL;Intel® Advanced Network Services Protocol;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]

R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [x]

R4 eins1203;Eset install launcher (12034);c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]

S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]

S3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 06:21]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job

- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job

- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local



IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Battle for Wesnoth 1.10.0 - c:\program files (x86)\Battle for Wesnoth 1.10.0\Uninstall.exe

AddRemove-MagniDriver - c:\program files (x86)\Marvell\mv91xx\uninst-91xx.exe

AddRemove-Synology Assistant - c:\program files (x86)\Synology\Assistant\Uninstall.exe

AddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2013-09-03  18:13:02 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-03 23:13

ComboFix2.txt  2013-08-31 02:13

.

Pre-Run: 253,404,106,752 bytes free

Post-Run: 253,067,661,312 bytes free

.

- - End Of File - - 3FEC4B36DCBF810CB555B90ED99347C8

Link to post
Share on other sites

ComboFix 13-09-02.02 - Priest 09/03/2013  18:07:37.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8097.6181 [GMT -5:00]

Running from: c:\users\Priest\Desktop\ComboFix.exe

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-03 to 2013-09-03  )))))))))))))))))))))))))))))))

.

.

2013-09-03 23:11 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F9CAA9-940E-4C29-8631-64E1C7E99A47}\mpengine.dll

2013-09-03 23:10 . 2013-09-03 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-30 21:42 . 2013-08-30 21:42 -------- d-----w- c:\windows\ERUNT

2013-08-30 17:21 . 2013-08-31 20:08 -------- d-----w- C:\AdwCleaner

2013-08-15 08:00 . 2013-08-15 08:01 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-31 02:34 . 2013-06-18 23:18 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-08-21 06:21 . 2012-09-07 15:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 06:21 . 2012-09-07 15:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-15 08:00 . 2012-01-27 04:56 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-08-07 09:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-07-22 16:24 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-09 04:45 . 2013-08-14 13:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-05 19:41 . 2013-07-05 19:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-05 19:41 . 2012-09-11 16:08 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-07-05 19:41 . 2012-01-27 05:32 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]

"GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54"="c:\users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-26 295512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-08-31 302961]

.

c:\users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

NexDef Plug-in.lnk - c:\users\Priest\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

R3 IANSPROTOCOL;Intel® Advanced Network Services Protocol;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]

R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [x]

R4 eins1203;Eset install launcher (12034);c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]

S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]

S3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 06:21]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job

- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job

- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local



IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Battle for Wesnoth 1.10.0 - c:\program files (x86)\Battle for Wesnoth 1.10.0\Uninstall.exe

AddRemove-MagniDriver - c:\program files (x86)\Marvell\mv91xx\uninst-91xx.exe

AddRemove-Synology Assistant - c:\program files (x86)\Synology\Assistant\Uninstall.exe

AddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2013-09-03  18:13:02 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-03 23:13

ComboFix2.txt  2013-08-31 02:13

.

Pre-Run: 253,404,106,752 bytes free

Post-Run: 253,067,661,312 bytes free

.

- - End Of File - - 3FEC4B36DCBF810CB555B90ED99347C8

Link to post
Share on other sites

alwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.06.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Priest :: SCHUMANN [administrator]

 

Protection: Enabled

 

9/6/2013 9:09:34 AM

MBAM-log-2013-09-06 (09-11-29).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225330

Time elapsed: 1 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 5

C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\CFZFUWAG\GenericInstaller_v1[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\FKOASWKK\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\Trustworthy_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.

 

(end)

 

Is this what you are looking for?

Link to post
Share on other sites

I think so.

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.