Priest Posted August 30, 2013 ID:722965 Share Posted August 30, 2013 Malwarebytes found some malware but when I reboot after removing I go not boot all the way, I end up at a black screen with a mouse pointer. I am running windows 7 and I recovered through safe mode. Interestingly my Malwarebytes database had been removed. Can anyone help? Here is the scan log: Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Priest :: SCHUMANN [administrator] Protection: Disabled 8/30/2013 12:32:05 PMMBAM-log-2013-08-30 (12-34-06).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 221524Time elapsed: 1 minute(s), 42 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Q1O1QtGtBtH0C2VtGtCtH1E1Q0EtG0V -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 2C:\Users\Priest\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Priest\AppData\Roaming\OpenCandy\B2BF526247FA4543B1E33A476605B29F (PUP.Optional.OpenCandy) -> No action taken. Files Detected: 15C:\Users\Priest\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\Conduit\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\Conduit\mism.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\ct2998365\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\ct2998365\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\ct2998365\spch.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\ct2998365\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Local\Temp\ct2998365\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Downloads\iphonebackupextractor-latest.exe (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\CFZFUWAG\GenericInstaller_v1[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\FKOASWKK\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\Trustworthy_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\AppData\Roaming\OpenCandy\B2BF526247FA4543B1E33A476605B29F\TrustWorthy_p1v2.exe (PUP.Optional.OpenCandy) -> No action taken. (end) Link to post Share on other sites More sharing options...
Maniac Posted August 30, 2013 ID:723043 Share Posted August 30, 2013 Hello Priest and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
Priest Posted August 31, 2013 Author ID:723454 Share Posted August 31, 2013 Thank you. here are the Logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04Ran by Priest (administrator) on SCHUMANN on 31-08-2013 15:38:07Running from C:\Users\Priest\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AMD) C:\Windows\system32\atieclxx.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe() C:\Users\Priest\AppData\Local\Autobahn\nexdef.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6330568 2013-03-21] (ESET)HKCU\...\Run: [Google Update] - C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-26] (Google Inc.)HKCU\...\Run: [Jump Desktop] - C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [424040 2012-05-18] (Phase Five Systems)HKCU\...\Run: [GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54] - C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-03-25] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-08-31] ()Startup: C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnkShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Priest\AppData\Local\Autobahn\nexdef.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searBHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.defaultFF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Extension: DownloadHelper - C:\Users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No FileCHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Priest\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)CHR Plugin: (Google Talk Plugin) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Priest\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)CHR Plugin: (Java Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (Google Update) - C:\Users\Priest\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Extension: (Google Drive) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0CHR Extension: (RealDownloader) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0CHR Extension: (RSS Alert) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lemgijjifkaldmklohlmjaplmfobgich\0.2_0CHR Extension: (FVD Video Downloader) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.0_0CHR Extension: (Dragons of Atlantis) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.6.1_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Carina Nebula Jet Theme) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\npebkpkiddfadallfhefpiphaagcfjdo\1_0CHR Extension: (Edgeworld) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0CHR Extension: (Gmail) - C:\Users\Priest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx"CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crxCHR HKLM-x32\...\Chrome\Extension: [kheelobnibmchifldedamogdmhemfjio] - C:\Users\Priest\AppData\Local\CRE\kheelobnibmchifldedamogdmhemfjio.crxCHR StartMenuInternet: Google Chrome - C:\Users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S4 eins1203; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-08-31] ()R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2012-05-18] (Phase Five Systems)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () ==================== Drivers (Whitelisted) ==================== R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)R3 iANSMiniport; C:\Windows\System32\DRIVERS\iansw60e.sys [161512 2011-01-04] (Intel Corporation)S3 IANSPROTOCOL; C:\Windows\System32\DRIVERS\iansw60e.sys [161512 2011-01-04] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))S3 StnSport; C:\Windows\System32\DRIVERS\StnSport.sys [128000 2010-08-20] ()S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)S3 WinRing0_1_2_0; C:\Users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)S3 WinRing0_1_2_0; C:\Users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)S4 NVHDA; system32\drivers\nvhda64v.sys [x]S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Downloads\FRST64.exe2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Desktop\FRST64.exe2013-08-31 15:35 - 2013-08-31 15:35 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (4).exe2013-08-31 15:25 - 2013-08-31 15:25 - 00000000 ___RD C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2013-08-31 15:23 - 2013-08-31 15:23 - 00001144 _____ C:\Users\Priest\Desktop\JRT.txt2013-08-31 15:10 - 2013-08-30 23:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Desktop\JRT_NEW.exe2013-08-31 15:07 - 2013-08-31 15:07 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (3).exe2013-08-31 15:07 - 2013-08-31 15:07 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (3).exe2013-08-31 15:07 - 2013-08-31 15:07 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner (1).exe2013-08-31 15:06 - 2013-08-31 15:06 - 00001229 _____ C:\Users\Priest\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk2013-08-31 15:06 - 2013-08-31 15:06 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs2013-08-31 15:04 - 2013-08-31 15:04 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner.exe2013-08-31 15:03 - 2013-08-31 15:03 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (2).exe2013-08-31 15:03 - 2013-08-31 15:03 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (2).exe2013-08-31 10:42 - 2013-08-31 10:42 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (1).exe2013-08-31 10:42 - 2013-08-31 10:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (1).exe2013-08-30 21:26 - 2013-08-30 21:26 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix.exe2013-08-30 21:26 - 2013-08-30 21:26 - 01023533 _____ (Thisisu) C:\Users\Priest\Downloads\JRT.exe2013-08-30 21:13 - 2013-08-30 21:13 - 00022678 _____ C:\ComboFix.txt2013-08-30 17:56 - 2013-08-30 21:23 - 00000000 ____D C:\Windows\erdnt2013-08-30 17:56 - 2013-08-30 21:13 - 00000000 ____D C:\Qoobox2013-08-30 16:42 - 2013-08-30 16:42 - 00000000 ____D C:\Windows\ERUNT2013-08-30 12:21 - 2013-08-31 15:08 - 00000000 ____D C:\AdwCleaner2013-08-30 10:10 - 2013-08-30 10:10 - 00053304 _____ C:\Users\Priest\Desktop\KOM v3.xlsx2013-08-30 10:09 - 2013-08-30 10:09 - 00012164 _____ C:\Users\Priest\Desktop\Book1.xlsx2013-08-29 21:57 - 2013-08-29 21:57 - 00000887 _____ C:\Users\Priest\Downloads\soluble-salts_en.jnlp2013-08-29 17:47 - 2013-08-29 17:47 - 00000068 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (2).rm2013-08-29 15:17 - 2013-08-29 15:17 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-1.rm2013-08-29 15:09 - 2013-08-29 15:09 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (1).rm2013-08-29 15:07 - 2013-08-29 15:07 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2.rm2013-08-27 22:40 - 2013-08-30 23:06 - 00000000 ____D C:\Users\Priest\Documents\Amanda School2013-08-22 09:48 - 2013-08-22 09:48 - 00283648 _____ C:\Users\Priest\Downloads\PRS_August_2013_Project_Prioritization.ppt2013-08-21 15:22 - 2013-08-21 15:22 - 00105964 _____ C:\Users\Priest\Downloads\ERCOT_Methodologies_for_Determining_Ancillary_Service_Requir.zip2013-08-20 17:46 - 2013-08-22 21:42 - 00046472 _____ C:\Users\Priest\Desktop\KOM v2.xlsx2013-08-15 19:34 - 2013-08-15 19:34 - 00003584 _____ C:\Users\Priest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-15 03:02 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-15 03:02 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-15 03:02 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-08-15 03:02 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-15 03:02 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-15 03:02 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-08-15 03:02 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-15 03:02 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-08-15 03:02 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-15 03:02 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-15 03:02 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-15 03:02 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-15 03:02 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-15 03:02 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-15 03:02 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-15 03:02 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-15 03:02 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-15 03:02 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-15 03:02 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-08-15 03:02 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-15 03:00 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 21:24 - 2013-08-14 21:24 - 116072138 _____ C:\Users\Priest\Desktop\ORDC V5.xlsx2013-08-14 10:38 - 2013-08-14 10:38 - 00304640 _____ C:\Users\Priest\Downloads\04._ERS_Procurement_Methodology_WMS.ppt2013-08-14 10:38 - 2013-08-14 10:38 - 00000000 ____D C:\Users\Priest\AppData\OICE_15_974FA576_32C1D314_364C2013-08-14 08:32 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-14 08:32 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 08:32 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-14 08:32 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 08:32 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-14 08:32 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-14 08:32 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-08-14 08:32 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-14 08:32 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-14 08:32 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-14 08:32 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-14 08:32 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-14 08:32 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 08:32 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 08:32 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 08:32 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 08:32 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 08:32 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 08:32 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 08:32 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 08:32 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 08:32 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 08:32 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 08:32 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 08:32 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 08:32 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-14 08:32 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-01 17:16 - 2013-08-01 17:24 - 245984888 _____ C:\Users\Priest\Downloads\Interim_Solution_B+_AS_Imbalance_Posting.zip2013-08-01 16:47 - 2013-08-01 16:47 - 00010009 _____ C:\Users\Priest\Documents\School districts.xlsx2013-08-01 16:03 - 2013-08-01 16:03 - 03821468 _____ C:\Users\Priest\Downloads\Directory.csv2013-08-01 15:33 - 2013-08-01 15:33 - 00310272 _____ C:\Users\Priest\Downloads\ERCOT2013D&E.xls2013-08-01 15:31 - 2013-08-01 15:31 - 00257024 _____ C:\Users\Priest\Downloads\ERCOT_2009_Demand_and_Energy_Report_7-13-09.xls2013-08-01 15:31 - 2013-08-01 15:31 - 00039424 _____ C:\Users\Priest\Downloads\historical-and-forecasted-energy-and-coincident-peak-demand.xls2013-08-01 15:28 - 2013-08-01 15:28 - 00010723 _____ C:\Users\Priest\Downloads\cdr.00012311.0000000000000000.20130801.153003.LFCCONGESTNP3560_csv.zip ==================== One Month Modified Files and Folders ======= 2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Downloads\FRST64.exe2013-08-31 15:37 - 2013-08-31 15:37 - 01589860 _____ (Farbar) C:\Users\Priest\Desktop\FRST64.exe2013-08-31 15:36 - 2012-01-26 23:19 - 01459081 _____ C:\Windows\WindowsUpdate.log2013-08-31 15:35 - 2013-08-31 15:35 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (4).exe2013-08-31 15:33 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-31 15:33 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-31 15:30 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI2013-08-31 15:27 - 2013-07-12 16:22 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job2013-08-31 15:25 - 2013-08-31 15:25 - 00000000 ___RD C:\Users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2013-08-31 15:25 - 2013-01-28 09:22 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-10002013-08-31 15:25 - 2013-01-28 09:22 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-10002013-08-31 15:25 - 2010-11-20 22:47 - 00039078 _____ C:\Windows\PFRO.log2013-08-31 15:25 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-31 15:25 - 2009-07-13 23:51 - 00073940 _____ C:\Windows\setupact.log2013-08-31 15:24 - 2013-06-18 18:15 - 00000000 ____D C:\Program Files\Microsoft Office 152013-08-31 15:23 - 2013-08-31 15:23 - 00001144 _____ C:\Users\Priest\Desktop\JRT.txt2013-08-31 15:21 - 2012-09-07 10:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-31 15:08 - 2013-08-30 12:21 - 00000000 ____D C:\AdwCleaner2013-08-31 15:08 - 2009-07-14 00:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-31 15:07 - 2013-08-31 15:07 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (3).exe2013-08-31 15:07 - 2013-08-31 15:07 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (3).exe2013-08-31 15:07 - 2013-08-31 15:07 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner (1).exe2013-08-31 15:06 - 2013-08-31 15:06 - 00001229 _____ C:\Users\Priest\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk2013-08-31 15:06 - 2013-08-31 15:06 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs2013-08-31 15:04 - 2013-08-31 15:04 - 00994642 _____ C:\Users\Priest\Downloads\AdwCleaner.exe2013-08-31 15:03 - 2013-08-31 15:03 - 05115930 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (2).exe2013-08-31 15:03 - 2013-08-31 15:03 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (2).exe2013-08-31 10:42 - 2013-08-31 10:42 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix (1).exe2013-08-31 10:42 - 2013-08-31 10:42 - 01027511 _____ (Thisisu) C:\Users\Priest\Downloads\JRT (1).exe2013-08-31 10:42 - 2012-01-28 13:37 - 00002381 _____ C:\Users\Priest\Desktop\Google Chrome.lnk2013-08-30 23:42 - 2013-08-31 15:10 - 01027511 _____ (Thisisu) C:\Users\Priest\Desktop\JRT_NEW.exe2013-08-30 23:06 - 2013-08-27 22:40 - 00000000 ____D C:\Users\Priest\Documents\Amanda School2013-08-30 21:28 - 2012-07-26 11:35 - 00000000 ____D C:\Users\Priest\AppData\Roaming\Mozilla2013-08-30 21:26 - 2013-08-30 21:26 - 05117322 _____ (Swearware) C:\Users\Priest\Downloads\ComboFix.exe2013-08-30 21:26 - 2013-08-30 21:26 - 01023533 _____ (Thisisu) C:\Users\Priest\Downloads\JRT.exe2013-08-30 21:24 - 2012-01-29 18:53 - 00000000 ____D C:\Users\Priest\AppData\Local\CrashDumps2013-08-30 21:24 - 2012-01-26 23:19 - 00000000 ____D C:\Users\Priest2013-08-30 21:23 - 2013-08-30 17:56 - 00000000 ____D C:\Windows\erdnt2013-08-30 21:23 - 2012-07-31 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-30 21:23 - 2012-01-26 23:37 - 00000000 ____D C:\ProgramData\Intel2013-08-30 21:23 - 2012-01-26 23:37 - 00000000 ____D C:\ProgramData\Atheros2013-08-30 21:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration2013-08-30 21:22 - 2013-06-25 18:22 - 00000000 __RHD C:\MSOCache2013-08-30 21:22 - 2012-02-21 09:52 - 00000000 ____D C:\ProgramData\Real2013-08-30 21:13 - 2013-08-30 21:13 - 00022678 _____ C:\ComboFix.txt2013-08-30 21:13 - 2013-08-30 17:56 - 00000000 ____D C:\Qoobox2013-08-30 21:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default2013-08-30 16:42 - 2013-08-30 16:42 - 00000000 ____D C:\Windows\ERUNT2013-08-30 10:10 - 2013-08-30 10:10 - 00053304 _____ C:\Users\Priest\Desktop\KOM v3.xlsx2013-08-30 10:09 - 2013-08-30 10:09 - 00012164 _____ C:\Users\Priest\Desktop\Book1.xlsx2013-08-29 21:57 - 2013-08-29 21:57 - 00000887 _____ C:\Users\Priest\Downloads\soluble-salts_en.jnlp2013-08-29 17:47 - 2013-08-29 17:47 - 00000068 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (2).rm2013-08-29 15:17 - 2013-08-29 15:17 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-1.rm2013-08-29 15:09 - 2013-08-29 15:09 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2 (1).rm2013-08-29 15:07 - 2013-08-29 15:07 - 00000065 _____ C:\Users\Priest\Downloads\PUCT_OM082913-2.rm2013-08-26 16:27 - 2013-07-12 16:22 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job2013-08-22 21:42 - 2013-08-20 17:46 - 00046472 _____ C:\Users\Priest\Desktop\KOM v2.xlsx2013-08-22 09:48 - 2013-08-22 09:48 - 00283648 _____ C:\Users\Priest\Downloads\PRS_August_2013_Project_Prioritization.ppt2013-08-21 15:22 - 2013-08-21 15:22 - 00105964 _____ C:\Users\Priest\Downloads\ERCOT_Methodologies_for_Determining_Ancillary_Service_Requir.zip2013-08-21 01:21 - 2012-09-07 10:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-21 01:21 - 2012-09-07 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-21 01:21 - 2012-09-07 10:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-15 19:34 - 2013-08-15 19:34 - 00003584 _____ C:\Users\Priest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-15 03:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-08-15 03:01 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT2013-08-15 03:00 - 2012-01-26 23:56 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-14 21:24 - 2013-08-14 21:24 - 116072138 _____ C:\Users\Priest\Desktop\ORDC V5.xlsx2013-08-14 10:38 - 2013-08-14 10:38 - 00304640 _____ C:\Users\Priest\Downloads\04._ERS_Procurement_Methodology_WMS.ppt2013-08-14 10:38 - 2013-08-14 10:38 - 00000000 ____D C:\Users\Priest\AppData\OICE_15_974FA576_32C1D314_364C2013-08-08 14:31 - 2013-06-24 17:39 - 00025673 _____ C:\Users\Priest\Desktop\KOM.xlsx2013-08-07 04:22 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2013-08-01 17:24 - 2013-08-01 17:16 - 245984888 _____ C:\Users\Priest\Downloads\Interim_Solution_B+_AS_Imbalance_Posting.zip2013-08-01 16:47 - 2013-08-01 16:47 - 00010009 _____ C:\Users\Priest\Documents\School districts.xlsx2013-08-01 16:03 - 2013-08-01 16:03 - 03821468 _____ C:\Users\Priest\Downloads\Directory.csv2013-08-01 15:33 - 2013-08-01 15:33 - 00310272 _____ C:\Users\Priest\Downloads\ERCOT2013D&E.xls2013-08-01 15:31 - 2013-08-01 15:31 - 00257024 _____ C:\Users\Priest\Downloads\ERCOT_2009_Demand_and_Energy_Report_7-13-09.xls2013-08-01 15:31 - 2013-08-01 15:31 - 00039424 _____ C:\Users\Priest\Downloads\historical-and-forecasted-energy-and-coincident-peak-demand.xls2013-08-01 15:28 - 2013-08-01 15:28 - 00010723 _____ C:\Users\Priest\Downloads\cdr.00012311.0000000000000000.20130801.153003.LFCCONGESTNP3560_csv.zip Files to move or delete:====================C:\Users\Priest\DMOrganizer.datC:\Users\Priest\AppData\Local\Temp\contentDATs.exeC:\Users\Priest\AppData\Local\Temp\GUR44FB.exeC:\Users\Priest\AppData\Local\Temp\ij4oeqya.woe.tightvnc-2.0.2-setup.exeC:\Users\Priest\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exeC:\Users\Priest\AppData\Local\Temp\InstHelper.exeC:\Users\Priest\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Priest\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Priest\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Priest\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exeC:\Users\Priest\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Priest\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Priest\AppData\Local\Temp\lowproc.exeC:\Users\Priest\AppData\Local\Temp\mssinstaller.exeC:\Users\Priest\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Priest\AppData\Local\Temp\nvStereoApiI64.dllC:\Users\Priest\AppData\Local\Temp\nvStInst.exeC:\Users\Priest\AppData\Local\Temp\OfficeSetup.exeC:\Users\Priest\AppData\Local\Temp\Quarantine.exeC:\Users\Priest\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Priest\AppData\Local\Temp\stubhelper.dllC:\Users\Priest\AppData\Local\Temp\swt-win32-3349.dllC:\Users\Priest\AppData\Local\Temp\SymInstallStub.exeC:\Users\Priest\AppData\Local\Temp\_is6048.exeC:\Users\Priest\AppData\Local\Temp\~fvdsuite-3.0.2.exeC:\Users\Priest\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dllC:\Users\Priest\AppData\Local\Temp\~rnsetu2\GEMSETUP\msvcr100.dllC:\Users\Priest\AppData\Local\Temp\~rnsetu2\GEMSETUP\pnrs3260.dllC:\Users\Priest\AppData\Local\Temp\~rnsetu1\GEMSETUP\msvcr100.dllC:\Users\Priest\AppData\Local\Temp\~rnsetu1\GEMSETUP\pnrs3260.dllC:\Users\Priest\AppData\Local\Temp\~rnsetu0\GEMSETUP\pnrs3260.dllC:\Users\Priest\AppData\Local\Temp\~nsu.tmp\Au_.exeC:\Users\Priest\AppData\Local\Temp\{FC5AB5C5-A44A-42D8-8E41-D4855348ABBF}\ISBEW64.exeC:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{F68172AB-64A1-4A2C-94D5-276DE7F8D048}\Disk1\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{E6A15029-5CE8-49CA-A2AF-2F6E32B49FF8}\Disk1\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleCrashHandler.exeC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleCrashHandler64.exeC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdate.exeC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdateBroker.exeC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\GoogleUpdateOnDemand.exeC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdate.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_am.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ar.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_bg.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_bn.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ca.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_cs.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_da.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_de.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_el.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_en-GB.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_en.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_es-419.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_es.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_et.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fa.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fi.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fil.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_fr.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_gu.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hi.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hr.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_hu.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_id.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_is.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_it.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_iw.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ja.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_kn.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ko.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_lt.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_lv.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ml.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_mr.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ms.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_nl.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_no.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pl.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pt-BR.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_pt-PT.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ro.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ru.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sk.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sl.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sr.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sv.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_sw.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ta.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_te.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_th.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_tr.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_uk.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_ur.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_vi.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_zh-CN.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\goopdateres_zh-TW.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\npGoogleUpdate3.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\psmachine.dllC:\Users\Priest\AppData\Local\Temp\{E060C571-D480-45A8-8D81-1BC1B12892BB}\psuser.dllC:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{C556B8E0-B0D1-4579-8417-DD8001C0BAD3}\Disk1\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{ADEF3D0E-4A64-46F4-BF33-F342F0FB1F3C}\ISBEW64.exeC:\Users\Priest\AppData\Local\Temp\{A822101E-E4B5-48F3-91B8-134114F7FBA3}\ISBEW64.exeC:\Users\Priest\AppData\Local\Temp\{A80D798A-5782-4412-B273-E2774D5AF29B}\ISBEW64.exeC:\Users\Priest\AppData\Local\Temp\{90FCD821-C12F-461B-8FDE-00F029047CE2}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{90FCD821-C12F-461B-8FDE-00F029047CE2}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{69C77880-931B-47F7-9C3A-022799F5509C}\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{69C77880-931B-47F7-9C3A-022799F5509C}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{6428575E-9230-4799-AB85-AC28E45BA438}\Disk1\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleCrashHandler.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleCrashHandler64.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdate.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateBroker.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateOnDemand.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\GoogleUpdateSetup.exeC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdate.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_am.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ar.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_bg.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_bn.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ca.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_cs.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_da.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_de.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_el.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_en-GB.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_en.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_es-419.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_es.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_et.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fa.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fi.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fil.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_fr.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_gu.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hi.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hr.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_hu.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_id.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_is.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_it.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_iw.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ja.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_kn.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ko.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_lt.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_lv.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ml.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_mr.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ms.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_nl.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_no.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pl.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pt-BR.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_pt-PT.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ro.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ru.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sk.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sl.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sr.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sv.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_sw.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ta.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_te.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_th.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_tr.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_uk.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_ur.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_vi.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_zh-CN.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\goopdateres_zh-TW.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\npGoogleUpdate3.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\psmachine.dllC:\Users\Priest\AppData\Local\Temp\{581AD5E0-3412-4EBE-82E3-34DCF0554F4B}\psuser.dllC:\Users\Priest\AppData\Local\Temp\{328EBC1A-EE4C-49AD-9C22-DEEE338D4CDF}\ISBEW64.exeC:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\_Setup.dllC:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\ISSetup.dllC:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\setup.exeC:\Users\Priest\AppData\Local\Temp\{1F51B69E-088A-42BF-BE13-90A3B5C99A74}\Disk1\_Setup.dllC:\Users\Priest\AppData\Local\Temp\Temp1_sqlite_export_windows.zip\sqlite_export.exeC:\Users\Priest\AppData\Local\Temp\Temp1_sqlitebrowser_200_b1_win.zip\sqlitebrowser_200_b1_win\SQLite Database Browser 2.0 b1.exeC:\Users\Priest\AppData\Local\Temp\Temp1_RealTemp_370.zip\RealTemp_370\RealTempGT.exeC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\BlackArmor Discovery.exeC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\gdiplus.dllC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_French.dllC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_German.dllC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_Italian.dllC:\Users\Priest\AppData\Local\Temp\Temp1_BlackArmor Discovery v1.20.zip\v1.20(0931.004)\BlackArmor Discovery\RES_Spanish.dllC:\Users\Priest\AppData\Local\Temp\jrt\erunt\ERUNT.EXEC:\Users\Priest\AppData\Local\Temp\ispF893.tmp\_Setup.dllC:\Users\Priest\AppData\Local\Temp\isp9B96.tmp\_Setup.dllC:\Users\Priest\AppData\Local\Temp\is1394899945\fvdsuite-silent.exeC:\Users\Priest\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exeC:\Users\Priest\AppData\Local\Temp\ct2998365\chLogic.exeC:\Users\Priest\AppData\Local\Temp\ct2998365\ctbe.exeC:\Users\Priest\AppData\Local\Temp\ct2998365\spch.exeC:\Users\Priest\AppData\Local\Temp\ct2998365\statisticsStub.exeC:\Users\Priest\AppData\Local\Temp\ct2998365\stub.exeC:\Users\Priest\AppData\Local\Temp\b7a9706c-e9e2-4248-824d-54002e25d346\CliSecureRT.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-31 00:40 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2013 04Ran by Priest at 2013-08-31 15:38:28Running from C:\Users\Priest\DesktopBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 3.1.0.4880)Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)Adobe Reader X (10.1.7) (x32 Version: 10.1.7)Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)Apple Application Support (x32 Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (x32 Version: 2.1.3.127)Application Profiles (x32 Version: 2.0.4420.36380)Battle for Wesnoth 1.10.0 (x32 Version: 1.10.0)BlackArmor Discovery (x32 Version: 1.20.0931.004)Bluetooth Win7 Suite (64) (Version: 7.2.0.65)Bonjour (Version: 3.0.0.10)D3DX10 (x32 Version: 15.4.2368.0902)DAPlayer 1.0.1.9 (x32)DVDFab 8.2.0.0 (03/08/2012) Qt (x32)DVDFab Media Player 1.0.1.5 (27/07/2012) (x32)DVDFab Passkey 8.0.8.6 (27/12/2012) (x32)ESET Smart Security (Version: 6.0.316.0)Google Chrome (HKCU Version: 29.0.1547.62)Google Talk Plugin (x32 Version: 4.5.3.14917)iCloud (Version: 2.1.1.3)Intel® Control Center (x32 Version: 1.2.1.1007)Intel® Management Engine Components (x32 Version: 7.0.0.1144)Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0)Intel® Processor Graphics (x32 Version: 9.17.10.2932)iTunes (Version: 11.0.4.4)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)JMicron JMB36X Driver (x32 Version: 1.17.62.0)Jump Desktop (x32 Version: 3.2.5)Junk Mail filter update (x32 Version: 16.4.3508.0205)League of Legends (x32 Version: 3.0.0)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)marvell 91xx driver (x32 Version: 1.1.0.6)MediaMonkey 4.0 (x32 Version: 4.0)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft SkyDrive (HKCU Version: 17.0.2003.1112)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)Movie Maker (x32 Version: 16.4.3508.0205)Mozilla Firefox 15.0 (x86 en-US) (x32 Version: 15.0)Mozilla Maintenance Service (x32 Version: 15.0)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT_amd64 (x32 Version: 15.4.2862.0708)MSVCRT110 (x32 Version: 16.4.1108.0727)MSVCRT110_amd64 (Version: 16.4.1109.0912)NETGEAR Powerline Utility (x32 Version: 2.0.0.14)NVIDIA Install Application (Version: 2.1002.46.235)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4517.1509)Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1509)Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4517.1509)Photo Gallery (x32 Version: 16.4.3508.0205)Picasa 3 (x32 Version: 3.9)QuickTime (x32 Version: 7.74.80.86)RealDownloader (x32 Version: 1.3.1)RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)RealPlayer (x32 Version: 16.0.0)Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)RealUpgrade 1.1 (x32 Version: 1.1.0)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)rosoft Office Home and Student 2013 - en-us (Version: 15.0.4517.1509)Star Wars: The Old Republic (x32 Version: 1.00)swMSM (x32 Version: 12.0.0.1)Synology Assistant (remove only) (x32)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)WebEx (HKCU)Windows Live Communications Platform (x32 Version: 16.4.3508.0205)Windows Live Essentials (x32 Version: 16.4.3508.0205)Windows Live Family Safety (Version: 16.4.3508.0205)Windows Live Family Safety (x32 Version: 16.4.3508.0205)Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)Windows Live Installer (x32 Version: 16.4.3508.0205)Windows Live Mail (x32 Version: 16.4.3508.0205)Windows Live Messenger (x32 Version: 16.4.3508.0205)Windows Live MIME IFilter (Version: 16.4.3508.0205)Windows Live Photo Common (x32 Version: 16.4.3508.0205)Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)Windows Live SOXE (x32 Version: 16.4.3508.0205)Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)Windows Live UX Platform (x32 Version: 16.4.3508.0205)Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)Windows Live Writer (x32 Version: 16.4.3508.0205)Windows Live Writer Resources (x32 Version: 16.4.3508.0205)XAV1004 Firmware Upgrade Tool (x32 Version: 2.0.0.0) ==================== Restore Points ========================= 27-08-2013 14:44:02 Windows Update30-08-2013 15:52:18 Windows Update30-08-2013 16:02:52 Windows Update30-08-2013 17:04:10 Windows Update30-08-2013 21:52:38 Windows Update30-08-2013 22:36:25 Windows Update31-08-2013 02:25:38 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-08-31 15:25 - 00109890 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 08sr.combineads.info # hosts anti-adware / pups127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups127.0.0.1 2010-fr.com # hosts anti-adware / pups127.0.0.1 2012-new.biz # hosts anti-adware / pups127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups127.0.0.1 24h00business.com # hosts anti-adware / pups127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups127.0.0.1 ad.adn360.com # hosts anti-adware / pups127.0.0.1 adeartss.eu # hosts anti-adware / pups127.0.0.1 adesoeasy.eu # hosts anti-adware / pups127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups127.0.0.1 adm.soft365.com # hosts anti-adware / pups127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups127.0.0.1 ads.aff.co # hosts anti-adware / pups127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups127.0.0.1 ads.eorezo.com # hosts anti-adware / pups127.0.0.1 ads.hooqy.com # hosts anti-adware / pups127.0.0.1 ads.icksor.com # hosts anti-adware / pups127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups127.0.0.1 ads.tersecta.com # hosts anti-adware / pups127.0.0.1 a.dungtank.com # hosts anti-adware / pups127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups127.0.0.1 aff.foxtab.com # hosts anti-adware / pups 127.0.0.1 affilibot.eu # hosts anti-adware / pups There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {01EE1ECE-BE8A-4711-BBB2-DEC7347ECD71} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {11B26850-9C33-41BF-A052-692BB5F8FF55} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {2CAAA35C-99D0-4DCB-AEB1-A8FDB1EA5A69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44 => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)Task: {374D9D9B-F115-4C8D-AF40-0DD01D184753} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)Task: {3E04DD71-45CE-41C7-8417-B9835EDF5680} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)Task: {63C89A43-A674-426E-94D8-94BC5B253D97} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {8D22EA24-B2AA-4244-BB5A-7772030AB2F7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)Task: {9094EE8F-04C4-4FC0-8411-E22364FAD1A2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3654915720-261398463-261377745-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {93F2C753-8385-45C1-8226-CBC30DDDBE86} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)Task: {94157446-9B5A-4E92-A46C-06982A3994B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update TaskTask: {A5D1DCAB-B62E-47A9-A461-5A892CF9D755} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C8E7D801-278A-4FB7-AA7D-457CDF54D96F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)Task: {D044537B-2B4B-4DCF-85DB-0A09E2A72F01} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)Task: {DC57F58B-7688-4BDD-9C6F-78FD96AF33B1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)Task: {EC39E662-5AFA-42AE-B8D2-726782926DEF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-09] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job => C:\Users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-07-13 19:22 - 2009-07-13 20:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm2011-10-26 10:21 - 2012-02-09 18:55 - 00040960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2011-04-20 03:07 - 2012-02-09 18:55 - 00892416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2011-04-20 02:49 - 2012-02-09 18:55 - 05041664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2013-06-18 18:22 - 2013-06-18 18:22 - 00261624 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll2013-06-18 18:22 - 2013-06-18 18:22 - 00661448 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCP110.dll2013-06-18 18:22 - 2013-06-18 18:22 - 00828872 _____ (Microsoft Corporation) C:\Users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll2013-08-15 03:36 - 2013-08-30 21:35 - 02328776 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL2013-06-18 18:19 - 2013-06-18 18:19 - 00158536 _____ (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ATL100.DLL2013-08-15 03:36 - 2013-08-30 21:35 - 08865448 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2009-07-13 18:35 - 2009-07-13 20:40 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\FunDisc.dll2010-11-20 22:24 - 2010-11-20 22:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll2009-07-13 18:30 - 2009-07-13 20:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\WINBRAND.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00061088 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll2009-07-13 18:36 - 2009-07-13 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\sdautoplay.dll2010-11-20 22:25 - 2010-11-20 22:25 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\SPP.dll2010-11-20 22:24 - 2010-11-20 22:24 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\VSSAPI.DLL2009-07-13 18:36 - 2009-07-13 20:41 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\VssTrace.DLL2010-11-20 22:25 - 2010-11-20 22:25 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll2010-11-20 22:24 - 2010-11-20 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll2009-07-13 18:36 - 2009-07-13 20:41 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll2010-11-20 22:24 - 2010-11-20 22:24 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll2012-01-26 23:32 - 2012-12-14 03:42 - 00064000 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll2009-07-13 19:17 - 2009-07-13 20:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\drprov.dll2010-11-20 22:24 - 2010-11-20 22:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\ntlanman.dll2010-11-20 22:24 - 2010-11-20 22:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll2011-03-13 11:59 - 2011-03-13 11:59 - 00066720 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Sync.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00073376 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GOEP_SINGLE.DLL2011-03-13 11:59 - 2011-03-13 11:59 - 02233504 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00119456 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\L2capLib.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00043680 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BTBIP.DLL2011-03-13 11:59 - 2011-03-13 11:59 - 00081056 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00044704 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BPP.DLL2011-03-13 11:58 - 2011-03-13 11:58 - 00078496 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\GOEP_bpp.DLL2011-03-13 11:58 - 2011-03-13 11:58 - 00079008 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00207520 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtObexFt.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00029856 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtFileStore.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00208544 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BTOBEXOP.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00030368 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtFileStoreOpp.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00072352 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\goep.dll2011-03-13 11:58 - 2011-03-13 11:58 - 00305824 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\filetransfer.dll2010-11-20 22:24 - 2010-11-20 22:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\wshBth.dll2011-03-13 11:59 - 2011-03-13 11:59 - 00140448 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\skypeagent.dll2013-06-18 03:00 - 2013-06-18 03:00 - 01658368 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80.DLL2011-03-13 11:59 - 2011-03-13 11:59 - 00118944 _____ (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\ObjPush.dll2011-08-01 16:59 - 2011-08-01 16:59 - 01097096 _____ (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll2011-08-01 16:59 - 2011-08-01 16:59 - 01936776 _____ (Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\dpgcmd.dll2011-08-01 16:59 - 2011-08-01 16:59 - 00798088 _____ (Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll2012-01-26 23:32 - 2012-12-14 03:42 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL2012-01-26 23:32 - 2011-05-23 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-12-14 03:42 - 2012-12-14 03:42 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc2013-03-21 15:20 - 2013-03-21 15:20 - 00254080 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiHips.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00691288 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiScan.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00355008 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00123752 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00119144 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01653320 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00241184 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01010624 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00111416 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll2013-03-21 15:19 - 2013-03-21 15:19 - 01083248 _____ (ESET) C:\Program Files\ESET\ESET Smart Security\eguiParental.dll2012-08-23 18:23 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\NETAPI32.dll2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Communications Port (COM4)Description: Communications PortClass Guid: {4d36e978-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard port types)Service: SerialProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (08/31/2013 03:27:26 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 03:24:14 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (08/31/2013 03:26:13 PM) (Source: Service Control Manager) (User: )Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (08/31/2013 03:26:09 PM) (Source: Service Control Manager) (User: )Description: The HOSTS Anti-PUPs service failed to start due to the following error: %%1053 Error: (08/31/2013 03:26:09 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect. Error: (08/31/2013 03:25:36 PM) (Source: Serial) (User: )Description: While validating that \Device\Serial1 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers.The device is assumed not to be a serial port and will be deleted. Microsoft Office Sessions:=========================Error: (08/31/2013 03:27:26 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2013 03:24:14 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 40%Total physical RAM: 8097.03 MBAvailable physical RAM: 4803.21 MBTotal Pagefile: 16192.24 MBAvailable Pagefile: 12226.97 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Krieslieriana) (Fixed) (Total:445.9 GB) (Free:235.73 GB) NTFSDrive e: (130716_1322) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 446 GB) (Disk ID: 69A01086)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=446 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted August 31, 2013 ID:723479 Share Posted August 31, 2013 Do you have access to Normal mode now? Link to post Share on other sites More sharing options...
Priest Posted August 31, 2013 Author ID:723496 Share Posted August 31, 2013 I do, but I still have 8-12 corrupted files. Link to post Share on other sites More sharing options...
Maniac Posted September 3, 2013 ID:724716 Share Posted September 3, 2013 Manually delete all of your ComboFix copies and then: Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
Priest Posted September 3, 2013 Author ID:724907 Share Posted September 3, 2013 ComboFix 13-09-02.02 - Priest 09/03/2013 18:07:37.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.6181 [GMT -5:00]Running from: c:\users\Priest\Desktop\ComboFix.exeAV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))))..2013-09-03 23:11 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F9CAA9-940E-4C29-8631-64E1C7E99A47}\mpengine.dll2013-09-03 23:10 . 2013-09-03 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-30 21:42 . 2013-08-30 21:42 -------- d-----w- c:\windows\ERUNT2013-08-30 17:21 . 2013-08-31 20:08 -------- d-----w- C:\AdwCleaner2013-08-15 08:00 . 2013-08-15 08:01 -------- d-----w- c:\windows\system32\MRT...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-31 02:34 . 2013-06-18 23:18 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2013-08-21 06:21 . 2012-09-07 15:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 06:21 . 2012-09-07 15:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-15 08:00 . 2012-01-27 04:56 78161360 ----a-w- c:\windows\system32\MRT.exe2013-08-07 09:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-07-22 16:24 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-07-09 04:45 . 2013-08-14 13:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-05 19:41 . 2013-07-05 19:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-05 19:41 . 2012-09-11 16:08 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2013-07-05 19:41 . 2012-01-27 05:32 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]"GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54"="c:\users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-26 295512]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-08-31 302961].c:\users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk - c:\users\Priest\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux5"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 IANSPROTOCOL;Intel® Advanced Network Services Protocol;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [x]R4 eins1203;Eset install launcher (12034);c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]S3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]start [bU].Contents of the 'Scheduled Tasks' folder.2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 06:21].2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51].2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\.- - - - ORPHANS REMOVED - - - -.AddRemove-Battle for Wesnoth 1.10.0 - c:\program files (x86)\Battle for Wesnoth 1.10.0\Uninstall.exeAddRemove-MagniDriver - c:\program files (x86)\Marvell\mv91xx\uninst-91xx.exeAddRemove-Synology Assistant - c:\program files (x86)\Synology\Assistant\Uninstall.exeAddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.**************************************************************************.Completion time: 2013-09-03 18:13:02 - machine was rebootedComboFix-quarantined-files.txt 2013-09-03 23:13ComboFix2.txt 2013-08-31 02:13.Pre-Run: 253,404,106,752 bytes freePost-Run: 253,067,661,312 bytes free.- - End Of File - - 3FEC4B36DCBF810CB555B90ED99347C8 Link to post Share on other sites More sharing options...
Priest Posted September 3, 2013 Author ID:724911 Share Posted September 3, 2013 Thank you. Only 5 infected files remaining. Link to post Share on other sites More sharing options...
Maniac Posted September 5, 2013 ID:725416 Share Posted September 5, 2013 Please post your log, I would like to see more details. Link to post Share on other sites More sharing options...
Priest Posted September 5, 2013 Author ID:725508 Share Posted September 5, 2013 It is the log preceding my last post. I will try to find it again. VP Link to post Share on other sites More sharing options...
Priest Posted September 5, 2013 Author ID:725510 Share Posted September 5, 2013 ComboFix 13-09-02.02 - Priest 09/03/2013 18:07:37.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.6181 [GMT -5:00]Running from: c:\users\Priest\Desktop\ComboFix.exeAV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))))..2013-09-03 23:11 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F9CAA9-940E-4C29-8631-64E1C7E99A47}\mpengine.dll2013-09-03 23:10 . 2013-09-03 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-30 21:42 . 2013-08-30 21:42 -------- d-----w- c:\windows\ERUNT2013-08-30 17:21 . 2013-08-31 20:08 -------- d-----w- C:\AdwCleaner2013-08-15 08:00 . 2013-08-15 08:01 -------- d-----w- c:\windows\system32\MRT...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-31 02:34 . 2013-06-18 23:18 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2013-08-21 06:21 . 2012-09-07 15:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 06:21 . 2012-09-07 15:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-15 08:00 . 2012-01-27 04:56 78161360 ----a-w- c:\windows\system32\MRT.exe2013-08-07 09:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-07-22 16:24 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-07-09 04:45 . 2013-08-14 13:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-07-05 19:41 . 2013-07-05 19:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-05 19:41 . 2012-09-11 16:08 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2013-07-05 19:41 . 2012-01-27 05:32 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-06-18 23:22 222712 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]"GoogleChromeAutoLaunch_E47DD23A6E017550204E2E05D2A17E54"="c:\users\Priest\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-09-02 829392].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-26 295512]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-08-31 302961].c:\users\Priest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk - c:\users\Priest\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux5"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 IANSPROTOCOL;Intel® Advanced Network Services Protocol;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19Hx64.sys;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64.sys [x]R3 USA19HP;USA19HP;c:\windows\system32\DRIVERS\USA19Hx64p.SYS;c:\windows\SYSNATIVE\DRIVERS\USA19Hx64p.SYS [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys;c:\users\Priest\RealTemp\RealTemp_370\WinRing0x64.sys [x]R4 eins1203;Eset install launcher (12034);c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys;c:\windows\SYSNATIVE\drivers\dvdfab.sys [x]S3 iANSMiniport;Intel® Advanced Network Services Virtual Adapter;c:\windows\system32\DRIVERS\iansw60e.sys;c:\windows\SYSNATIVE\DRIVERS\iansw60e.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]start [bU].Contents of the 'Scheduled Tasks' folder.2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 06:21].2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000Core1ce7f45ec8ebf44.job- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51].2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654915720-261398463-261377745-1000UA1ce7f45ecb3d3ff.job- c:\users\Priest\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 04:51]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-06-18 23:22 261624 ----a-w- c:\users\Priest\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2013-08-31 02:35 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Priest\AppData\Roaming\Mozilla\Firefox\Profiles\q8vrga5t.default\.- - - - ORPHANS REMOVED - - - -.AddRemove-Battle for Wesnoth 1.10.0 - c:\program files (x86)\Battle for Wesnoth 1.10.0\Uninstall.exeAddRemove-MagniDriver - c:\program files (x86)\Marvell\mv91xx\uninst-91xx.exeAddRemove-Synology Assistant - c:\program files (x86)\Synology\Assistant\Uninstall.exeAddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3654915720-261398463-261377745-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.**************************************************************************.Completion time: 2013-09-03 18:13:02 - machine was rebootedComboFix-quarantined-files.txt 2013-09-03 23:13ComboFix2.txt 2013-08-31 02:13.Pre-Run: 253,404,106,752 bytes freePost-Run: 253,067,661,312 bytes free.- - End Of File - - 3FEC4B36DCBF810CB555B90ED99347C8 Link to post Share on other sites More sharing options...
Maniac Posted September 6, 2013 ID:725951 Share Posted September 6, 2013 I mean from here: Thank you. Only 5 infected files remaining. I already have ComboFix log. Link to post Share on other sites More sharing options...
Priest Posted September 6, 2013 Author ID:726145 Share Posted September 6, 2013 alwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.06.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Priest :: SCHUMANN [administrator] Protection: Enabled 9/6/2013 9:09:34 AMMBAM-log-2013-09-06 (09-11-29).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 225330Time elapsed: 1 minute(s), 40 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 5C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\CFZFUWAG\GenericInstaller_v1[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\FKOASWKK\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Priest\Local Settings\Temporary Internet Files\Content.IE5\NR6YIA51\Trustworthy_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken. (end) Is this what you are looking for? Link to post Share on other sites More sharing options...
Maniac Posted September 7, 2013 ID:726497 Share Posted September 7, 2013 I think so. Step 1 Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanStep 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
Priest Posted September 8, 2013 Author ID:727273 Share Posted September 8, 2013 Completely clean. You are a genius! Thank you! Link to post Share on other sites More sharing options...
Maniac Posted September 8, 2013 ID:727289 Share Posted September 8, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2 Some malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 16, 2013 Root Admin ID:730854 Share Posted September 16, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts