Jump to content

I have pooched my machine


Recommended Posts

If anyone can help me I would very much appreciate it.  Unfortunately I may have pooched my laptop good.  I already tried to fix it several ways which may make it impossible to help me.  If you could give this a look and see if I am beyond help?

 

First, I can tell you how I did it.  I have been using Imgburn.  I was in a hurry to write a disk ironically to help someone else fix their computer after installing a new drive.  I made them a copy of Win 7.  During the start of imgburn it said there is a new version.  I hastily said ok, ok, ok, way to quick and did not pay attention.  I inadvertently installed AVG SafeGuard toolbar.  That and whatever else prevents me from program updates like to Malwarebytes and all my browsers are pooched.  I can’t connect except for Firefox 64 bit that I'm using now.

 

Here is the two text files requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by Rachel at 22:10:26 on 2013-11-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8082.5363 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Fraps\fraps.exe
C:\Fraps\fraps64.dat
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\ZOMM\myZOMM\myZOMM.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe
F:\Pollux2\Downloads\Windows-KB890830-x64-V5.5.exe
f:\c158a49d5b050a84cf2d\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Nightly\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ZyXEL USB Share Center] C:\Program Files (x86)\ZyXEL\NetUSB Share Center\Share Center.exe -mini
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYZOMM~1.LNK - C:\Program Files (x86)\ZOMM\myZOMM\myZOMM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\Sendori.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{C6094CA0-94EA-4F2E-8DCB-5A979E48C54D} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{CEE627C6-D813-4364-AA48-F8B17E094C59} : DHCPNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{DD3BD1FE-3818-407E-9FE3-12D984A24737} : DHCPNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{DD3BD1FE-3818-407E-9FE3-12D984A24737}\149627E45647B4F6E676234374 : DHCPNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{DD3BD1FE-3818-407E-9FE3-12D984A24737}\24C65756357716C6C6F677D4F64756C623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DD3BD1FE-3818-407E-9FE3-12D984A24737}\C696E6B6379737 : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\Protector Suite\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
x64-Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [EvtMgr6] c:\program files\logitech\setpointp\setpoint.exe /launchgaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\doxqycm1.default\
FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-6-3 727592]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-6-11 137312]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-2 150256]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-5-22 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-5-22 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-11 20024]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-5-22 30496]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-6-3 17720]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-6-11 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2013-6-11 146528]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-23 46368]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-6-3 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-6-3 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-6-3 76944]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-9-24 66928]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-6-3 574272]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-11 3459024]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]
R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-6-3 1315728]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-8-13 101888]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-5-22 2468496]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-24 335168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2012-8-13 23832]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-22 165664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-3 701512]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-8-23 83224]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2012-6-28 35840]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-9-24 490496]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-6-3 95184]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-6-28 5915352]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-22 364832]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-8-27 67320]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-23 1734680]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-11 367200]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-9-24 3364720]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-6-3 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-7-15 601360]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2013-9-25 21704]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-10-24 23048]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-5-22 160256]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-7-17 26432]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-22 442368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-11 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-11 791608]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2013-5-22 26208]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-3 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-10-24 34336]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2013-5-22 302224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-22 769168]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-10-24 23016]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2012-8-17 14936]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2013-10-8 31744]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-6-3 82824]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-22 19456]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-3-4 22016]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-4-18 119808]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2013-5-23 15360]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2013-5-23 15360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-22 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-22 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-22 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2013-6-10 14544]
S3 X-Rite;X-Rite USB Service;C:\Windows\System32\drivers\XrUsb64.sys [2013-5-23 33600]
S3 ZOMMDrv;ZOMM™ Device driver;C:\Windows\System32\drivers\ZOMMDrvx64.sys [2011-6-3 37432]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-6-3 69392]
.
=============== Created Last 30 ================
.
2013-10-24 03:46:26    325920    ----a-w-    C:\Windows\SysWow64\Sendori.dll
2013-10-24 03:46:21    --------    d-----w-    C:\ProgramData\Sendori
2013-10-24 03:46:18    --------    d-----w-    C:\Program Files (x86)\Sendori
2013-10-24 03:46:17    --------    d-----w-    C:\Users\Rachel\AppData\Local\AVG SafeGuard toolbar
2013-10-24 03:45:37    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-10-24 03:45:34    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2013-10-24 03:45:32    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-10-24 03:45:29    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-09 11:26:51    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-10-08 18:14:43    31744    ----a-w-    C:\Windows\System32\drivers\lgandnetadb.sys
2013-10-08 18:14:42    --------    d-----w-    C:\Program Files (x86)\LG Electronics
.
==================== Find3M  ====================
.
2013-10-09 12:08:14    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:08:14    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 12:08:06    17813896    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-03 02:45:19    150256    ----a-w-    C:\Windows\System32\drivers\gzflt.sys
2013-10-03 02:45:09    389240    ----a-w-    C:\Windows\System32\drivers\trufos.sys
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-19 19:01:05    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
.
============= FINISH: 22:10:51.81 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 5/23/2013 6:20:39 PM
System Uptime: 11/2/2013 8:52:15 PM (2 hours ago)
.
Motherboard: CLEVO                             |  | P15xEMx
Processor: Intel® Core i7-3720QM CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 29.693 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 80 GiB total, 14.433 GiB free.
F: is FIXED (NTFS) - 611 GiB total, 250.633 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP114: 9/25/2013 4:03:45 PM - EasyTether
RP115: 9/25/2013 4:05:45 PM - Device Driver Package Install: Mobile Stream Network adapters
RP116: 9/25/2013 4:06:34 PM - Device Driver Package Install: Mobile Stream
RP117: 9/25/2013 4:50:16 PM - Installed LG United Mobile Driver
RP118: 10/8/2013 1:55:22 PM - Installed LG United Mobile Driver
RP119: 10/8/2013 2:13:49 PM - Removed LG United Mobile Driver
RP120: 10/8/2013 2:14:37 PM - Installed LG United Mobile Driver
RP121: 10/9/2013 7:37:40 AM - Windows Update
.
==== Installed Programs ======================
.
Acronis Drive Monitor
Acronis True Image Home 2012
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced SystemCare 6
Age of Empires II HD © Microsoft Studios version 1
BisonCam
Bitdefender Total Security 2013
C5150n - C5200n  Series GDI Driver from OKI® Printing Solutions for Windows
CCleaner
CDisplayEx 1.9.8
CuteFTP 8 Professional
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Desktop Restore
DeVeDe
Diablo III
DisplayFusion 5.1
Download Updater (AOL Inc.)
EasyTether
EasyTether ADB USB driver
eReg
Firefox Backup Tool version 1.0
Folder Size 2.9.0.0
Fraps
Freemake Video Converter version 4.0.3
Game Booster 3
GetDiz
Google Chrome
Google Update Helper
Greenshot 1.1.5.2643
Hotkey 6.0100
ImgBurn
Intel Extreme Tuning Utility
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Trusted Connect Service Client
Intel® Watchdog Timer Driver (Intel® WDT)
IObit Malware Fighter
IrfanView (remove only)
Java 7 Update 25
LG United Mobile Driver
Logitech SetPoint 6.52
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Streets & Trips 2013
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MozBackup 1.5.1
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
myZOMM™
Nightly 28.0a1 (x64 en-US)
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA Optimus 1.12.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update Components
PerfectDisk 12.5 Professional
Photo Stitcher
Protector Suite 2012
Python 2.7.5 (64-bit)
Qualcomm Atheros Killer Network Manager
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
ScanXL Professional
SDK
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition
Sendori
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Smart Defrag 2
Snagit 11
SSDlife Pro
SUPERAntiSpyware
Synaptics Pointing Device Driver
Torchlight 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Vista Shortcut Manager x64
VLC media player 2.0.8
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
WinRAR 4.20 (64-bit)
ZyXEL NetUSB Share Center
.
==== Event Viewer Messages From Past Week ========
.
11/2/2013 8:57:55 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TANGERII that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD3BD1FE-3818-407E-9FE3-12D984A24737}. The master browser is stopping or an election is being forced.
11/2/2013 8:55:59 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/2/2013 8:55:59 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
11/2/2013 8:53:57 PM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.
11/2/2013 8:42:43 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/2/2013 4:18:24 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
10/26/2013 3:34:52 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 

I'm going to assume or hope that you were making a copy of Windows 7 only so that your friend could do a repair of their system.

Copying the DVD for them to install Windows 7 is illegal.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

 

Hello and :welcome:

 

Thank you I am happy and honored to receive your help.  That is if I can be helped :blink:

 

I'm going to assume or hope that you were making a copy of Windows 7 only so that your friend could do a repair of their system.

Copying the DVD for them to install Windows 7 is illegal.

General P2P/Piracy Warning:

 

I was unaware of this.  I thought I would help him out after he installed a new hard drive and lost his disk.  He used his own key from the sticker on his computer.  Gee, I guess I should not have offered my help for two reasons.  I would have not messed up my system and I would not have done something illegal.  Lesson learned :blush:

 

  • Topic followed.
  •  Everything I need is on my second drive.
  •  I have a 64 bit system.
  •  My antivirus is disabled, Bitdefender Total Security 2013.
  •  Rkill ran, here is the log:

Rkill 2.6.2 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/03/2013 11:05:25 AM in x64 mode.

Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 3104) [AU-HEUR]

 * C:\Program Files\Nightly\firefox.exe (PID: 7688) [FI]

2 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

 F:\Pollux2\Desktop\rkill\rkill-11-03-2013-11-05-31.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/03/2013 11:05:43 AM

Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

 

 

  • RougeKiller 64 bit ran, here is the log:

 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Rachel [Admin rights]

Mode : Scan -- Date : 11/03/2013 12:01:44

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Kookie\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Users\Public\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\Rachel\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA ST750LX003-1AC15 SCSI Disk Device +++++

--- User ---

[MBR] a4dbc13e00466f651a752ad33b7e1d3d

[bSP] f28c83be9d0b99c3ca90747ab06db73f : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 81920 Mo

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 167774208 | Size: 8202 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 184571904 | Size: 625279 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ATA SAMSUNG MZMTD128 SCSI Disk Device +++++

--- User ---

[MBR] fdbf6064047b7943c7a2aaa731cf28a3

[bSP] 739de67ad47dbcc1bf8dad60b0b710c4 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 113901 Mo

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233271296 | Size: 8201 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_11032013_120144.txt >>

RKreport[0]_S_11032013_115359.txt

Ok, again thank you for your help.  Awaiting your reply. :unsure:

 

 

Link to post
Share on other sites

  • Root Admin

Thank you but please do not use the quote tags.  Click on the "More reply Options" and remove any quoting.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Step 03 failing:

 

Upon running Malwarebytes Anti-Rootkit I get a message saying "Registery value "AppInit_Dlls" has been found, which may be caused by rootkit activity.  Press no if your not sure..."  I'm not sure so I press no.  It runs, but I can not update the database.  I get Failed: DNS error.  I had gotten an update error when trying to run Regular Malwarebytes before I asked for your help. 

 

Should I restart it and say yes to remove that value before proceeding?

Link to post
Share on other sites

Ok.  Step 03 skipped

 

Step 04 success

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Professional x64
Ran by Rachel on Mon 11/04/2013 at  7:57:34.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/04/2013 at  8:05:13.37
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Step 05 competed for AdwCleaner

 

# AdwCleaner v3.011 - Report created 04/11/2013 at 18:29:10
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Rachel - POLLUX2
# Running from : F:\Pollux2\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\0l1i4kn6.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\0l1i4kn6.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.nosquint.sites", "amctv.com=0,1355459155585,16,100,0,0,false,0,0,false jstream.info=0,1352786164460,34,110,0,0,false,0,0,false dslreports.com=0,1358400939216,32,0,0,0,false,0,0,f[...]

[ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\doxqycm1.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3464 octets] - [04/11/2013 18:24:35]
AdwCleaner[s0].txt - [3427 octets] - [04/11/2013 18:29:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3487 octets] ##########

 

At the end of step 5, I get an error: 

 

When updating Malwarebytes I get this error - PROGRAM_ERROR_UPDATING (0,0, DNS error)

 

What should I do?
 

Link to post
Share on other sites

  • Root Admin

Please try restarting your computer and then run the following.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

Link to post
Share on other sites

Ok restarted.  Ran MiniToolBox.  It got stuck on getting IP configuration.  Had to Ctrl-Alt-Del to stop it (ran for at least 1/2 hour).  Restarted again.  Same thing.  So I ticked everything you requested except List IP configuration. This is the log it produced (I don't think its the whole thing):

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Rachel (administrator) on 04-11-2013 at 20:45:45
Running from "F:\Pollux2\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Killer Wireless-N 1103 Network Adapter = AirNetKong (Connected)
Realtek PCIe GBE Family Controller = NetKong (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
EasyTether Network Adapter = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Pollux2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : NETKONG

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : EasyTether Network Adapter
   Physical Address. . . . . . . . . : 02-00-54-74-68-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2E-E9-D3-A3-85-CA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter AirNetKong:

   Connection-specific DNS Suffix  . : NETKONG
   Description . . . . . . . . . . . : Killer Wireless-N 1103 Network Adapter
   Physical Address. . . . . . . . . : 7C-E9-D3-A3-85-CA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1dc1:36dd:ffdf:50c0%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.43(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 04, 2013 8:42:46 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 05, 2013 8:42:51 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 310176211
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-4D-EC-00-90-F5-CC-97-80
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter NetKong:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : NETKONG
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-90-F5-CC-97-80
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.NETKONG:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : NETKONG
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:18bb:9f8:3f57:fed4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::18bb:9f8:3f57:fed4%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  myrouter.NETKONG
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:801::1000
      74.125.225.69
      74.125.225.70
      74.125.225.71
      74.125.225.66
      74.125.225.68
      74.125.225.78
      74.125.225.72
      74.125.225.73
      74.125.225.67
      74.125.225.64
      74.125.225.65


Pinging google.com [74.125.225.65] with 32 bytes of data:
Reply from 74.125.225.65: bytes=32 time=85ms TTL=55
Reply from 74.125.225.65: bytes=32 time=20ms TTL=55

Ping statistics for 74.125.225.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 20ms, Maximum = 85ms, Average = 52ms
Server:  myrouter.NETKONG
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=62ms TTL=49
Reply from 98.139.183.24: bytes=32 time=46ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 46ms, Maximum = 62ms, Average = 54ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 

Link to post
Share on other sites

  • Root Admin

Okay, let's run the following scanner then.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ok, here it is:

 

ComboFix 13-11-03.02 - Rachel 11/04/2013  21:45:53.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8082.5950 [GMT -5:00]
Running from: f:\pollux2\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1371376907.bdinstall.bin
c:\programdata\1371377062.bdinstall.bin
c:\users\Rachel\AppData\Local\assembly\tmp
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-05 to 2013-11-05  )))))))))))))))))))))))))))))))
.
.
2013-11-05 02:52 . 2013-11-05 02:52    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-11-05 02:52 . 2013-11-05 02:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-04 23:24 . 2013-11-04 23:29    --------    d-----w-    C:\AdwCleaner
2013-11-04 12:28 . 2013-11-04 12:28    --------    d-----w-    c:\windows\ERUNT
2013-11-04 04:14 . 2013-11-04 04:28    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-03 16:41 . 2013-11-03 16:41    --------    d-----w-    c:\program files (x86)\ERUNT
2013-10-24 03:46 . 2013-10-07 19:50    325920    ----a-w-    c:\windows\SysWow64\Sendori.dll
2013-10-24 03:46 . 2013-10-24 03:46    --------    d-----w-    c:\programdata\Sendori
2013-10-24 03:46 . 2013-10-24 03:46    --------    d-----w-    c:\program files (x86)\Sendori
2013-10-24 03:46 . 2013-10-24 03:46    --------    d-----w-    c:\users\Rachel\AppData\Local\AVG SafeGuard toolbar
2013-10-24 03:45 . 2013-10-24 03:45    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-10-24 03:45 . 2013-10-24 03:46    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-10-24 03:45 . 2013-10-24 20:31    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-10-09 11:26 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-08 18:14 . 2013-04-18 20:12    31744    ----a-w-    c:\windows\system32\drivers\lgandnetadb.sys
2013-10-08 18:14 . 2013-10-08 18:14    --------    d-----w-    c:\program files (x86)\LG Electronics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 12:08 . 2013-09-14 20:31    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:08 . 2013-09-14 20:31    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 12:08 . 2013-09-11 07:00    17813896    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-03 02:45 . 2013-10-03 02:45    150256    ----a-w-    c:\windows\system32\drivers\gzflt.sys
2013-10-03 02:45 . 2013-06-03 16:44    389240    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-09-26 05:46 . 2013-05-22 22:01    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-08-29 01:48 . 2013-10-09 11:26    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-19 19:01 . 2013-06-11 02:21    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-09-02 7892864]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ZyXEL USB Share Center"="c:\program files (x86)\ZyXEL\NetUSB Share Center\Share Center.exe" [2012-08-28 9829376]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"TrueImageMonitor.exe"="c:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe" [2012-06-28 5955088]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-24 466768]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-10-07 83232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2013-2-4 4839936]
myZOMM™.lnk - c:\program files (x86)\ZOMM\myZOMM\myZOMM.exe [2011-9-2 975704]
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-9-24 553984]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 cpuz136;cpuz136;c:\users\Rachel\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Rachel\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys;c:\windows\SYSNATIVE\drivers\Spyder2.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys;c:\windows\SYSNATIVE\drivers\Spyder3.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb64.sys;c:\windows\SYSNATIVE\drivers\XrUsb64.sys [x]
R3 ZOMMDrv;ZOMM™ Device driver;c:\windows\system32\Drivers\ZOMMDrvx64.sys;c:\windows\SYSNATIVE\Drivers\ZOMMDrvx64.sys [x]
R3 ZyxelUDSTcpBus;ZyxelUDSTcpBus;SysWOW64\Drivers\ZyxelUDSTcpBus.sys;SysWOW64\Drivers\ZyxelUDSTcpBus.sys [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\drivers\ICCWDT.sys;c:\windows\SYSNATIVE\drivers\ICCWDT.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys;c:\windows\SYSNATIVE\drivers\johci.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ZyxelUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\ZyxelUDSMBus.sys;SysWOW64\Drivers\ZyxelUDSMBus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 23:11    1185744    ----a-w-    c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 12:08]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13 08:48]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13 08:48]
.
2013-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1c2aecb3-7c31-4a44-b6ae-b5a261cf1836.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-11-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 6123e178-90bb-413c-9b22-80ceea6332d0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2012-10-23 22:03    5928296    ----a-w-    c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2012-10-23 22:03    5928296    ----a-w-    c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-02-27 19:43    269200    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-02-27 19:43    269200    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-02-27 19:43    269200    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-02-27 19:43    269200    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-31 164848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-31 406512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-26 13196432]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2012-10-23 85352]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-10-03 1575192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
"EvtMgr6"="c:\program files\logitech\setpointp\setpoint.exe" [2013-02-21 2991856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: secunia.com
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\doxqycm1.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\fraps\fraps.exe
c:\program files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-04  22:00:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-05 03:00
.
Pre-Run: 35,191,853,056 bytes free
Post-Run: 34,697,162,752 bytes free
.
- - End Of File - - BC09D7A54C85FD8E55B6438F1A4D965D
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

  • Root Admin

I would highly recommend that you uninstall the iObit software, but that's up to you.
 
The company behind this product was found to be stealing our database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

 

 

Let me get a new FRST set of logs.  Please delete the program and any current logs you have for FRST.  Then download a new fresh copy and create a NEW FOLDER and put the program in it and run it from there and post back both new logs files.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Link to post
Share on other sites

Oh, I did not know that about iObit.  Deleted! 

 

New FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Rachel (administrator) on POLLUX2 on 04-11-2013 22:38:12
Running from F:\Pollux2\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Beepa P/L) C:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Authentec Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(ZOMM, LLC) C:\Program Files (x86)\ZOMM\myZOMM\myZOMM.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite\launcher.exe [85352 2012-10-23] (Authentec Inc.)
HKLM\...\Run: [bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-02] (Bitdefender)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7892864 2013-09-02] (Binary Fortress Software)
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZyXEL USB Share Center] - C:\Program Files (x86)\ZyXEL\NetUSB Share Center\Share Center.exe [9829376 2012-08-28] ()
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [adm_tray.exe] - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)
HKU\UpdatusUser\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mythlogic.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\doxqycm1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Logitech SetPoint) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: (Domain Error Assistant) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (Forecastfox) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.7_0
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-08-27] (Bitdefender)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1315728 2013-09-02] (Binary Fortress Software)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-08-14] (Freemake)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-09-24] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-02] (Bitdefender)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14936 2012-08-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-09-24] (Qualcomm Atheros, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-08-01] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-08-01] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-23] (AVG Technologies)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-08-01] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-09-24] (Qualcomm Atheros, Inc.)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-02] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-14] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [23832 2012-08-13] (Intel Corporation)
R3 johci; C:\Windows\system32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2013-03-04] (Razer USA Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-03] (Duplex Secure Ltd.)
S3 Spyder2; C:\Windows\system32\drivers\Spyder2.sys [15360 2007-01-17] ()
S3 Spyder3; C:\Windows\system32\drivers\Spyder3.sys [15360 2007-12-12] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-02] (BitDefender S.R.L.)
S3 X-Rite; C:\Windows\system32\drivers\XrUsb64.sys [33600 2007-01-29] (X-Rite, Inc.)
S3 ZOMMDrv; C:\Windows\System32\Drivers\ZOMMDrvx64.sys [37432 2011-06-03] (ZOMM, LLC)
R3 ZyxelUDSMBus; C:\Windows\SysWow64\Drivers\ZyxelUDSMBus.sys [107296 2012-08-13] (Windows ® Codename Longhorn DDK provider)
S3 ZyxelUDSTcpBus; C:\Windows\SysWow64\Drivers\ZyxelUDSTcpBus.sys [181024 2012-08-13] (Windows ® Codename Longhorn DDK provider)
U3 aqz5ojwf; C:\Windows\System32\Drivers\aqz5ojwf.sys [0 ] (Intel Corporation)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 androidusb; System32\Drivers\lgandadb.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz136; \??\C:\Users\Rachel\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Business 2012.SP2\WNt500x64\Sandra.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 22:38 - 2013-11-04 22:38 - 00000000 ____D C:\FRST
2013-11-04 22:00 - 2013-11-04 22:00 - 00024707 _____ C:\ComboFix.txt
2013-11-04 21:43 - 2013-11-04 22:00 - 00000000 ____D C:\Qoobox
2013-11-04 21:43 - 2013-11-04 22:00 - 00000000 ____D C:\ComboFix
2013-11-04 21:43 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-04 21:43 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-04 21:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-04 21:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-04 21:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-04 21:43 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-04 21:43 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-04 21:43 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-04 18:24 - 2013-11-04 18:29 - 00000000 ____D C:\AdwCleaner
2013-11-04 08:05 - 2013-11-04 08:05 - 00004130 _____ C:\Users\Rachel\Desktop\JRT.txt
2013-11-04 07:47 - 2013-11-04 21:55 - 00003224 _____ C:\Windows\PFRO.log
2013-11-04 07:47 - 2013-11-04 21:55 - 00000392 _____ C:\Windows\setupact.log
2013-11-04 07:47 - 2013-11-04 07:47 - 00000000 _____ C:\Windows\setuperr.log
2013-11-04 07:28 - 2013-11-04 07:28 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 23:14 - 2013-11-03 23:28 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-03 11:42 - 2013-11-04 21:57 - 00000000 ____D C:\Windows\ERDNT
2013-11-03 11:41 - 2013-11-03 11:41 - 00000932 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000932 _____ C:\Users\Rachel\Desktop\NTREGOPT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000913 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000913 _____ C:\Users\Rachel\Desktop\ERUNT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-24 18:32 - 2013-10-24 18:32 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-24 18:32 - 2013-10-24 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\Users\Rachel\AppData\Local\AVG SafeGuard toolbar
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\ProgramData\Sendori
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-10-23 22:46 - 2013-10-07 14:50 - 00325920 _____ (Sendori) C:\Windows\SysWOW64\Sendori.dll
2013-10-23 22:45 - 2013-10-24 15:31 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-23 22:45 - 2013-10-23 22:46 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-23 22:45 - 2013-10-23 22:45 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-09 06:41 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 06:41 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 06:41 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 06:41 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 06:41 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 06:41 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 06:41 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 06:41 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 06:41 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 06:41 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 06:41 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 06:41 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 06:26 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 06:26 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 06:26 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 06:26 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 06:26 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 06:26 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 06:26 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 06:26 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 06:26 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 06:26 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 06:26 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 06:26 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 06:26 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 06:26 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 06:26 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 06:26 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 06:26 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 06:26 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 06:26 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 06:26 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 06:26 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 06:26 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 06:26 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 06:26 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 06:26 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 06:26 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 06:26 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 06:26 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 06:26 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 06:26 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 06:26 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 06:26 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 06:26 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 06:26 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 06:26 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 06:26 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 06:26 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 06:26 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 06:26 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 06:26 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 06:26 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 06:26 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 06:26 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 06:26 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 06:26 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 06:26 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 06:26 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 06:26 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 13:14 - 2013-10-08 13:14 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2013-10-08 13:14 - 2013-04-18 15:12 - 00031744 _____ (Google Inc) C:\Windows\system32\Drivers\lgandnetadb.sys
2013-10-05 01:08 - 2013-10-17 18:13 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2013-11-04 22:38 - 2013-11-04 22:38 - 00000000 ____D C:\FRST
2013-11-04 22:10 - 2013-06-13 03:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-04 22:08 - 2013-09-14 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-04 22:04 - 2009-07-13 23:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 22:04 - 2009-07-13 23:45 - 00025632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 22:02 - 2013-05-23 17:20 - 01395853 _____ C:\Windows\WindowsUpdate.log
2013-11-04 22:01 - 2009-07-14 00:13 - 00822500 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-04 22:00 - 2013-11-04 22:00 - 00024707 _____ C:\ComboFix.txt
2013-11-04 22:00 - 2013-11-04 21:43 - 00000000 ____D C:\Qoobox
2013-11-04 22:00 - 2013-11-04 21:43 - 00000000 ____D C:\ComboFix
2013-11-04 22:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-11-04 21:57 - 2013-11-03 11:42 - 00000000 ____D C:\Windows\ERDNT
2013-11-04 21:57 - 2013-06-10 02:24 - 00003138 _____ C:\Windows\System32\Tasks\FRAPS
2013-11-04 21:57 - 2013-06-03 21:41 - 00000000 ____D C:\Fraps
2013-11-04 21:57 - 2013-05-23 11:20 - 00000000 ____D C:\ProgramData\Bigfoot Networks
2013-11-04 21:57 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-11-04 21:55 - 2013-11-04 07:47 - 00003224 _____ C:\Windows\PFRO.log
2013-11-04 21:55 - 2013-11-04 07:47 - 00000392 _____ C:\Windows\setupact.log
2013-11-04 21:55 - 2013-06-13 03:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 21:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 20:06 - 2013-08-06 17:12 - 00000000 ____D C:\Program Files\Nightly
2013-11-04 19:00 - 2013-06-03 18:51 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1c2aecb3-7c31-4a44-b6ae-b5a261cf1836.job
2013-11-04 18:29 - 2013-11-04 18:24 - 00000000 ____D C:\AdwCleaner
2013-11-04 18:29 - 2013-09-24 14:37 - 00000000 ____D C:\Users\Rachel\AppData\Local\CrashDumps
2013-11-04 08:05 - 2013-11-04 08:05 - 00004130 _____ C:\Users\Rachel\Desktop\JRT.txt
2013-11-04 07:47 - 2013-11-04 07:47 - 00000000 _____ C:\Windows\setuperr.log
2013-11-04 07:28 - 2013-11-04 07:28 - 00000000 ____D C:\Windows\ERUNT
2013-11-04 06:32 - 2013-06-03 18:51 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6123e178-90bb-413c-9b22-80ceea6332d0.job
2013-11-03 23:28 - 2013-11-03 23:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-03 11:41 - 2013-11-03 11:41 - 00000932 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000932 _____ C:\Users\Rachel\Desktop\NTREGOPT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000913 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000913 _____ C:\Users\Rachel\Desktop\ERUNT.lnk
2013-11-03 11:41 - 2013-11-03 11:41 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-11-02 19:54 - 2013-06-03 18:51 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-24 18:32 - 2013-10-24 18:32 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-24 18:32 - 2013-10-24 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-24 18:32 - 2013-06-04 17:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-24 17:37 - 2013-06-03 12:08 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Mozilla
2013-10-24 15:31 - 2013-10-23 22:45 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-24 02:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-24 00:39 - 2013-05-22 16:23 - 00000000 ____D C:\Program Files (x86)\Hotkey
2013-10-24 00:31 - 2013-06-03 15:21 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\IObit
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\Users\Rachel\AppData\Local\AVG SafeGuard toolbar
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\ProgramData\Sendori
2013-10-23 22:46 - 2013-10-23 22:46 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-10-23 22:46 - 2013-10-23 22:45 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-23 22:45 - 2013-10-23 22:45 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-23 22:44 - 2013-07-15 23:02 - 00001873 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-10-23 09:44 - 2013-06-03 21:28 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\vlc
2013-10-23 09:44 - 2013-06-03 16:00 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\DisplayFusion
2013-10-21 16:21 - 2013-06-09 02:42 - 00000000 ____D C:\Windows\Minidump
2013-10-17 18:13 - 2013-10-05 01:08 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-09 07:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 07:17 - 2013-05-22 20:03 - 00000000 ____D C:\Windows\Panther
2013-10-09 07:08 - 2013-09-14 15:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 07:08 - 2013-09-14 15:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 07:08 - 2013-09-14 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 07:08 - 2013-09-11 02:00 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-09 07:05 - 2013-06-13 03:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 07:05 - 2013-06-13 03:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 06:59 - 2009-07-13 23:45 - 00409848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 06:46 - 2013-05-22 16:39 - 00816716 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 06:44 - 2013-07-10 20:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 06:38 - 2013-06-05 18:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 13:14 - 2013-10-08 13:14 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2013-10-08 13:14 - 2013-05-22 16:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-07 14:50 - 2013-10-23 22:46 - 00325920 _____ (Sendori) C:\Windows\SysWOW64\Sendori.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 08:47

==================== End Of Log ============================

 

New Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Rachel at 2013-11-04 22:38:57
Running from F:\Pollux2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

Acronis Drive Monitor (x32 Version: 1.0.566)
Acronis True Image Home 2012 (x32 Version: 15.0.7133)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Age of Empires II HD © Microsoft Studios version 1 (x32 Version: 1)
BisonCam (x32 Version: )
Bitdefender Total Security 2013 (Version: 16.29.0.1830)
C5150n - C5200n  Series GDI Driver from OKI® Printing Solutions for Windows  (x32 Version: 210)
CCleaner (Version: 4.06)
CDisplayEx 1.9.8
CuteFTP 8 Professional (x32 Version: 8.3.4)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Desktop Restore (Version: 1.6.3)
DeVeDe (x32 Version: 3.17.1)
Diablo III (x32 Version: 1.0.8.16603)
DisplayFusion 5.1 (x32 Version: 5.1.0.0)
EasyTether (Version: 1.1.18)
EasyTether (x32 Version: 1.1.18)
EasyTether ADB USB driver (Version: 1.0.1)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
Firefox Backup Tool version 1.0 (x32 Version: 1.0)
Folder Size 2.9.0.0 (x32 Version: 2.9.0.0)
Fraps (x32)
Freemake Video Converter version 4.0.3 (x32 Version: 4.0.3)
GetDiz (x32 Version: 4.8)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Greenshot 1.1.5.2643 (Version: 1.1.5.2643)
Hotkey 6.0100 (x32 Version: 6.0100)
ImgBurn (x32 Version: 2.5.8.0)
Intel Extreme Tuning Utility (x32 Version: 3.2.0.24)
Intel® Management Engine Components (x32 Version: 8.1.20.1337)
Intel® Processor Graphics (x32 Version: 9.18.10.2989)
Intel® Trusted Connect Service Client (Version: 1.26.242.3)
Intel® Watchdog Timer Driver (Intel® WDT) (x32)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 25 (x32 Version: 7.0.250)
LG United Mobile Driver (x32 Version: 3.10.1.0)
Logitech SetPoint 6.52 (Version: 6.52.74)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Streets & Trips 2013 (x32 Version: 19.0.18.1100)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MozBackup 1.5.1 (x32)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
myZOMM™ (x32 Version: 2.0.12)
Nightly 28.0a1 (x64 en-US) (Version: 28.0a1)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA Optimus 1.12.12 (Version: 1.12.12)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update Components (Version: 1.12.12)
PerfectDisk 12.5 Professional (Version: 12.05.312)
Photo Stitcher (x32 Version: 1.00.0001)
Protector Suite 2012 (Version: 5.9.8.7279)
Python 2.7.5 (64-bit) (Version: 2.7.5150)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.437)
Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6743)
Realtek PCIE Card Reader (x32 Version: 6.2.9200.27035)
ScanXL Professional (x32 Version: 3.5.1)
SDK (x32 Version: 1.40.006)
Secunia PSI (2.0.0.4003) (x32 Version: 2.0.0.4003)
Sendori (x32 Version: 2.0.16)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Snagit 11 (x32 Version: 11.2.1)
SSDlife Pro (x32 Version: 2.3.54)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 15.3.18.0)
Torchlight 2 (x32 Version: 1.1.1.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Vista Shortcut Manager x64 (Version: 2.0)
VLC media player 2.0.8 (x32 Version: 2.0.8)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
ZyXEL NetUSB Share Center  (x32 Version: 1.0.5.c)

==================== Restore Points  =========================

09-10-2013 11:37:40 Windows Update
05-11-2013 02:43:53 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-04 21:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {25C8E1BD-1B1E-4D79-AF10-63BAAD8D4E92} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1c2aecb3-7c31-4a44-b6ae-b5a261cf1836 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {3988C499-1C23-4946-9050-D12D7E993BBA} - System32\Tasks\{F29F9457-F5C4-412D-A163-47FE88C61D2B} => C:\Program Files (x86)\ScanXLPro\ScanXL professional 3.5 (Build.2532) Patch.exe
Task: {5AA37B9C-24D0-4C40-824B-323975F19686} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5DCB1368-239C-4FC9-8FA4-EE1266A4B6FA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6123e178-90bb-413c-9b22-80ceea6332d0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {644102F4-EC64-4B40-99AC-051D4096056F} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {6651570D-77E7-405E-9186-8D503491682E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {A7BA9F8A-98E0-4152-960C-7549E23AB78C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {D44F6572-E5FB-4983-B031-4CC8E9B977A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {DBF1DA4A-D383-4C66-B270-2A3117BB9CD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {DCB375FE-4CE0-42A9-8FDE-FD3A7EE22E0C} - System32\Tasks\CCleanerSkipUAC => E:\Pollux2\Program Files onHDD\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {DD46CE1A-7430-4016-8134-C74C542461F5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1c2aecb3-7c31-4a44-b6ae-b5a261cf1836.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6123e178-90bb-413c-9b22-80ceea6332d0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-08-27 12:58 - 2013-08-27 12:58 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2011-05-09 19:46 - 2011-05-09 19:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 19:56 - 2011-05-09 19:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 19:48 - 2011-05-09 19:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-09 19:47 - 2011-05-09 19:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 11:32 - 2011-05-10 11:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2012-09-24 22:08 - 2012-09-24 22:08 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2013-04-04 00:09 - 2013-04-04 00:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2009-06-06 13:50 - 2009-06-06 13:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2011-02-24 17:39 - 2011-02-24 17:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-05-22 16:20 - 2012-10-22 13:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Rachel:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Rachel\Application Data:gs5sys
AlternateDataStreams: C:\Users\Rachel\Cookies:gs5sys
AlternateDataStreams: C:\Users\Rachel\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Rachel\Templates:gs5sys
AlternateDataStreams: C:\Users\Rachel\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Rachel\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Rachel\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Rachel\AppData\Local\History:gs5sys

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2013 09:59:00 PM) (Source: Service1) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 09:55:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 08:51:01 PM) (Source: Application Hang) (User: )
Description: The program MiniToolBox.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2290

Start Time: 01ced9c8abd7b7fd

Termination Time: 0

Application Path: F:\Pollux2\Downloads\MiniToolBox.exe

Report Id:

Error: (11/04/2013 08:46:13 PM) (Source: Service1) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 08:42:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 08:41:48 PM) (Source: Application Hang) (User: )
Description: The program MiniToolBox.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2274

Start Time: 01ced9c390dcc418

Termination Time: 0

Application Path: F:\Pollux2\Downloads\MiniToolBox.exe

Report Id:

Error: (11/04/2013 08:10:12 PM) (Source: Service1) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 08:06:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 06:34:12 PM) (Source: Service1) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 06:30:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/04/2013 10:32:56 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/04/2013 09:58:57 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (11/04/2013 09:58:57 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/04/2013 09:58:45 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer TANGERII
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD3BD1FE-3818-407E-9FE3-12D984A24737}.
The master browser is stopping or an election is being forced.

Error: (11/04/2013 09:56:56 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.

Error: (11/04/2013 09:54:45 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/04/2013 09:51:30 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/04/2013 09:48:33 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/04/2013 09:43:35 PM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/04/2013 09:42:44 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer TANGERII
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DD3BD1FE-3818-407E-9FE3-12D984A24737}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (11/04/2013 09:59:00 PM) (Source: Service1)(User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 09:55:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 08:51:01 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.8.1229001ced9c8abd7b7fd0F:\Pollux2\Downloads\MiniToolBox.exe

Error: (11/04/2013 08:46:13 PM) (Source: Service1)(User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 08:42:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 08:41:48 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.8.1227401ced9c390dcc4180F:\Pollux2\Downloads\MiniToolBox.exe

Error: (11/04/2013 08:10:12 PM) (Source: Service1)(User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 08:06:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2013 06:34:12 PM) (Source: Service1)(User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
   at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
   at IronCity.Core.Server.CoreServer.Start()
   at XtuService.XtuService1.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/04/2013 06:30:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-04 21:51:30.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-04 21:51:30.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8082.14 MB
Available physical RAM: 6010.8 MB
Total Pagefile: 16162.47 MB
Available Pagefile: 13451.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OpSysSSD) (Fixed) (Total:111.23 GB) (Free:32.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (OpSysHDD) (Fixed) (Total:80 GB) (Free:14.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Gemini) (Fixed) (Total:610.62 GB) (Free:250.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 9EBCA8E3)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=27)
Partition 3: (Not Active) - (Size=611 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 7BB9E246)
Partition 1: (Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=27)

==================== End Of Log ============================

 

Oh boy this is complicated, but I am with you.  Thanks so far for all the attention.  Very appreciated.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.