Jump to content

Conduit Launches Separate Tab In Chrome


Recommended Posts

I installed some software last week that installed Conduit onto my machine. I think I have been able to remove almost all traces of Conduit except for on my browser. Whenever I launch Chrome, two tabs open in the same Chrome window. The first tab brings me to my homepage, while the second tab brings me to Conduit's search page (http://search.conduit.com). I would like to remove all traces of Conduit from my machine. Here are my logs:

 

 

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Jon at 19:17:55 on 2013-12-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.16278.14108 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
D:\Program Files\OpenHardwareMonitor\OpenHardwareMonitor.exe
D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - D:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ea.com
TCP: Interfaces\{997E08A7-55C8-459F-AF2D-E11874500CAF} : NameServer = 192.168.1.16,8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [LogMeIn GUI] "D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\oyhlmkjh.default\
FF - prefs.js: browser.search.selectedEngine - MixiDJ V32 Customized Web Search
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Jon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: D:\Program Files\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-25 56208]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 LMIGuardianSvc;LMIGuardianSvc;D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-24 72216]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-2-3 427192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-2-24 32344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 StarWindServiceAE;StarWind AE Service;D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-12-13 130976]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-23 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="D:\Program Files\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-22 03:05:43 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
2013-12-22 03:05:35 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-22 03:05:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-20 17:03:31 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 07:55:50 -------- d-----w- C:\Users\Jon\AppData\Roaming\Injustice
2013-12-16 01:04:07 110080 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2013-12-16 01:04:07 110080 ----a-r- C:\Users\Jon\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2013-12-16 01:04:07 -------- d-----w- C:\sh4ldr
2013-12-16 01:04:07 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2013-12-16 01:03:33 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-15 19:05:47 -------- d-----w- C:\Windows\CheckSur
2013-12-15 19:03:24 -------- d-----w- C:\Users\Jon\AppData\Local\NativeMessaging
2013-12-15 19:03:22 -------- d-----w- C:\Users\Jon\AppData\Local\CRE
2013-12-14 22:34:58 3894632 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-12-14 05:32:54 -------- d-----w- C:\Users\Jon\AppData\Local\PassMark
2013-12-14 05:32:51 -------- d-----w- C:\ProgramData\Passmark
2013-12-14 05:13:06 -------- d-----w- C:\Users\Jon\AppData\Local\IsolatedStorage
2013-12-14 05:13:06 -------- d-----w- C:\Users\Jon\AppData\Local\Futuremark_Corporation
2013-12-14 05:12:34 -------- d-----w- C:\Program Files (x86)\Futuremark
2013-12-14 04:56:56 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-12-14 04:56:55 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-12-14 04:55:44 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-12-14 04:53:57 -------- d-----w- C:\Program Files\ATI Technologies
2013-12-14 04:53:55 -------- d-----w- C:\Program Files\ATI
2013-12-14 04:34:35 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-14 04:34:35 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-14 04:33:01 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-14 04:33:01 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-14 04:32:54 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-14 04:32:54 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-14 04:32:54 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-14 04:32:54 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-14 04:32:54 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-14 04:32:54 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-14 04:32:54 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-14 04:32:54 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-11-30 18:02:49 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M  ====================
.
2013-12-21 22:08:23 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-12-21 16:58:45 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-14 22:35:00 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-29 22:16:42 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-10-29 22:16:40 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-10-29 22:16:40 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-10-29 22:16:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-10-25 06:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-19 16:13:36 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 17:50:12 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-10-08 17:45:08 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-10-08 14:01:20 156712 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-10-08 14:01:18 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-10-08 14:01:06 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-10-08 14:01:06 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-10-08 14:01:04 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-10-08 14:01:04 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-10-08 14:01:02 1237200 ----a-w- C:\Windows\System32\aticfx64.dll
2013-10-08 14:01:00 1030128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-10-08 14:00:56 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-10-08 14:00:52 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-10-08 14:00:46 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-10-08 14:00:42 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-10-08 14:00:36 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-10-08 14:00:32 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
2013-10-08 13:58:42 12534784 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-10-08 13:39:22 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-10-08 13:39:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-10-08 13:38:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-10-08 13:38:58 127488 ----a-w- C:\Windows\System32\coinst_13.152.1.8.dll
2013-10-08 13:38:52 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-10-08 13:38:48 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-10-08 13:38:30 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
2013-10-08 13:36:22 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-10-08 13:34:34 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-10-08 13:34:28 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-10-08 13:17:50 25385984 ----a-w- C:\Windows\System32\atio6axx.dll
2013-10-08 13:13:44 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-10-08 13:13:34 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-10-08 13:13:32 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-10-08 13:13:26 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-10-08 13:13:24 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-10-08 13:13:08 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-10-08 13:09:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-10-08 13:00:30 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-10-08 12:54:10 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-10-08 12:53:58 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-10-08 12:53:50 576512 ----a-w- C:\Windows\System32\atieclxx.exe
2013-10-08 12:52:58 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-10-08 12:51:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-10-08 12:29:04 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-10-08 12:28:56 90624 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-10-08 12:28:42 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-10-08 12:28:36 784384 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-10-08 12:28:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-10-08 12:28:26 594944 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-10-08 12:28:12 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-10-08 12:28:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-10-08 12:27:56 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-10-08 12:27:46 619008 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-10-08 12:24:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
.
============= FINISH: 19:18:04.74 ===============
 
 
 
ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 22/02/2013 22:44:45
System Uptime: 21/12/2013 19:16:56 (0 hours ago)
.
Motherboard: ASRock |  | Z77 Extreme4
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 100.268 GiB free.
D: is FIXED (NTFS) - 244 GiB total, 231.597 GiB free.
E: is FIXED (NTFS) - 244 GiB total, 17.273 GiB free.
F: is FIXED (NTFS) - 244 GiB total, 215.054 GiB free.
G: is FIXED (NTFS) - 244 GiB total, 189.322 GiB free.
H: is FIXED (NTFS) - 244 GiB total, 139.976 GiB free.
I: is FIXED (NTFS) - 488 GiB total, 284.981 GiB free.
J: is FIXED (NTFS) - 154 GiB total, 153.765 GiB free.
K: is FIXED (NTFS) - 466 GiB total, 213.384 GiB free.
L: is CDROM ()
R: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Service: 
.
Class GUID: 
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Manufacturer: 
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Service: 
.
Class GUID: 
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Service: 
.
==== System Restore Points ===================
.
RP142: 16/12/2013 22:41:52 - Windows Update
RP143: 18/12/2013 03:00:10 - Windows Update
RP144: 18/12/2013 22:42:39 - Windows Update
RP145: 19/12/2013 23:19:58 - Windows Update
RP146: 20/12/2013 09:00:36 - Removed Java 7 Update 45
RP147: 20/12/2013 09:03:22 - Installed Java 7 Update 45
RP148: 20/12/2013 18:14:20 - Windows Update
RP149: 21/12/2013 11:26:53 - Installed DirectX
RP150: 21/12/2013 11:27:24 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP151: 21/12/2013 11:27:29 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
RP152: 21/12/2013 13:22:21 - Installed DirectX
.
==== Installed Programs ======================
.
3DMark 11
AC3Filter 2.5b
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Widget Browser
Allway Sync version 12.14.2
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Software Update
Assassins Creed IV Black Flag
µTorrent
AVG 2014
Batman Arkham Origins
Battlefield 4™
Battlelog Web Plugins
bl
Broadcom NetLink Controller
Call of Duty: Ghosts - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chivalry: Medieval Warfare
Cisco AnyConnect VPN Client
Deus Ex - Human Revolution version 1.0
Diablo III
DivX Setup
EA Sports™ FIFA World
ESN Sonar
FileZilla Client 3.6.0.2
Fraps (remove only)
Futuremark SystemInfo
Geeks3D FurMark 1.12.0
Google Chrome
Google Talk Plugin
Google Update Helper
Injustice: Gods Among Us Ultimate Edition
Intel® Processor Graphics
Java 7 Update 45
Java Auto Updater
Landwirtschafts Simulator 2011
Logitech Gaming Software
Logitech Gaming Software 8.46
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MechWarrior Online
Microsoft .NET Framework 4.5
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Need for Speed™ Rivals
Notepad++
NVIDIA PhysX
Opera 12.16
Origin
PDF Settings CS6
ph
PunkBuster Services
QuickTime
Rainmeter
Raptr
Realtek High Definition Audio Driver
Remember Me
RSA SecurID Software Token
Safari
Saints Row IV
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Shank 2
SimCity™
SketchUp 8
Skype™ 6.11
SpyHunter
Star Conflict Launcher 1.0.1.18
StarCraft II
Steam
TeamSpeak 3 Client
The Sims™ 3
Tom Clancy's Splinter Cell® Blacklist™
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Uplay
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.8
WinRAR archiver
XAMPP 1.8.1
.
==== Event Viewer Messages From Past Week ========
.
21/12/2013 19:17:07, Error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
21/12/2013 19:13:25, Error: Service Control Manager [7000]  - The WinRing0_1_2_0 service failed to start due to the following error:  The system cannot find the file specified.
20/12/2013 18:14:25, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2904266).
20/12/2013 06:14:12, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  Not enough storage is available to complete this operation.
20/12/2013 06:14:12, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service has not been started.
15/12/2013 18:18:25, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
15/12/2013 18:17:55, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
15/12/2013 18:17:55, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
15/12/2013 16:59:02, Error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
15/12/2013 13:19:15, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: 490@01010004
15/12/2013 11:31:38, Error: Service Control Manager [7000]  - The StarWind AE Service service failed to start due to the following error:  The system cannot find the file specified.
15/12/2013 11:31:38, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
15/12/2013 11:31:38, Error: Service Control Manager [7000]  - The LMIGuardianSvc service failed to start due to the following error:  The system cannot find the file specified.
14/12/2013 13:56:19, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
14/12/2013 13:56:19, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
14/12/2013 13:13:57, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/12/2013 13:13:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/12/2013 13:13:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/12/2013 13:13:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/12/2013 13:13:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/12/2013 13:13:50, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/12/2013 13:13:46, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:46, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
14/12/2013 13:13:42, Error: sptd [4]  - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

OK, do this instead:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

I ran AdwCleaner, followed by Malwarebytes Anti-Malware. After running a quick scan with Malwarebytes, I got the message 'The scan completed successfully. No malicious items were detected'. Malwarebytes did not display a log.

 

 

AdwCleaner log:

 

# AdwCleaner v3.016 - Report created 24/12/2013 at 08:25:21
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jon - JON-THORPC
# Running from : C:\Users\Jon\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jon\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Jon\AppData\Local\Temp\NativeMessaging
File Deleted : C:\END
File Deleted : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\oyhlmkjh.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxp_fastcontent.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298568
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v19.0 (en-US)
 
[ File : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\oyhlmkjh.default\prefs.js ]
 
Line Deleted : user_pref("CT3298568.FF19Solved", "true");
Line Deleted : user_pref("CT3298568.UserID", "UN40313869682689227");
Line Deleted : user_pref("CT3298568.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298568.fullUserID", "UN40313869682689227.IN.20131215110258");
Line Deleted : user_pref("CT3298568.installDate", "15/12/2013 11:02:59");
Line Deleted : user_pref("CT3298568.installSessionId", "{E0C9BABB-3E34-48A1-A306-4B2783A93166}");
Line Deleted : user_pref("CT3298568.installSp", "TRUE");
Line Deleted : user_pref("CT3298568.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3298568.keyword", "true");
Line Deleted : user_pref("CT3298568.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298568.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298568.originalSearchEngine", "");
Line Deleted : user_pref("CT3298568.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298568.searchRevert", "false");
Line Deleted : user_pref("CT3298568.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3298568.searchUserMode", "2");
Line Deleted : user_pref("CT3298568.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298568.toolbarInstallDate", "15-12-2013 11:02:58");
Line Deleted : user_pref("CT3298568.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3298568.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "MixiDJ V32 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V32 Customized Web Search");
 
ctid=CT3298568&CUI=UN40313869682689227&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V32 Customized Web Search");
 
ctid=CT3298568&SearchSource=2&CUI=UN40313869682689227&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298568");
 
 
ctid=CT3298568&octid=CT3298568&SearchSource[...]
 
ctid=CT3298568&SearchSource=2&CUI=UN40313869682689227&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298568");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298568");
Line Deleted : user_pref("smartbar.machineId", 
 
"UPFMVUTX0VRCN7UXYZTODANKYKGKBS9W5P4CJRJ6QCXY0JR0X6G8S0CBJ1VJGD1KORHK6FYPGCZ7USL8SIU6VA");
 
ctid=CT3298568&CUI=UN40313869682689227&UM=2&SearchSource=13");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [5394 octets] - [24/12/2013 08:22:38]
AdwCleaner[s0].txt - [5117 octets] - [24/12/2013 08:25:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5177 octets] ##########
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here are my logs:

 

 

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Jon (administrator) on JON-THORPC on 27-12-2013 08:06:18
Running from C:\Users\Jon\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
() D:\Program Files\OpenHardwareMonitor\OpenHardwareMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() D:\Program Files\Rainmeter\Rainmeter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LogMeIn GUI] - D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Google Update] - C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-23] (Google Inc.)
HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Jon\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=71b4f650b0ba47d3b5e26d16b28c997b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
MountPoints2: {2927667c-e38a-11e2-8af2-bc5ff4687088} - M:\HTC_Sync_Manager_PC.exe
MountPoints2: {8d02e736-7ea7-11e2-9658-bc5ff4687088} - L:\setup.exe
MountPoints2: {ed12d965-e295-11e2-923c-bc5ff4687088} - M:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1BE0DC175212CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
SearchScopes: HKCU - {96068D48-D2F1-4027-89A8-FFC03373EA01} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN41552227151059519&UM=2
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{997E08A7-55C8-459F-AF2D-E11874500CAF}: [NameServer]192.168.1.16,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\oyhlmkjh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Honey) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.5.3_0
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Pool) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0
CHR Extension: (King of Fighters (KOF WING)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfaohihhkmgfjpjkeehipkmakcddncj\1.0.1_0
CHR Extension: (Plants vs Zombies) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\Jon\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2013-01-25] (LogMeIn, Inc.)
S4 LMIMaint; D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [148328 2013-01-25] (LogMeIn, Inc.)
S4 LogMeIn; D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-14] ()
S2 StarWindServiceAE; D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R2 LMIInfo; D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-11-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 NPF; C:\Windows\SysWow64\drivers\aztech_npf64.sys [40208 2008-01-31] (CACE Technologies)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-24] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U3 ai6umkz8; C:\Windows\System32\Drivers\ai6umkz8.sys [0 ] (Microsoft Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 DIRECTIO; \??\D:\Program Files\PerformanceTest\DirectIo64.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
R3 WinRing0_1_2_0; \??\C:\Users\Jon\AppData\Local\Temp\tmp63D0.tmp [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-27 08:06 - 2013-12-27 08:06 - 00014200 _____ C:\Users\Jon\Desktop\FRST.txt
2013-12-27 08:06 - 2013-12-27 08:06 - 00000000 ____D C:\FRST
2013-12-27 08:05 - 2013-12-27 08:06 - 01930746 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2013-12-25 15:14 - 2013-12-25 15:15 - 00000670 _____ C:\Users\Jon\Desktop\zz.txt
2013-12-24 08:22 - 2013-12-24 08:25 - 00000000 ____D C:\AdwCleaner
2013-12-22 08:10 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-22 08:10 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-21 19:13 - 2013-12-21 19:13 - 00006174 _____ C:\Windows\PFRO.log
2013-12-21 19:05 - 2013-12-21 19:05 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Malwarebytes
2013-12-21 19:05 - 2013-12-21 19:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 19:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-21 11:27 - 2013-12-21 13:22 - 00034874 _____ C:\Windows\DirectX.log
2013-12-20 09:03 - 2013-12-20 09:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-17 23:55 - 2013-12-17 23:55 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Injustice
2013-12-15 18:17 - 2013-12-27 08:01 - 00001288 _____ C:\Windows\setupact.log
2013-12-15 18:17 - 2013-12-15 18:17 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 17:05 - 2013-12-15 17:05 - 00000000 _____ C:\autoexec.bat
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\sh4ldr
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-12-15 16:59 - 2013-12-15 17:00 - 00004280 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2013-12-15 16:59 - 2013-12-15 16:59 - 00000336 _____ C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2013-12-15 11:05 - 2013-12-15 12:43 - 00000000 ____D C:\Windows\CheckSur
2013-12-15 11:03 - 2013-12-15 17:12 - 00000000 ____D C:\Users\Jon\AppData\Local\CRE
2013-12-14 14:34 - 2013-10-11 12:59 - 03894632 _____ C:\Windows\SysWOW64\pbsvc.exe
2013-12-13 21:32 - 2013-12-15 12:40 - 00000000 ____D C:\Users\Jon\AppData\Local\PassMark
2013-12-13 21:32 - 2013-12-13 21:32 - 00000000 ____D C:\ProgramData\Passmark
2013-12-13 21:13 - 2013-12-15 12:40 - 00000000 ____D C:\Users\Jon\AppData\Local\Futuremark_Corporation
2013-12-13 21:13 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Jon\AppData\Local\IsolatedStorage
2013-12-13 21:12 - 2013-12-13 21:12 - 00000000 ____D C:\Program Files (x86)\Futuremark
2013-12-13 20:56 - 2013-12-13 20:56 - 00061173 _____ C:\Windows\SysWOW64\CCCInstall_201312132056520247.log
2013-12-13 20:56 - 2013-12-13 20:56 - 00000000 ____D C:\ProgramData\ATI
2013-12-13 20:56 - 2013-12-13 20:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-13 20:55 - 2013-12-13 20:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-12-13 20:53 - 2013-12-13 20:56 - 00000000 ____D C:\Program Files\ATI Technologies
2013-12-13 20:53 - 2013-12-13 20:53 - 00000000 ____D C:\Program Files\ATI
2013-12-13 20:47 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 20:47 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 20:47 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 20:47 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 20:47 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 20:47 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 20:47 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 20:47 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 20:47 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 20:47 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 20:47 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 20:47 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 20:47 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 20:47 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 20:47 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 20:47 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 20:47 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 20:47 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 20:47 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 20:47 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 20:47 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 20:47 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 20:47 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 20:47 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 20:47 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 20:47 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 20:47 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 20:47 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 20:47 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 20:47 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 20:47 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 20:47 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 20:47 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 20:47 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 20:47 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 20:46 - 2013-12-13 20:46 - 00054551 _____ C:\Windows\SysWOW64\CCCInstall_201312132046111783.log
2013-12-13 20:34 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 20:34 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 20:33 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 20:33 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 20:32 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 20:32 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 20:32 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 20:32 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 20:32 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 20:32 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 20:32 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 20:32 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-11-30 10:02 - 2013-12-20 09:04 - 00000000 ____D C:\ProgramData\Oracle
2013-11-30 10:01 - 2013-11-30 10:02 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
 
==================== One Month Modified Files and Folders =======
 
2013-12-27 08:06 - 2013-12-27 08:06 - 00014200 _____ C:\Users\Jon\Desktop\FRST.txt
2013-12-27 08:06 - 2013-12-27 08:06 - 00000000 ____D C:\FRST
2013-12-27 08:06 - 2013-12-27 08:05 - 01930746 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2013-12-27 08:05 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 08:04 - 2013-02-24 09:32 - 00000000 ____D C:\ProgramData\MFAData
2013-12-27 08:04 - 2013-02-22 22:44 - 01440097 _____ C:\Windows\WindowsUpdate.log
2013-12-27 08:01 - 2013-12-15 18:17 - 00001288 _____ C:\Windows\setupact.log
2013-12-27 08:01 - 2013-02-23 22:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 08:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 12:53 - 2013-03-02 08:25 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000UA.job
2013-12-26 12:34 - 2013-02-23 22:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 09:17 - 2013-02-23 23:27 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-26 08:48 - 2009-07-13 20:45 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 08:48 - 2009-07-13 20:45 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-25 21:53 - 2013-03-02 08:25 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000Core.job
2013-12-25 15:47 - 2013-02-23 23:27 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-25 15:15 - 2013-12-25 15:14 - 00000670 _____ C:\Users\Jon\Desktop\zz.txt
2013-12-25 14:58 - 2013-04-08 21:24 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
2013-12-25 11:05 - 2013-08-31 08:33 - 00000000 ____D C:\ProgramData\Orbit
2013-12-24 21:45 - 2013-02-24 09:44 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2013-12-24 16:34 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-24 16:32 - 2013-05-14 19:44 - 00000000 ____D C:\ProgramData\Cisco
2013-12-24 16:32 - 2013-05-14 19:44 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-24 08:25 - 2013-12-24 08:22 - 00000000 ____D C:\AdwCleaner
2013-12-23 22:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 19:37 - 2009-07-13 20:45 - 04992272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 19:35 - 2013-03-26 20:04 - 00000000 ____D C:\Users\Jon\AppData\Roaming\FileZilla
2013-12-22 20:18 - 2013-03-31 18:28 - 00001456 _____ C:\Users\Jon\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-22 12:59 - 2013-02-23 21:46 - 00092016 _____ C:\Users\Jon\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 22:33 - 2013-10-06 06:07 - 00000000 ____D C:\Users\Jon\AppData\Roaming\TS3Client
2013-12-21 19:13 - 2013-12-21 19:13 - 00006174 _____ C:\Windows\PFRO.log
2013-12-21 19:05 - 2013-12-21 19:05 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Malwarebytes
2013-12-21 19:05 - 2013-12-21 19:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 13:22 - 2013-12-21 11:27 - 00034874 _____ C:\Windows\DirectX.log
2013-12-21 11:27 - 2013-05-24 22:42 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-21 10:51 - 2013-02-22 22:44 - 00000000 ____D C:\Users\Jon\AppData\Local\VirtualStore
2013-12-20 09:04 - 2013-11-30 10:02 - 00000000 ____D C:\ProgramData\Oracle
2013-12-20 09:03 - 2013-12-20 09:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-20 09:03 - 2013-12-20 09:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 14:24 - 2013-05-18 10:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\vlc
2013-12-17 23:55 - 2013-12-17 23:55 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Injustice
2013-12-15 21:40 - 2009-07-13 21:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-15 18:17 - 2013-12-15 18:17 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 17:22 - 2013-04-14 20:23 - 00000000 ____D C:\Windows\Minidump
2013-12-15 17:22 - 2013-02-22 22:36 - 00000000 ____D C:\Windows\Panther
2013-12-15 17:12 - 2013-12-15 11:03 - 00000000 ____D C:\Users\Jon\AppData\Local\CRE
2013-12-15 17:12 - 2013-02-24 08:33 - 00000000 ____D C:\Games
2013-12-15 17:05 - 2013-12-15 17:05 - 00000000 _____ C:\autoexec.bat
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\sh4ldr
2013-12-15 17:04 - 2013-12-15 17:04 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-12-15 17:00 - 2013-12-15 16:59 - 00004280 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2013-12-15 16:59 - 2013-12-15 16:59 - 00000336 _____ C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2013-12-15 16:07 - 2013-02-24 14:14 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-15 13:19 - 2013-02-22 22:44 - 00000000 ____D C:\Users\Jon
2013-12-15 13:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-12-15 13:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-15 12:43 - 2013-12-15 11:05 - 00000000 ____D C:\Windows\CheckSur
2013-12-15 12:43 - 2013-02-24 08:34 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-12-15 12:40 - 2013-12-13 21:32 - 00000000 ____D C:\Users\Jon\AppData\Local\PassMark
2013-12-15 12:40 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Jon\AppData\Local\Futuremark_Corporation
2013-12-15 11:12 - 2013-08-13 22:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 11:11 - 2013-02-24 21:30 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 14:35 - 2013-02-23 23:27 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-13 21:48 - 2013-03-02 08:25 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000UA
2013-12-13 21:48 - 2013-03-02 08:25 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000Core
2013-12-13 21:32 - 2013-12-13 21:32 - 00000000 ____D C:\ProgramData\Passmark
2013-12-13 21:13 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Jon\AppData\Local\IsolatedStorage
2013-12-13 21:12 - 2013-12-13 21:12 - 00000000 ____D C:\Program Files (x86)\Futuremark
2013-12-13 21:12 - 2013-02-24 09:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-13 20:56 - 2013-12-13 20:56 - 00061173 _____ C:\Windows\SysWOW64\CCCInstall_201312132056520247.log
2013-12-13 20:56 - 2013-12-13 20:56 - 00000000 ____D C:\ProgramData\ATI
2013-12-13 20:56 - 2013-12-13 20:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-13 20:56 - 2013-12-13 20:53 - 00000000 ____D C:\Program Files\ATI Technologies
2013-12-13 20:56 - 2013-02-24 08:34 - 00000000 ____D C:\ProgramData\AMD
2013-12-13 20:55 - 2013-12-13 20:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-12-13 20:55 - 2013-05-24 22:42 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-13 20:53 - 2013-12-13 20:53 - 00000000 ____D C:\Program Files\ATI
2013-12-13 20:46 - 2013-12-13 20:46 - 00054551 _____ C:\Windows\SysWOW64\CCCInstall_201312132046111783.log
2013-12-13 20:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-12-11 23:07 - 2013-08-31 08:19 - 00000000 ____D C:\Users\Jon\AppData\Local\Ubisoft Game Launcher
2013-11-30 10:02 - 2013-11-30 10:01 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-30 10:02 - 2013-06-25 20:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-27 20:29 - 2013-02-23 22:58 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 20:29 - 2013-02-23 22:58 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 19:54 - 2013-02-24 09:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-27 19:54 - 2013-02-24 09:44 - 00000000 ____D C:\ProgramData\Skype
 
Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-20 12:50
 
==================== End Of Log ============================
 
 
 
ADDITiON.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by Jon at 2013-12-27 08:06:41
Running from C:\Users\Jon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.3.0.29677)
3DMark 11 (x32 Version: 1.0.2)
AC3Filter 2.5b (x32 Version: 2.5b)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.168)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Allway Sync version 12.14.2 (x32)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008)
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81008.0920)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Assassins Creed IV Black Flag (x32 Version: 1)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Batman Arkham Origins (x32 Version: 1)
Battlefield 4™ (x32 Version: 1.0.0.1)
Battlelog Web Plugins (x32 Version: 2.3.2)
bl (x32 Version: 1.0.0)
Broadcom NetLink Controller (Version: 14.8.5.1)
Call of Duty: Ghosts - Multiplayer (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229)
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229)
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229)
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229)
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229)
CCC Help Czech (x32 Version: 2013.1008.0931.15229)
CCC Help Danish (x32 Version: 2013.1008.0931.15229)
CCC Help Dutch (x32 Version: 2013.1008.0931.15229)
CCC Help English (x32 Version: 2013.1008.0931.15229)
CCC Help Finnish (x32 Version: 2013.1008.0931.15229)
CCC Help French (x32 Version: 2013.1008.0931.15229)
CCC Help German (x32 Version: 2013.1008.0931.15229)
CCC Help Greek (x32 Version: 2013.1008.0931.15229)
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229)
CCC Help Italian (x32 Version: 2013.1008.0931.15229)
CCC Help Japanese (x32 Version: 2013.1008.0931.15229)
CCC Help Korean (x32 Version: 2013.1008.0931.15229)
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229)
CCC Help Polish (x32 Version: 2013.1008.0931.15229)
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229)
CCC Help Russian (x32 Version: 2013.1008.0931.15229)
CCC Help Spanish (x32 Version: 2013.1008.0931.15229)
CCC Help Swedish (x32 Version: 2013.1008.0931.15229)
CCC Help Thai (x32 Version: 2013.1008.0931.15229)
CCC Help Turkish (x32 Version: 2013.1008.0931.15229)
ccc-utility64 (Version: 2013.1008.932.15229)
CCleaner (Version: 3.27)
Chivalry: Medieval Warfare (x32)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.1.04072)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072)
Deus Ex - Human Revolution version 1.0 (x32 Version: 1.0)
Diablo III (x32)
DivX Setup (x32 Version: 1.0.1.4)
EA Sports™ FIFA World (x32 Version: 2.1.0.0)
ESN Sonar (x32 Version: 0.70.4)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Fraps (remove only) (x32)
Futuremark SystemInfo (x32 Version: 4.0.0.0)
Geeks3D FurMark 1.12.0 (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.22.3)
Injustice: Gods Among Us Ultimate Edition (x32 Version: 1)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Landwirtschafts Simulator 2011 (x32 Version: 1.0)
Left 4 Dead 2 (x32)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.46 (Version: 8.46.27)
LogMeIn (x32 Version: 4.1.2651)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MechWarrior Online (x32 Version: 1.4.1.0)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 19.0 (x86 en-US) (x32 Version: 19.0)
Mozilla Firefox 22.0 (x86 en-US) (HKCU Version: 22.0)
Mozilla Maintenance Service (x32 Version: 19.0)
Need for Speed™ Rivals (x32 Version: 1.3.0.0)
Notepad++ (x32 Version: 6.3)
NVIDIA PhysX (x32 Version: 9.12.1031)
Opera 12.16 (x32 Version: 12.16.1860)
Origin (x32 Version: 9.1.13.85)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
PunkBuster Services (x32 Version: 0.993)
QuickTime (x32 Version: 7.74.80.86)
Rainmeter (x32 Version: 2.4 r1678)
Raptr (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Remember Me (x32 Version: 1.0.1)
RSA SecurID Software Token (x32 Version: 4.1.0)
Safari (x32 Version: 5.34.57.2)
Saints Row IV (x32 Version: 1)
Scribblenauts Unlimited (x32)
Shank 2 (x32 Version: 1.0.0.0)
SimCity™ (x32 Version: 1.0.0.0)
SketchUp 8 (x32 Version: 3.0.16846)
Skype™ 6.11 (x32 Version: 6.11.102)
SpyHunter (x32 Version: 4.1.11)
Star Conflict Launcher 1.0.1.18 (x32)
StarCraft II (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (x32 Version: 3.0.13)
The Sims™ 3 (x32 Version: 1.0.615)
Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.00)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Uplay (x32 Version: 3.0)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WinRAR archiver
XAMPP 1.8.1 (x32)
 
==================== Restore Points  =========================
 
20-12-2013 07:19:58 Windows Update
20-12-2013 17:00:36 Removed Java 7 Update 45
20-12-2013 17:03:22 Installed Java 7 Update 45
21-12-2013 02:14:20 Windows Update
21-12-2013 19:26:53 Installed DirectX
21-12-2013 19:27:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
21-12-2013 19:27:29 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
21-12-2013 21:22:21 Installed DirectX
22-12-2013 07:40:50 Windows Update
23-12-2013 11:00:10 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2013-12-15 17:15 - 00003023 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {3B710FB9-9964-4B79-BAB0-B822540D3F10} - System32\Tasks\Open Hardware Monitor\Startup => D:\Program Files\OpenHardwareMonitor\OpenHardwareMonitor.exe [2012-07-26] ()
Task: {4B3A3C78-1387-4B4D-AD8D-5D4E990673AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] 
 
(Apple Inc.)
Task: {5F725CFD-20F1-48DD-BFF9-82B2E868285E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6891DAC5-26AD-4201-A2E5-FBC7531F4F99} - System32\Tasks\{B0DDA5E2-9CC5-49B9-A966-4ACB13850221} => Chrome.exe http://ui.skype.com/ui/0/6.6.59.106/en/abandoninstall?
 
page=tsMain
Task: {A9FBE089-1AF1-4AE1-8655-013B743E6BC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {ADF8BB07-18B2-4353-B36E-16BD7A304E12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000Core => C:\Users\Jon\AppData\Local\Google
 
\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {AE2F0444-4CFD-4C0B-A3C1-6AA6E4BCE344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000UA => C:\Users\Jon\AppData\Local\Google
 
\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {D27CD5F4-9C96-41CB-B19D-C2E33AA63A36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000Core.job => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521668868-4231807083-2662131120-1000UA.job => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 06:42 - 2010-01-02 06:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-02-23 22:21 - 2009-08-16 17:06 - 00166400 _____ () D:\Program Files\WinRAR\rarext.dll
2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-02-24 12:10 - 2012-05-27 18:05 - 00149504 _____ () D:\Program Files\OpenHardwareMonitor\Aga.Controls.dll
2013-02-24 12:10 - 2012-07-26 08:27 - 00252928 _____ () D:\Program Files\OpenHardwareMonitor\OpenHardwareMonitorLib.dll
2012-11-04 06:25 - 2012-11-04 06:25 - 00736968 _____ () D:\Program Files\Rainmeter\Rainmeter.dll
2012-11-04 06:23 - 2012-11-04 06:23 - 00056832 _____ () D:\Program Files\Rainmeter\Plugins\WebParser.dll
2012-11-04 06:23 - 2012-11-04 06:23 - 00025088 _____ () D:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
2013-10-10 13:48 - 2013-10-10 13:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-29 13:59 - 2012-11-29 13:59 - 00093696 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-07 07:38 - 2013-12-03 18:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-07 07:38 - 2013-12-03 18:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-07 07:38 - 2013-12-03 18:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-07 07:38 - 2013-12-03 18:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-07 07:38 - 2013-12-03 18:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Jon\AppData\Local\Ad5WSYo1ZL:5ndIM8poSL5Uj9hIH1Ay1Y
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/26/2013 00:07:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (12/25/2013 00:48:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader) (User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 
 
(0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 
 
(0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system 
 
cannot find the path specified.
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system 
 
cannot find the path specified.
 
Error: (12/24/2013 04:32:21 PM) (Source: acvpndownloader) (User: )
Description: Function: PreferenceMgr::invokePreferenceUpdateCBs
File: ..\Api\PreferenceMgr.cpp
Line: 1478
Callback interface address is NULL.
 
 
System errors:
=============
Error: (12/27/2013 08:01:00 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/26/2013 08:41:57 AM) (Source: Service Control Manager) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2
 
Error: (12/26/2013 08:41:45 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/25/2013 08:51:09 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 04:36:58 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 09:31:42 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 08:26:19 AM) (Source: Service Control Manager) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 08:26:08 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 08:16:06 AM) (Source: Service Control Manager) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
%%2
 
Error: (12/24/2013 08:15:54 AM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (12/26/2013 00:07:54 PM) (Source: SideBySide)(User: )
Description: e:\Games\star conflict\game.exee:\Games\star conflict\game.exe0
 
Error: (12/25/2013 00:48:52 PM) (Source: SideBySide)(User: )
Description: e:\Games\star conflict\game.exee:\Games\star conflict\game.exe0
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader)(User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 
 
(0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 
 
(0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
 
Error: (12/24/2013 04:32:53 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system 
 
cannot find the path specified.
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
 
Error: (12/24/2013 04:32:50 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system 
 
cannot find the path specified.
 
Error: (12/24/2013 04:32:21 PM) (Source: acvpndownloader)(User: )
Description: Function: PreferenceMgr::invokePreferenceUpdateCBs
File: ..\Api\PreferenceMgr.cpp
Line: 1478
Callback interface address is NULL.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 16278 MB
Available physical RAM: 13584.24 MB
Total Pagefile: 32554.19 MB
Available Pagefile: 29706.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (SSD) (Fixed) (Total:223.57 GB) (Free:100.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programs) (Fixed) (Total:244.24 GB) (Free:231.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Games) (Fixed) (Total:244.14 GB) (Free:22.14 GB) NTFS
Drive f: (Documents) (Fixed) (Total:244.14 GB) (Free:215 GB) NTFS
Drive g: (Installation) (Fixed) (Total:244.14 GB) (Free:189.32 GB) NTFS
Drive h: (Downloads) (Fixed) (Total:244.14 GB) (Free:135.04 GB) NTFS
Drive i: (Media) (Fixed) (Total:488.28 GB) (Free:284.98 GB) NTFS
Drive j: (Misc) (Fixed) (Total:153.93 GB) (Free:153.76 GB) NTFS
Drive k: (Mirror) (Fixed) (Total:465.76 GB) (Free:213.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Link to post
Share on other sites

Why are these in your host file?????

 

2009-07-13 18:34 - 2013-12-15 17:15 - 00003023 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 192.150.14.69

127.0.0.1 192.150.18.101

127.0.0.1 192.150.18.108

127.0.0.1 192.150.22.40

127.0.0.1 192.150.8.100

127.0.0.1 192.150.8.118

127.0.0.1 209-34-83-73.ood.opsource.net

MrC

Link to post
Share on other sites

They are on the computer in order to by-pass activation for Adobe products, AKA Piracy

You have Adobe products installed:

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.168) <---this one is OK
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)

 

In my first post to you:

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC

Link to post
Share on other sites

Well if you would like to continue, please uninstall these from your add/remove programs:
 

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)

 

--------------------------------------------

Restore the original host file:

Download and run Fixit:
http://support.microsoft.com/kb/972034

------------------------------------------

You'll need a PDF reader, so download and install this Free one:

Foxit Reader 6
http://www.foxitsoftware.com/Secure_PDF_Reader/

When you're done reboot and run another scan with FRST and make sure the Addition box is checked.

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.