Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

http://search.yahoo.com/?type=198484&fr=spigot-yhp-ch infected me


Recommended Posts

Hello gents, 

 

   I'm completely new here so if I do any forum fopa's I apologize in advance. It seems that I have somehow become victim to this lovely http://search.yahoo.com/?type=198484&fr=spigot-yhp-ch virus/malware/adware or whatever it is. I read a previous post where Gringo helped someone get there computer straightened out. I hope he, or someone, can help me also. I have some of noticeable issues, may be related or not. I'm not sure. My clock is stuck between 4-5 pm. After 5pm it resets to 4pm. My date is stuck on 3/10/2014. I'm assuming these correlate to the time I was infected. I have also noticed a big issue with my graphics stuttering and overall performing subpar in the last few days. I do not know where to start so I will wait instructions. I noticed Gringo said it is very important to run things in an appropriate order. I have also gotten the blue screen of death 5 times today. Thanks for any help guys.

 

David   

Link to post
Share on other sites

Ok. So now its take 2 on this post since I got the blue screen during my first attempt. Here are the results of my MBAM scan. 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.14.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16521

user :: USER-PC [administrator]

 

Protection: Enabled

 

3/10/2014 4:18:22 PM

mbam-log-2014-03-10 (16-18-22).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220176

Time elapsed: 55 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\user\Downloads\InstallConverter_TSV14EYEZ.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

 

(end)

 

 

I am still experiencing the same issue so here is my dds scan.. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2

Run by user at 16:23:15 on 2014-03-10

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8064.5370 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

E:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\iRacing\iRacingService.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe

E:\Program Files (x86)\Trading Paints\Trading Paints.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp64.exe

C:\Program Files\NVIDIA Corporation\Display\nvSmartMaxApp.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k swprv

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

uRun: [Trading Paints] E:\Program Files (x86)\Trading Paints\Trading Paints.exe min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{D8C20847-62FD-425C-AD0B-C2357A09B2E4} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s

x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"

x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"

x64-Run: [iAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart

x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]

R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2014-2-20 66040]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-3-10 881440]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2014-2-14 936728]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]

R2 iRacingService;iRacing helper service;C:\Program Files (x86)\iRacing\iRacingService.exe [2014-2-20 784552]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-2-14 169432]

R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-10 418376]

R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-10 701512]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-2-20 178528]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-2-20 328928]

R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-1-27 311600]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-2-20 1025232]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-2-20 219752]

R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-12-5 783864]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-2-20 185792]

R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-1-27 344688]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-14 1593632]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-2-14 16939296]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-2-20 1907896]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]

R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2014-2-21 299184]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-1-27 70592]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-2-14 442368]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-14 368112]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-14 786416]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-10 25928]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-1-27 520696]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-20 39200]

R3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-14 805088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-3-10 2151200]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-2-14 137336]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-2-20 197704]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-10 111616]

S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-11-26 96112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-10 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-10 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-10 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-17 1255736]

.

=============== Created Last 30 ================

.

2014-03-11 00:10:01 45056 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe

2014-03-11 00:10:01 45056 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe

2014-03-11 00:10:01 -------- d-----w- C:\Users\user\AppData\Roaming\Catalina – Print Savings

2014-03-11 00:02:20 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2014-03-11 00:02:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-03-11 00:02:13 -------- d-----w- C:\ProgramData\Malwarebytes

2014-03-10 23:37:19 377688 ----a-w- C:\Windows\System32\NvIFROpenGL.dll

2014-03-10 23:37:19 333600 ----a-w- C:\Windows\SysWow64\NvIFROpenGL.dll

2014-03-10 23:37:19 30344480 ----a-w- C:\Windows\System32\nvoglv64.dll

2014-03-10 23:37:19 2695200 ----a-w- C:\Windows\SysWow64\nvapi.dll

2014-03-10 23:37:19 1885472 ----a-w- C:\Windows\System32\nvdispco6433523.dll

2014-03-10 23:37:19 15855568 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2014-03-10 23:37:19 1516488 ----a-w- C:\Windows\System32\nvdispgenco6433523.dll

2014-03-10 23:35:09 -------- d-----w- C:\AdwCleaner

2014-03-10 23:29:55 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-10 23:28:56 197120 ----a-w- C:\Windows\System32\credui.dll

2014-03-10 23:27:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2014-03-10 23:27:54 366592 ----a-w- C:\Windows\System32\qdvd.dll

2014-03-10 23:26:00 98816 ----a-w- C:\Windows\sed.exe

2014-03-10 23:26:00 256000 ----a-w- C:\Windows\PEV.exe

2014-03-10 23:26:00 208896 ----a-w- C:\Windows\MBR.exe

2014-03-10 23:23:45 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2014-03-10 23:21:05 -------- d-----w- C:\ProgramData\ProductData

2014-03-10 23:20:53 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2014-03-10 23:20:52 -------- d-----w- C:\ProgramData\IObit

2014-03-10 23:20:49 -------- d-----w- C:\Program Files (x86)\IObit

2014-03-10 23:20:01 -------- d-----w- C:\Users\user\AppData\Roaming\IObit

2014-03-10 23:19:58 -------- d-----w- C:\Users\user\AppData\Local\Programs

2014-03-10 23:19:27 31520 ----a-w- C:\Windows\System32\nvhdap64.dll

2014-03-10 23:19:27 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2014-03-10 23:19:27 1510176 ----a-w- C:\Windows\System32\nvhdagenco64.dll

2014-03-10 23:17:50 -------- d-----w- C:\$RECYCLE.BIN

2014-03-10 23:17:07 1885472 ----a-w- C:\Windows\System32\nvdispco6433489.dll

2014-03-10 23:17:07 1515296 ----a-w- C:\Windows\System32\nvdispgenco6433489.dll

2014-03-07 23:45:09 -------- d-----w- C:\Program Files (x86)\Mu

2014-03-07 23:44:41 -------- d-----w- C:\Program Files\MoTeC

2014-03-07 23:41:15 -------- d-----w- C:\Program Files (x86)\MoTeC

2014-03-07 23:35:53 -------- d-----w- C:\ProgramData\MoTeC

2014-03-07 23:35:53 -------- d-----w- C:\MoTeC

2014-03-04 18:20:46 65024 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\PPhp1020.DLL

2014-03-03 18:52:35 -------- d-----w- C:\Windows\SysWow64\directx

2014-02-21 18:56:32 501760 ----a-w- C:\Windows\System32\ZSHP1020.EXE

2014-02-21 18:56:32 245248 ----a-w- C:\Windows\System32\zshp1020s.dll

2014-02-21 18:56:32 192512 ----a-w- C:\Windows\System32\ZLhp1020.DLL

2014-02-21 18:18:50 -------- d-----w- C:\Windows\System32\MRT

2014-02-21 18:09:51 327168 ----a-w- C:\Windows\System32\mswsock.dll

2014-02-21 18:09:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2014-02-21 18:09:51 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2014-02-21 18:00:15 -------- d-----w- C:\Program Files\HP

2014-02-21 17:59:58 -------- d-----w- C:\hp_lj1020_Full_Solution

2014-02-21 17:58:40 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2014-02-21 17:58:40 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2014-02-21 17:58:40 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2014-02-21 17:58:40 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2014-02-21 17:56:31 404480 ----a-w- C:\Windows\System32\gdi32.dll

2014-02-21 17:55:48 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2014-02-21 17:54:55 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2014-02-21 00:17:03 -------- d-----w- C:\Users\user\AppData\Roaming\TradingPaints Downloader

2014-02-20 22:54:26 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2014-02-20 22:54:26 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2014-02-20 22:47:24 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll

2014-02-20 22:47:24 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll

2014-02-20 22:12:16 -------- d-----w- C:\Users\user\AppData\Local\Adobe

2014-02-20 22:05:27 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK

2014-02-20 22:05:26 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys

2014-02-20 22:05:26 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup

2014-02-20 22:05:24 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

2014-02-20 22:05:18 -------- d-----w- C:\Program Files (x86)\McAfee.com

2014-02-20 22:05:15 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2014-02-20 22:05:11 -------- d-----w- C:\Program Files\McAfee.com

2014-02-20 22:05:11 -------- d-----w- C:\Program Files\McAfee

2014-02-20 21:57:55 -------- d-----w- C:\Program Files\stinger

2014-02-20 21:57:39 185792 ----a-w- C:\Windows\System32\mfevtps.exe

2014-02-20 21:57:38 -------- d-----w- C:\Program Files\Common Files\McAfee

2014-02-20 21:43:53 -------- d-----w- C:\Program Files (x86)\Citrix

2014-02-20 21:43:50 -------- d-----w- C:\Users\user\AppData\Local\Citrix

2014-02-20 21:42:41 -------- d-----w- C:\Program Files (x86)\McAfee

2014-02-20 21:39:02 566480 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2014-02-20 21:38:19 -------- d-----w- C:\Program Files\Microsoft Office 15

2014-02-20 21:23:03 -------- d-----w- C:\Program Files\Common Files\Logitech

2014-02-20 21:21:43 -------- d-----w- C:\Users\user\AppData\Roaming\NVIDIA

2014-02-20 21:21:43 -------- d-----w- C:\Users\user\AppData\Local\Logitech

2014-02-20 21:21:37 -------- d-----w- C:\Program Files\Logitech Gaming Software

2014-02-20 21:20:36 -------- d-----w- C:\Users\user\AppData\Roaming\Logishrd

2014-02-20 21:07:23 -------- d-----w- C:\ProgramData\Oracle

2014-02-20 21:07:21 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-02-20 20:59:39 -------- d-----w- C:\Users\user\AppData\Roaming\Downloaded Installations

2014-02-20 20:58:23 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2014-02-20 20:58:23 107368 ----a-w- C:\Windows\System32\xinput1_3.dll

2014-02-20 20:58:18 -------- d-----w- C:\Program Files (x86)\iRacing

2014-02-20 20:55:15 -------- d-----w- C:\Users\user\AppData\Local\Google

2014-02-20 20:55:11 -------- d-----w- C:\Users\user\AppData\Local\Deployment

2014-02-20 20:55:11 -------- d-----w- C:\Users\user\AppData\Local\Apps

2014-02-14 22:52:55 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2014-02-14 22:52:30 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2014-02-14 22:52:27 99288 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys

2014-02-14 22:52:27 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll

2014-02-14 22:50:24 442368 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys

2014-02-14 22:50:24 15360 ----a-w- C:\Windows\System32\IntcDAuC.dll

2014-02-14 22:48:59 603984 ----a-w- C:\Windows\System32\KAAPORT64.dll

2014-02-14 22:46:04 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll

2014-02-14 22:45:56 -------- d-----w- C:\Intel

2014-02-14 22:45:21 -------- d-----w- C:\Windows\AsusInstAll

2014-02-14 22:45:17 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2014-02-14 22:44:03 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll

2014-02-14 22:44:03 15232 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys

2014-02-14 22:44:03 -------- d-----w- C:\Program Files\ASUS

2014-02-14 22:44:03 -------- d-----w- C:\Program Files (x86)\ASUS

2014-02-14 22:44:02 2356592 ----a-w- C:\Windows\System32\WudfUpdate_01011.dll

2014-02-14 22:44:02 107008 ----a-w- C:\Windows\System32\drivers\UMDF\ASMBSW.dll

2014-02-14 17:40:27 -------- d-----w- C:\Users\user\AppData\Local\Futuremark

2014-02-14 17:40:26 -------- d-----w- C:\Users\user\AppData\Local\IsolatedStorage

2014-02-14 17:38:02 -------- d-----w- C:\Program Files (x86)\Futuremark

2014-02-14 17:37:56 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2014-02-14 17:37:56 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2014-02-14 17:37:56 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2014-02-14 17:37:56 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2014-02-14 17:37:56 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll

2014-02-14 17:37:56 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2014-02-14 17:37:56 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2014-02-14 17:37:56 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll

2014-02-14 17:37:56 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2014-02-14 17:37:56 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll

2014-02-14 17:37:56 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2014-02-14 17:37:56 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll

2014-02-14 17:28:14 -------- d-----w- C:\Users\user\AppData\Roaming\Intel Corporation

2014-02-14 17:28:05 -------- d-----w- C:\Users\user\AppData\Local\NVIDIA Corporation

2014-02-14 17:26:56 -------- d-----w- C:\Recovery

2014-02-14 17:21:57 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2014-02-14 17:21:55 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2014-02-14 17:21:47 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2014-02-14 17:21:47 3067560 ----a-w- C:\Windows\System32\nvapi64.dll

2014-02-14 17:21:47 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll

2014-02-14 17:21:47 18286416 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2014-02-14 17:21:47 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll

2014-02-14 17:21:47 1435504 ----a-w- C:\Windows\System32\nvumdshimx.dll

2014-02-14 17:21:29 -------- d-----w- C:\Program Files\NVIDIA Corporation

2014-02-14 17:21:15 -------- d-----w- C:\NVIDIA

2014-02-14 17:05:29 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

.

==================== Find3M  ====================

.

2014-03-10 23:29:55 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-03-10 23:28:56 1930752 ----a-w- C:\Windows\System32\authui.dll

2014-02-21 18:10:21 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll

2014-01-27 16:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2014-01-27 16:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2014-01-27 16:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2014-01-27 16:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2014-01-27 16:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2014-01-27 16:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2014-01-21 02:54:53 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2014-01-21 02:54:22 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll

.

============= FINISH: 16:23:21.04 ===============

 

 

And here is the attach file

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 2/14/2014 10:26:57 AM

System Uptime: 3/10/2014 4:17:40 PM (0 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. |  | Z87-A

Processor: Intel® Core i7-4770K CPU @ 3.50GHz | SOCKET 1150 | 1575/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 30.479 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 466 GiB total, 390.738 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: Internet Access Server

Device ID: UUID:49E7B495-7DCD-11B0-5365-F0E05C3F5CB4\UMB\3&4A31738&0&UUID:49E7B495-7DCD-11B0-5365-F0E05C3F5CB4

Manufacturer: 

Name: Internet Access Server

PNP Device ID: UUID:49E7B495-7DCD-11B0-5365-F0E05C3F5CB4\UMB\3&4A31738&0&UUID:49E7B495-7DCD-11B0-5365-F0E05C3F5CB4

Service: 

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfeapfk

Device ID: ROOT\LEGACY_MFEAPFK\0000

Manufacturer: 

Name: McAfee Inc. mfeapfk

PNP Device ID: ROOT\LEGACY_MFEAPFK\0000

Service: mfeapfk

.

==== System Restore Points ===================

.

RP21: 3/10/2014 4:27:51 PM - Windows Modules Installer

RP22: 3/10/2014 4:27:58 PM - Windows Modules Installer

RP19: 3/10/2014 4:30:07 PM - Windows Update

RP20: 3/10/2014 5:11:44 PM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Photoshop CS2

Advanced SystemCare 7

Catalina Savings Printer

Cisco Connect

Coupon Printer for Windows

EVGA Precision X 4.2.1

Futuremark SystemInfo

GeForce Experience NvStream Client Components

Google Chrome

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

IObit Apps Toolbar v8.8

IObit Uninstaller

iRacing.com Race Simulation

iSpeed 3.4.0.3

Java 7 Update 51

Java Auto Updater

Jimmie Johnson Spotter-Cuss Pack

Logitech Gaming Software

Logitech Gaming Software 5.10

Logitech Gaming Software 8.51

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Internet Security

McAfee Online Backup

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Professional Plus 2013 - en-us

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

NVIDIA 3D Vision Controller Driver 331.65

NVIDIA 3D Vision Driver 331.65

NVIDIA Control Panel 331.65

NVIDIA GeForce Experience 1.8.2

NVIDIA Graphics Driver 331.65

NVIDIA HD Audio Driver 1.3.26.4

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA ShadowPlay 11.10.11

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 11.10.11

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.20

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RivaTuner Statistics Server 5.2.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)

SHIELD Streaming

Surfing Protection

Trading Paints

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

WinRAR 5.01 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

3/10/2014 5:12:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.

3/10/2014 4:28:25 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

3/10/2014 4:28:12 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/10/2014 4:20:53 PM, Error: Service Control Manager [7030]  - The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

3/10/2014 4:18:47 PM, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

3/10/2014 4:17:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8009657028, 0x00000000bf800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-6271-01.

3/10/2014 4:17:47 PM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.

3/10/2014 4:17:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800971a028, 0x00000000ff800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-5460-01.

3/10/2014 4:17:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8007625028, 0x00000000ff800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-5506-01.

3/10/2014 4:17:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8007509028, 0x00000000ff800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-5085-01.

3/10/2014 4:17:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800743f028, 0x00000000ff800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-5085-02.

3/10/2014 4:17:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8007505028, 0x00000000ff800000, 0x0000000000000124). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031014-4929-01.

3/10/2014 4:17:42 PM, Error: volmgr [46]  - Crash dump initialization failed!

3/10/2014 4:14:02 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..

.

==== End Of File ===========================
Link to post
Share on other sites

Welcome to the forum, you most likely got the crapware when you installed Advanced SystemCare 7.

I suggest you uninstall all of their programs.

------------------

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for taking the time to help me out Mr.Charlie. I do not use any type of torrents. I use this computer strickly for online racing (iracing.com) and painting using Photoshop CS2 (the free version with the key on adobe's site). Essentially the only programs on this computer are used directly for iracing, aside from the coupon printing things my wife likes me to print for her from time to time. Below are the logs you asked for. I hope I did get them right. I think I may have 'caught' whatever this is because I disabled the firewall and real time scanning of my McAfee because it causes stutters while racing, which tend to lead to wrecks and spins. 

 

MBAM

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.14.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
user :: USER-PC [administrator]
 
Protection: Enabled
 
3/10/2014 4:26:52 PM
mbam-log-2014-03-10 (16-26-52).txt
 
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352277
Time elapsed: 10 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Qoobox\Quarantine\E\Setup.exe.vir (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
E:\advanced systemcare setup.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.
 
(end)
 
RogueKiller
 
RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 03/10/2014 16:25:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ADATA SP900 SCSI Disk Device +++++
--- User ---
[MBR] c82ee38751aad8a6c651bee6709c1faa
[bSP] 3e104526658d337ef07eb10f5d43e588 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 121752 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x18] The program issued a command but the command length is incorrect. )
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) TOSHIBA DT01ACA050 SCSI Disk Device +++++
--- User ---
[MBR] 85abc6769e13d56dfc37f02abf0550ae
[bSP] 330a170be18585d78f8b32a374ea83d4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x18] The program issued a command but the command length is incorrect. )
 
Finished : << RKreport[0]_S_03102014_162541.txt >>
RKreport[0]_D_03102014_162029.txt;RKreport[0]_S_03102014_162022.txt;RKreport[0]_S_03102014_162503.txt
RKreport[0]_S_03102014_162505.txt
 
I eagerly await your next instructions :) 
 
Link to post
Share on other sites

Also, a couple of other issues I've noticed are these:

 

When I access my yahoo mail it tells me the sites cert is not trusted. 

 

My system clock and date seem to be stuck at 3/10/2014 and only tells time from 4pm to 5pm and resets. 

 

And I've received a few blue screen crashes today. Never had those before. 

 

And I've been getting a lot of bouncing around of the homescreen status bar (the bar on bottom with the quick buttons, start button, etc.) It will sometimes bounce from the left screen to center screen for a few seconds before settling back to the middle. 

Link to post
Share on other sites

Lets run some scans:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (leave the KSN boxed checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Finally got the combofix to run.. I had to right click and run as administrator for it to go... here are the results 

 

ComboFix 14-03-13.01 - user 03/10/2014  16:23:04.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8064.5703 [GMT -7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-10 to 2014-03-10  )))))))))))))))))))))))))))))))
.
.
2014-03-11 00:02 . 2014-03-11 00:02 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 00:02 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-10 23:37 . 2014-03-04 14:35 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-10 23:37 . 2014-03-04 14:35 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-10 23:37 . 2014-03-04 14:35 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-10 23:37 . 2014-03-04 14:35 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-10 23:37 . 2013-10-23 10:30 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-10 23:37 . 2013-10-23 10:30 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-10 23:37 . 2013-10-23 10:30 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-10 23:35 . 2014-03-10 23:19 -------- d-----w- C:\AdwCleaner
2014-03-10 23:29 . 2014-03-10 23:29 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-10 23:28 . 2014-03-10 23:28 197120 ----a-w- c:\windows\system32\credui.dll
2014-03-10 23:27 . 2014-03-10 23:27 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-10 23:27 . 2014-03-10 23:27 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-10 23:25 . 2014-03-10 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 23:23 . 2013-06-28 01:05 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-03-10 23:21 . 2014-03-10 23:21 -------- d-----w- c:\programdata\ProductData
2014-03-10 23:20 . 2014-03-10 23:20 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-10 23:20 . 2014-03-10 23:21 -------- d-----w- c:\programdata\IObit
2014-03-10 23:20 . 2014-03-10 23:43 -------- d-----w- c:\program files (x86)\IObit
2014-03-10 23:19 . 2013-06-16 12:38 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-03-10 23:19 . 2013-06-16 12:38 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-03-10 23:19 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
2014-03-10 23:18 . 2014-03-10 23:18 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-10 23:17 . 2014-02-08 18:34 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-03-10 23:17 . 2014-02-08 18:34 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-03-07 23:45 . 2014-03-11 00:12 -------- d-----w- c:\program files (x86)\Mu
2014-03-07 23:44 . 2014-03-07 23:44 -------- d-----w- c:\program files\MoTeC
2014-03-07 23:41 . 2014-03-11 00:12 -------- d-----w- c:\program files (x86)\MoTeC
2014-03-07 23:35 . 2014-03-07 23:35 -------- d-----w- c:\programdata\MoTeC
2014-03-07 23:35 . 2014-03-07 23:35 -------- d-----w- C:\MoTeC
2014-03-07 18:30 . 2014-03-07 18:30 -------- d-----w- c:\program files\WinRAR
2014-03-04 18:20 . 2012-09-18 22:27 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2014-02-21 18:56 . 2012-09-18 22:27 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2014-02-21 18:56 . 2012-09-18 22:27 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2014-02-21 18:56 . 2012-09-18 07:34 245248 ----a-w- c:\windows\system32\zshp1020s.dll
2014-02-21 18:18 . 2014-02-21 18:19 -------- d-----w- c:\windows\system32\MRT
2014-02-21 18:09 . 2014-02-21 18:09 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-02-21 18:09 . 2014-02-21 18:09 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-02-21 18:09 . 2014-02-21 18:09 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-02-21 18:00 . 2014-02-21 18:00 -------- d-----w- c:\program files\HP
2014-02-21 17:59 . 2014-02-21 18:00 -------- d-----w- C:\hp_lj1020_Full_Solution
2014-02-21 17:58 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-21 17:58 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-21 17:58 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-21 17:58 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-21 17:56 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-02-21 17:55 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-02-21 17:54 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2014-02-20 22:54 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-02-20 22:54 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-02-20 22:47 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2014-02-20 22:47 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2014-02-20 22:05 . 2014-02-20 22:05 -------- dc----w- c:\windows\system32\DRVSTORE
2014-02-20 22:05 . 2014-02-20 22:05 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2014-02-20 22:05 . 2010-04-14 04:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2014-02-20 22:05 . 2013-09-23 21:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-02-20 22:05 . 2014-02-20 22:05 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2014-02-20 22:05 . 2014-02-20 22:05 -------- d-----w- c:\program files\McAfee
2014-02-20 21:57 . 2014-02-20 21:58 -------- d-----w- c:\program files\stinger
2014-02-20 21:57 . 2014-01-27 16:37 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-02-20 21:57 . 2014-02-20 22:05 -------- d-----w- c:\program files\Common Files\McAfee
2014-02-20 21:43 . 2014-02-20 21:43 -------- d-----w- c:\program files (x86)\Citrix
2014-02-20 21:42 . 2014-02-20 23:12 -------- d-----w- c:\program files (x86)\McAfee
2014-02-20 21:39 . 2014-02-20 23:58 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-02-20 21:38 . 2014-02-21 00:02 -------- d-----w- c:\program files\Microsoft Office 15
2014-02-20 21:23 . 2014-02-20 21:23 -------- d-----w- c:\program files\Logitech
2014-02-20 21:23 . 2014-02-20 21:23 -------- d-----w- c:\program files\Common Files\Logitech
2014-02-20 21:21 . 2014-02-20 21:21 -------- d-----w- c:\programdata\LogiShrd
2014-02-20 21:21 . 2014-03-03 04:58 -------- d-----w- c:\program files\Logitech Gaming Software
2014-02-20 21:07 . 2014-02-20 21:38 -------- d-----w- c:\programdata\Oracle
2014-02-20 21:07 . 2014-02-20 21:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-20 21:07 . 2013-12-19 05:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-20 21:07 . 2014-02-20 21:37 -------- d-----w- c:\program files (x86)\Java
2014-02-20 21:07 . 2014-02-21 19:59 -------- d-----w- c:\programdata\McAfee
2014-02-20 20:58 . 2014-02-20 20:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-20 20:58 . 2007-04-05 02:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2014-02-20 20:58 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-02-20 20:58 . 2014-02-20 23:09 -------- d-----w- c:\program files (x86)\iRacing
2014-02-20 20:55 . 2014-02-20 20:55 -------- d-----w- c:\program files (x86)\Google
2014-02-14 22:53 . 2014-02-14 22:53 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Intel
2014-02-14 22:52 . 2013-09-04 00:52 16344 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-02-14 22:52 . 2014-02-14 22:53 -------- d-----w- c:\programdata\Intel
2014-02-14 22:52 . 2014-02-14 22:52 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2014-02-14 22:52 . 2013-09-04 00:52 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-02-14 22:52 . 2013-09-04 00:52 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-02-14 22:50 . 2013-05-17 05:25 442368 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2014-02-14 22:50 . 2013-05-17 05:25 15360 ----a-w- c:\windows\system32\IntcDAuC.dll
2014-02-14 22:48 . 2011-08-23 09:00 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2014-02-14 22:47 . 2014-02-20 21:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-02-14 22:46 . 2014-02-14 22:52 -------- d-----w- c:\program files (x86)\Intel
2014-02-14 22:46 . 2013-08-05 03:50 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2014-02-14 22:45 . 2014-02-14 22:50 -------- d-----w- C:\Intel
2014-02-14 22:45 . 2014-02-14 22:45 -------- d-----w- c:\windows\AsusInstAll
2014-02-14 22:45 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-02-14 22:44 . 2014-02-14 22:44 -------- d-----w- c:\program files\ASUS
2014-02-14 22:44 . 2014-02-14 22:44 -------- d-----w- c:\program files (x86)\ASUS
2014-02-14 22:44 . 2012-08-22 09:54 15232 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2014-02-14 22:44 . 2010-06-29 07:41 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2014-02-14 22:44 . 2013-05-13 05:04 107008 ----a-w- c:\windows\system32\drivers\UMDF\ASMBSW.dll
2014-02-14 22:44 . 2012-08-17 02:57 2356592 ----a-w- c:\windows\system32\WudfUpdate_01011.dll
2014-02-14 17:38 . 2014-02-14 17:38 -------- d-----w- c:\program files (x86)\Futuremark
2014-02-14 17:37 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-02-14 17:37 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2014-02-14 17:37 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2014-02-14 17:37 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-02-14 17:37 . 2010-06-02 12:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2014-02-14 17:37 . 2010-06-02 12:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-02-14 17:37 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-02-14 17:37 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-02-14 17:37 . 2010-05-26 19:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-02-14 17:37 . 2010-05-26 19:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-02-14 17:37 . 2006-09-29 00:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2014-02-14 17:37 . 2006-09-29 00:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2014-02-14 17:27 . 2014-03-10 23:17 -------- d-----w- c:\users\user
2014-02-14 17:26 . 2014-02-14 17:26 -------- d-----w- C:\Recovery
2014-02-14 17:21 . 2014-02-14 17:28 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-02-14 17:21 . 2014-03-10 23:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-02-14 17:21 . 2013-12-27 18:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-02-14 17:21 . 2013-12-19 20:33 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2014-02-14 17:21 . 2013-12-19 20:33 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2014-02-14 17:21 . 2013-10-23 10:30 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-14 17:21 . 2013-10-23 10:30 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-14 17:21 . 2013-10-23 10:30 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-14 17:21 . 2014-02-14 17:22 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 18:10 . 2014-02-21 18:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-05 02:09 . 2013-06-17 18:10 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-27 16:43 . 2014-01-27 16:43 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-01-27 16:37 . 2014-01-27 16:37 344688 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-01-27 16:33 . 2013-12-06 00:41 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-01-27 16:31 . 2014-01-27 16:31 520696 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-01-27 16:30 . 2014-01-27 16:30 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 16:29 . 2013-12-06 00:36 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-02-21 00:00 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-02-21 00:00 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-02-21 00:00 1727176 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trading Paints"="e:\program files (x86)\Trading Paints\Trading Paints.exe" [2014-01-09 226304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 ALSysIO;ALSysIO; [x]
R3 cpuz136;cpuz136; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iRacingService;iRacing helper service;c:\program files (x86)\iRacing\iRacingService.exe;c:\program files (x86)\iRacing\iRacingService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;e:\program files (x86)\EVGA Precision X\RTCore64.sys;e:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTCORE64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 18:21 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20 20:55]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-02-21 00:00 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-02-21 00:00 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-02-21 00:00 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-32715271.sys
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-10  16:26:07
ComboFix-quarantined-files.txt  2014-03-10 23:26
ComboFix2.txt  2014-03-10 23:18
.
Pre-Run: 37,565,755,392 bytes free
Post-Run: 37,275,201,536 bytes free
.
- - End Of File - - 12664EEEB8CF3B3878A6C103FEC092CF
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

It looks like you have run ComboFix in the past and it wasn't uninstalled properly.

Download and run the uninstaller

Now grab a fresh copy of ComboFix and run it like this:

Make sure ComboFix is on your desktop.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

No you're good.

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

MrC.. Here are the results adwcleaner.. but it looks like it found nothing.. I'm so puzzled.. seems like none of the programs are finding anything..  :unsure:      

 

# AdwCleaner v3.022 - Report created 10/03/2014 at 17:14:21
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3626 octets] - [10/03/2014 16:35:12]
AdwCleaner[R1].txt - [881 octets] - [10/03/2014 17:14:00]
AdwCleaner[s0].txt - [3716 octets] - [10/03/2014 16:36:21]
AdwCleaner[s1].txt - [803 octets] - [10/03/2014 17:14:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [862 octets] ##########
 
 
 
It's almost like I'm not infected but I am lol... Look forward to chatting again. :) 
Link to post
Share on other sites

Ok.. Did some in game tests. My FPS are still running low and getting stutters still. Didn't get any blue screens though while using photoshop and iracing and doing alt+tabs between. Something I do a lot when painting and was causing me to get blue screens earlier. Not sure what else you are looking for as the fps issue was what lead me to look for issues in the first place and lead me to find the searchyahoo thing. What else should I tell you? Thanks MrC.

Link to post
Share on other sites

Well MrC.. Heres the new (same old) thing. Well first I reset all my graphics properties in NVIDIA control panel and inspector. Reconfigured my ingame settings. My FPS were back up, or so it appears. However, after about 1 hour of running I got blue screened again. Thought it may be workign well  enough to do a race tomorrow. But I guess not lol.. 

 

I've attached the windows error report I got upon reboot. 

 

I still have not installed or uninstalled any programs. I did receive some windows updates and my teamspeak updated. My system clock still seems to be stuck in a cycle; now going from 7pm to 8pm since I set the time to 7:45 earlier. 

post-158549-0-81997000-1394952883_thumb.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Additonally, I was able to run some laps today and the computer 'seems' to be running fine. However, after my TS update I am noticing that it displays random numbers where the lists normally are. Pic attached. I also noticed this one time in my email. Also, I've been having some internet performance issues suddenly. Many of my browser tabs stop performing and I have to close all tabs, reopen and then they load fine.. And it does it fairly quickly each time. Some things getting better.. some worse I guess lol.. 

 

 

post-158549-0-75947200-1394991239_thumb.

Link to post
Share on other sites

Any browser that is giving you a problem, I suggest you just reset it:

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know....MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by user at 2014-03-15 19:57:20 Run:1

Running from C:\Users\user\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie

SearchScopes: HKCU - {CC7F0490-4453-4308-9FD1-8B87D46DE916} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File

S3 ALSysIO; No ImagePath

S3 cpuz136; No ImagePath

C:\Users\user\AppData\Local\Temp\promote-upx.exe

C:\Users\user\AppData\Local\Temp\Quarantine.exe

C:\Program Files (x86)\Coupons

C:\Users\user\Downloads\couponprinter.exe

 

*****************

 

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC7F0490-4453-4308-9FD1-8B87D46DE916} => Key deleted successfully.

HKCR\CLSID\{CC7F0490-4453-4308-9FD1-8B87D46DE916} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.

HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.

ALSysIO => Service deleted successfully.

cpuz136 => Service deleted successfully.

C:\Users\user\AppData\Local\Temp\promote-upx.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Program Files (x86)\Coupons => Moved successfully.

C:\Users\user\Downloads\couponprinter.exe => Moved successfully.

 

==== End of Fixlog ====

 

Here you are good sir. 

Link to post
Share on other sites

I honestly had to leave right after posting that. I will run it some later and let you know. Maybe if it's cured you can help me diagnose and fix my G930 headset. It always disconnects while using it and reconnects, almost in a rhythmic pattern. Very annoying and costly when you need to be able to listen to engine and tires constantly. Also, I'd like to donate to you for your help but I don't want to insult you. What would you consider an acceptable donation?

Link to post
Share on other sites

Got a chance to test things.. seem to be better now. And my browser doesnt default to the searchyahoo anymore. Now if I/we can solve a few other small issues I'll be all set. My clock still seems to be stuck in a cycle from 7-8pm. 

 

Are you able to help with other issues non malware associated MrC.? 

Link to post
Share on other sites

I don't have an answer but here's a Google search:

http://lmgtfy.com/?q=windows+7+clock+problems

You can also post your question at the forum below:

http://www.geekstogo.com/forum/forum/79-windows-vista-and-windows-7/

-----------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.