Jump to content

Malwarebytes wont start; I have tried all suggestions


Recommended Posts

Yesterday my computer blue screened for some reason; I thought it was because it overheated. Today, I noticed that I could not start malwarebytes. When I try to get into it, windows pops up and says Malwarebytes encountered a problem and had to close. This problem may have started before my computer blue screened, but I do not know for sure; I just know that it was working a few days ago.

I followed all of the relevant suggestions on https://forums.malwarebytes.org/index.php?showtopic=85715#entry807476.

Each of the options in chameleon opened the command prompt and started something, but then windows came up with Malwarebytes encountered a problem and had to close. None of the other options listed in that site worked for me either.

Since then I have downloaded and run FRST64.exe. The FRST.txt file may be seen below and the Addition.txt file is attached. Any help you can give would be greatly appreciated!!

 

Best regards,

 

 

%%%%%%%

%

%    FRST.txt

%

%%%%%%%

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by james.kapaldo.HP (administrator) on JAMESKAPALDOHP on 19-05-2014 22:30:02
Running from C:\Users\james.kapaldo.HP\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipalsm.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipalsm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nidevldu.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipalsm.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\james.kapaldo.HP\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NI Update Service] => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [857888 2013-05-28] (National Instruments)
HKLM-x32\...\Run: [DataFinder] => C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe [2169120 2013-05-15] (National Instruments Corporation)
HKLM-x32\...\Run: [niDevMon] => C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [111952 2013-06-24] (National Instruments Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-23] (Valve Corporation)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [Google Update] => C:\Users\james.kapaldo.HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-23] (Google Inc.)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [17050087 2014-04-11] ()
HKU\S-1-5-21-3978405990-1882609876-276459303-1000\...\Run: [GoogleChromeAutoLaunch_216AF7CAA161ECB0824626B17F68DC0A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\james.kapaldo.HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\james.kapaldo.HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\james.kapaldo.HP\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\james.kapaldo.HP\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\james.kapaldo.HP\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\james.kapaldo.HP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\james.kapaldo.HP\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-01-23]
CHR Extension: (Google Docs) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-23]
CHR Extension: (Google Drive) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-23]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2013-01-23]
CHR Extension: (YouTube) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-23]
CHR Extension: (Google Cast) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-08-22]
CHR Extension: (Adblock Plus) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-25]
CHR Extension: (Google Search) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-23]
CHR Extension: (GmailTeX) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnmclkoadjdljnfmbnnhaahilafoeji [2013-01-23]
CHR Extension: (Google Voice (by Google)) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-01-23]
CHR Extension: (Boomerang for Gmail) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-01-23]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-01-23]
CHR Extension: (Google Wallet) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (My Chrome Theme) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-01-23]
CHR Extension: (NBC Olympics Scheduler) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\okhkncepdlpdblbgagmaifdgfaoincle [2013-01-23]
CHR Extension: (Weather Underground) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-01-23]
CHR Extension: (Gmail) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-23]
CHR Extension: (Writer) - C:\Users\james.kapaldo.HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2013-01-23]
 
==================== Services (Whitelisted) =================
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-11] (National Instruments Corporation)
R2 ni488enumsvc; C:\Windows\SysWOW64\nipalsm.exe [12696 2012-01-12] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 nidevldu; C:\Windows\SysWOW64\nidevldu.exe [102040 2013-03-04] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [236768 2012-11-07] (National Instruments Corporation)
R2 nimcdldu; C:\Windows\SysWOW64\nipalsm.exe [12696 2012-01-12] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [176512 2013-06-19] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [19056 2013-03-14] (National Instruments Corporation)
S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [33600 2013-07-17] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
R2 nitsuu; C:\Windows\SysWOW64\nipalsm.exe [12696 2012-01-12] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-11] (REALiX)
S3 lvalarmk; C:\Windows\system32\drivers\lvalarmk.sys [27528 2013-06-17] (National Instruments Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2013-02-12] (National Instruments Corporation)
S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [12984 2013-02-12] (National Instruments Corporation)
S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [27832 2013-02-12] (National Instruments Corporation)
S3 nicdcck; C:\Windows\system32\drivers\nicdcckl.sys [12992 2012-07-23] (National Instruments Corporation)
S3 nicdrk; C:\Windows\system32\drivers\nicdrkl.sys [11864 2011-07-21] (National Instruments Corporation)
S3 nicmrk; C:\Windows\system32\drivers\nicmrkl.sys [13456 2013-06-25] (National Instruments Corporation)
S3 nicondrk; C:\Windows\system32\drivers\nicondrkl.sys [13416 2013-06-25] (National Instruments Corporation)
S3 nicsrk; C:\Windows\system32\drivers\nicsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [13000 2012-06-28] (National Instruments Corporation)
S3 nidmxfk; C:\Windows\system32\drivers\nidmxfkl.sys [13416 2013-03-04] (National Instruments Corporation)
S3 nidsark; C:\Windows\system32\drivers\nidsarkl.sys [13432 2013-02-13] (National Instruments Corporation)
S3 nidwgk; C:\Windows\system32\drivers\nidwgkl.sys [11976 2012-06-28] (National Instruments Corporation)
S3 niemrk; C:\Windows\system32\drivers\niemrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niesrk; C:\Windows\system32\drivers\niesrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2012-01-12] (National Instruments Corporation)
S3 nifslk; C:\Windows\system32\drivers\nifslkl.sys [13432 2013-02-13] (National Instruments Corporation)
S3 nihsdrk; C:\Windows\system32\drivers\nihsdrkl.sys [14168 2013-10-28] (National Instruments Corporation)
S3 niimaqdxk; C:\Windows\System32\drivers\niimaqdxkl.sys [15160 2013-09-23] (National Instruments Corporation)
S3 nimcdfxk; C:\Windows\system32\drivers\nimcdfxkl.sys [11976 2012-06-05] (National Instruments Corporation)
R3 nimdbgk; C:\Windows\system32\drivers\nimdbgkl.sys [13000 2012-06-28] (National Instruments Corporation)
R3 nimru2k; C:\Windows\system32\drivers\nimru2kl.sys [13008 2012-06-28] (National Instruments Corporation)
S3 nimsdrk; C:\Windows\system32\drivers\nimsdrkl.sys [13480 2013-03-04] (National Instruments Corporation)
S3 nimstsk; C:\Windows\system32\drivers\nimstskl.sys [13448 2013-03-04] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\system32\drivers\nimxdfkl.sys [12984 2012-06-28] (National Instruments Corporation)
S3 nimxpk; C:\Windows\system32\drivers\nimxpkl.sys [13448 2013-03-04] (National Instruments Corporation)
S3 ninshsdk; C:\Windows\system32\drivers\ninshsdkl.sys [13000 2012-10-09] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [12992 2012-06-28] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13624 2012-12-20] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [926992 2012-12-19] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13624 2012-12-20] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16984 2012-12-18] (National Instruments Corporation)
S3 nipsdk; C:\Windows\system32\drivers\nipsdkl.sys [12448 2013-09-11] (National Instruments Corporation)
R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [87288 2013-02-11] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [70336 2013-03-06] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\system32\drivers\nipxigpk.sys [22680 2011-08-09] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\system32\drivers\nipxirmkl.sys [13432 2013-03-14] (National Instruments Corporation)
S3 niraptrk; C:\Windows\system32\drivers\niraptrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 niRFSA2k; C:\Windows\system32\drivers\niRFSA2kl.sys [13408 2013-05-24] (National Instruments Corporation)
S3 niRFSGmxk; C:\Windows\system32\drivers\niRFSGmxkl.sys [13416 2013-05-24] (National Instruments Corporation)
S3 niscdk; C:\Windows\system32\drivers\niscdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nisdigk; C:\Windows\system32\drivers\nisdigkl.sys [12960 2012-07-02] (National Instruments Corporation)
S3 nisftk; C:\Windows\system32\drivers\nisftkl.sys [12952 2012-06-01] (National Instruments Corporation)
S3 nisldk; C:\Windows\system32\drivers\nisldkl.sys [11960 2013-04-08] (National Instruments Corporation)
S3 nispdk; C:\Windows\system32\drivers\nispdkl.sys [12984 2012-03-07] (National Instruments Corporation)
S3 nisrcdk; C:\Windows\system32\drivers\nisrcdkl.sys [11936 2013-05-24] (National Instruments Corporation)
S3 nissrk; C:\Windows\system32\drivers\nissrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nistc2k; C:\Windows\system32\drivers\nistc2kl.sys [11824 2009-01-05] (National Instruments Corporation)
S3 nistc3rk; C:\Windows\system32\drivers\nistc3rkl.sys [13416 2013-02-07] (National Instruments Corporation)
S3 nistcrk; C:\Windows\system32\drivers\nistcrkl.sys [12968 2011-07-18] (National Instruments Corporation)
R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [20672 2013-02-14] (National Instruments Corporation)
S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [15176 2013-05-24] (National Instruments Corporation)
S3 niSynck; C:\Windows\system32\drivers\niSynckl.sys [15184 2013-09-04] (National Instruments Corporation)
S3 nitiork; C:\Windows\system32\drivers\nitiorkl.sys [13440 2013-02-07] (National Instruments Corporation)
S3 nitnr2k; C:\Windows\system32\drivers\nitnr2kl.sys [11912 2013-05-24] (National Instruments Corporation)
S3 nitsuk; C:\Windows\system32\drivers\nitsukl.sys [15192 2013-09-04] (National Instruments Corporation)
S3 niufurk; C:\Windows\system32\drivers\niufurkl.sys [13008 2012-10-08] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2013-06-19] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2013-06-19] (National Instruments Corporation)
S3 niwdk; No ImagePath
S3 niwfrk; C:\Windows\system32\drivers\niwfrkl.sys [15176 2013-06-25] (National Instruments Corporation)
S3 nixsrk; C:\Windows\system32\drivers\nixsrkl.sys [15176 2013-06-25] (National Instruments Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 niimaqk; system32\drivers\niimaqk.sys [X]
S3 usb6xxxk; \??\C:\Windows\system32\drivers\usb6xxxkl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-19 22:21 - 2014-05-19 22:21 - 01016261 _____ (Thisisu) C:\Users\james.kapaldo.HP\Desktop\JRT.exe
2014-05-19 22:21 - 2014-05-19 22:21 - 00000000 ____D () C:\Windows\ERUNT
2014-05-19 22:15 - 2014-05-19 22:15 - 00136481 _____ () C:\Users\james.kapaldo.HP\Downloads\Addition.txt
2014-05-19 22:14 - 2014-05-19 22:30 - 00039969 _____ () C:\Users\james.kapaldo.HP\Downloads\FRST.txt
2014-05-19 22:14 - 2014-05-19 22:30 - 00000000 ____D () C:\FRST
2014-05-19 22:14 - 2014-05-19 22:14 - 02067456 _____ (Farbar) C:\Users\james.kapaldo.HP\Downloads\FRST64.exe
2014-05-19 22:10 - 2014-05-19 22:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\james.kapaldo.HP\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-19 22:10 - 2014-05-19 22:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 21:53 - 2014-05-19 21:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\james.kapaldo.HP\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-19 21:51 - 2014-05-19 21:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\james.kapaldo.HP\Downloads\rkill.com
2014-05-19 21:49 - 2014-05-19 21:51 - 00002038 _____ () C:\Users\james.kapaldo.HP\Desktop\Rkill.txt
2014-05-19 21:49 - 2014-05-19 21:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\james.kapaldo.HP\Downloads\rkill.exe
2014-05-18 15:04 - 2014-05-18 15:05 - 00291680 _____ () C:\Windows\Minidump\051814-23275-01.dmp
2014-05-13 01:07 - 2014-05-18 15:04 - 1261706368 _____ () C:\Windows\MEMORY.DMP
2014-05-13 01:07 - 2014-05-18 15:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 01:07 - 2014-05-13 01:07 - 00291680 _____ () C:\Windows\Minidump\051314-26286-01.dmp
2014-05-07 15:27 - 2014-05-07 15:27 - 00015194 _____ () C:\Users\james.kapaldo.HP\Downloads\Marder13-1-plot.eps
2014-04-30 12:01 - 2014-04-30 12:01 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\WinEdt Team
2014-04-30 10:57 - 2014-04-30 10:57 - 00000966 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 8.lnk
2014-04-30 10:57 - 2014-04-30 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 8
2014-04-30 10:57 - 2014-04-30 10:57 - 00000000 ____D () C:\Program Files\WinEdt Team
2014-04-30 10:54 - 2014-04-30 10:54 - 09859944 _____ (WinEdt Team) C:\Users\james.kapaldo.HP\Downloads\winedt81-64.exe
2014-04-29 22:03 - 2014-04-29 22:03 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\Mozilla
2014-04-27 20:20 - 2014-04-27 20:20 - 00580608 _____ () C:\Users\james.kapaldo.HP\Downloads\u4LECTURE 2(CRYSTAL PHYSICS).ppt
2014-04-20 22:43 - 2014-05-13 00:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 22:42 - 2014-05-19 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-20 22:42 - 2014-05-19 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 22:42 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 22:42 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-20 02:06 - 2012-07-26 13:15 - 00000000 ____D () C:\ProgramData\Recovery
2014-05-19 22:30 - 2014-05-19 22:14 - 00039969 _____ () C:\Users\james.kapaldo.HP\Downloads\FRST.txt
2014-05-19 22:30 - 2014-05-19 22:14 - 00000000 ____D () C:\FRST
2014-05-19 22:29 - 2014-03-11 16:14 - 00000568 _____ () C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2014-05-19 22:29 - 2013-01-23 17:53 - 02064003 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 22:27 - 2013-01-24 11:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-19 22:26 - 2014-03-02 11:52 - 00007258 _____ () C:\Windows\setupact.log
2014-05-19 22:26 - 2013-07-16 13:43 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Local\TSVNCache
2014-05-19 22:26 - 2013-01-23 18:05 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 22:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 22:25 - 2013-08-03 15:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-19 22:25 - 2013-01-26 13:57 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-05-19 22:21 - 2014-05-19 22:21 - 01016261 _____ (Thisisu) C:\Users\james.kapaldo.HP\Desktop\JRT.exe
2014-05-19 22:21 - 2014-05-19 22:21 - 00000000 ____D () C:\Windows\ERUNT
2014-05-19 22:15 - 2014-05-19 22:15 - 00136481 _____ () C:\Users\james.kapaldo.HP\Downloads\Addition.txt
2014-05-19 22:14 - 2014-05-19 22:14 - 02067456 _____ (Farbar) C:\Users\james.kapaldo.HP\Downloads\FRST64.exe
2014-05-19 22:13 - 2009-07-14 01:13 - 00796870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 22:11 - 2013-04-01 18:25 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Local\CrashDumps
2014-05-19 22:10 - 2014-05-19 22:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\james.kapaldo.HP\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-19 22:10 - 2014-05-19 22:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 22:10 - 2014-04-20 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 22:10 - 2014-04-20 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 22:08 - 2014-03-02 13:53 - 00005182 _____ () C:\Windows\PFRO.log
2014-05-19 21:56 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 21:56 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 21:54 - 2014-05-19 21:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\james.kapaldo.HP\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-19 21:51 - 2014-05-19 21:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\james.kapaldo.HP\Downloads\rkill.com
2014-05-19 21:51 - 2014-05-19 21:49 - 00002038 _____ () C:\Users\james.kapaldo.HP\Desktop\Rkill.txt
2014-05-19 21:49 - 2014-05-19 21:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\james.kapaldo.HP\Downloads\rkill.exe
2014-05-19 21:08 - 2013-01-26 14:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978405990-1882609876-276459303-1000UA.job
2014-05-19 21:02 - 2013-01-23 18:05 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 20:47 - 2013-01-23 18:03 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7807D47A-3E3C-437F-B6F1-09EFEA2E3B11}
2014-05-18 15:07 - 2014-03-01 08:07 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2014-05-18 15:07 - 2014-03-01 08:07 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Local\ownCloud
2014-05-18 15:07 - 2014-03-01 08:07 - 00000000 ____D () C:\Program Files (x86)\ownCloud
2014-05-18 15:05 - 2014-05-18 15:04 - 00291680 _____ () C:\Windows\Minidump\051814-23275-01.dmp
2014-05-18 15:04 - 2014-05-13 01:07 - 1261706368 _____ () C:\Windows\MEMORY.DMP
2014-05-18 15:04 - 2014-05-13 01:07 - 00000000 ____D () C:\Windows\Minidump
2014-05-18 05:08 - 2013-01-26 14:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978405990-1882609876-276459303-1000Core.job
2014-05-16 09:13 - 2013-01-23 19:28 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\Skype
2014-05-15 11:54 - 2013-04-04 11:32 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-15 11:54 - 2013-01-24 12:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-15 11:53 - 2013-01-24 12:21 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\HpUpdate
2014-05-15 11:53 - 2013-01-24 12:21 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\HP Support Assistant
2014-05-13 18:09 - 2014-03-11 22:15 - 00000000 ____D () C:\Users\james.kapaldo.HP\Documents\MATLAB
2014-05-13 01:07 - 2014-05-13 01:07 - 00291680 _____ () C:\Windows\Minidump\051314-26286-01.dmp
2014-05-13 01:07 - 2013-08-03 19:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-13 01:07 - 2013-08-03 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-13 00:07 - 2014-04-20 22:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 01:57 - 2013-01-23 18:05 - 00003914 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 01:57 - 2013-01-23 18:05 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 15:27 - 2014-05-07 15:27 - 00015194 _____ () C:\Users\james.kapaldo.HP\Downloads\Marder13-1-plot.eps
2014-05-07 05:59 - 2013-07-16 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-07 05:03 - 2013-01-26 14:12 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3978405990-1882609876-276459303-1000UA
2014-05-07 05:03 - 2013-01-26 14:12 - 00003552 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3978405990-1882609876-276459303-1000Core
2014-05-04 11:27 - 2013-01-23 20:31 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Local\Apple Computer
2014-04-30 12:01 - 2014-04-30 12:01 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\WinEdt Team
2014-04-30 10:57 - 2014-04-30 10:57 - 00000966 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 8.lnk
2014-04-30 10:57 - 2014-04-30 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinEdt 8
2014-04-30 10:57 - 2014-04-30 10:57 - 00000000 ____D () C:\Program Files\WinEdt Team
2014-04-30 10:54 - 2014-04-30 10:54 - 09859944 _____ (WinEdt Team) C:\Users\james.kapaldo.HP\Downloads\winedt81-64.exe
2014-04-30 09:29 - 2013-06-12 00:20 - 00001122 _____ () C:\SSUUpdater.log
2014-04-29 22:03 - 2014-04-29 22:03 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\Mozilla
2014-04-27 20:20 - 2014-04-27 20:20 - 00580608 _____ () C:\Users\james.kapaldo.HP\Downloads\u4LECTURE 2(CRYSTAL PHYSICS).ppt
2014-04-20 22:42 - 2014-03-01 07:38 - 00000000 ____D () C:\Users\james.kapaldo.HP\AppData\Roaming\Malwarebytes
2014-04-20 22:42 - 2014-03-01 07:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-09 00:14
 
==================== End Of Log ============================
 

Addition.txt

Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Very sorry for the delay. We've simply been overrun with requests for help and have not been able to get to everyone requesting help in a timely manner.

Now that we're finally getting our head a bit above water again I've been going back to review old missed requests. If you do still need help please let me know.

Thank you

Link to post
Share on other sites

  • Root Admin

Okay then, Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.