Jump to content
superwow_rl

BSODs & Malwarebytes Disappeared From Notification Area

Recommended Posts

Hi.  I had started another post in a different forum (https://forums.malwarebytes.org/index.php?showtopic=150281#entry840250) but was advised to ask for help here.

 

Since Malwarebytes will not run, here is the Farbar log.  Only one popped up.  When I ran it as instructed in my original thread, two logs were produced.  I don't know why that didn't happen this time.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by lil nippers (administrator) on LILNIPPERS on 11-06-2014 18:15:41
Running from C:\Users\lil nippers\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-03-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-05-15] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-04-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2013-10-09] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-15] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138
FF DefaultSearchEngine: Swagbucks
FF SelectedSearchEngine: Swagbucks
FF Homepage: www.swagbucks.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\searchplugins\mypoints-search.xml
FF SearchPlugin: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\searchplugins\safesearch.xml
FF SearchPlugin: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\searchplugins\swagbucks.xml
FF Extension: WOT - C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-27]
FF Extension: Adblock Plus - C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-18]
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-06-10]
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2013-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-09]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-12-19] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-03-21] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140610.001\IDSvia64.sys [525016 2014-05-30] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140610.019\ENG64.SYS [126040 2014-05-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140610.019\EX64.SYS [2099288 2014-05-31] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 18:15 - 2014-06-11 18:15 - 00022463 _____ () C:\Users\lil nippers\Desktop\FRST.txt
2014-06-11 18:14 - 2014-06-11 18:14 - 02081792 _____ (Farbar) C:\Users\lil nippers\Desktop\FRST64.exe
2014-06-10 22:07 - 2014-06-10 22:07 - 01673896 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-check-2.1.0.0002.exe
2014-06-10 21:12 - 2014-06-10 21:12 - 00000448 _____ () C:\windows\PFRO.log
2014-06-09 19:59 - 2014-06-11 18:15 - 00000000 ____D () C:\FRST
2014-06-09 19:57 - 2014-06-09 19:57 - 02080768 _____ (Farbar) C:\Users\lil nippers\Downloads\FRST64.exe
2014-06-08 22:27 - 2014-06-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-08 22:26 - 2014-06-08 22:26 - 04583424 _____ () C:\Users\lil nippers\Downloads\HPSupportSolutionsFramework.msi
2014-06-08 11:49 - 2014-06-10 21:13 - 00000168 _____ () C:\windows\setupact.log
2014-06-08 11:49 - 2014-06-08 11:49 - 00000000 _____ () C:\windows\setuperr.log
2014-06-04 21:01 - 2014-06-11 18:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 21:01 - 2014-06-04 21:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-01 16:38 - 2014-06-08 13:09 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-01 16:38 - 2014-06-06 21:12 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 16:38 - 2014-06-01 16:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 16:38 - 2014-06-01 16:38 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 16:38 - 2014-06-01 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 16:38 - 2014-06-01 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 16:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-01 16:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-01 16:33 - 2014-06-01 16:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 16:08 - 2014-06-01 16:08 - 04748896 _____ (Piriform Ltd) C:\Users\lil nippers\Downloads\ccsetup414.exe
2014-06-01 15:30 - 2014-06-01 15:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 14:07 - 2014-06-08 13:05 - 00000000 ____D () C:\windows\pss
2014-06-01 00:43 - 2014-06-11 18:09 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForlil nippers.job
2014-06-01 00:43 - 2014-06-01 00:43 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForlil nippers
2014-05-15 21:37 - 2014-05-15 21:37 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-13 22:01 - 2014-05-05 22:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-13 22:01 - 2014-05-05 22:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-13 22:01 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-13 22:01 - 2014-05-05 21:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-13 22:01 - 2014-05-05 21:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-13 22:01 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-13 21:55 - 2014-05-09 00:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-13 21:55 - 2014-05-09 00:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-13 21:55 - 2014-04-11 20:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-13 21:55 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-13 21:55 - 2014-04-11 20:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-13 21:55 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-13 21:55 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-13 21:55 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-13 21:55 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-13 21:55 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-13 21:55 - 2014-04-11 20:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-13 21:55 - 2014-03-24 20:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-13 21:55 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-13 21:55 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-13 21:55 - 2014-03-04 03:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-13 21:55 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-13 21:55 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-13 21:55 - 2014-03-04 03:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-13 21:55 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-13 21:55 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-13 21:55 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-13 21:55 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-13 21:55 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-13 21:45 - 2014-05-13 22:03 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Skype
2014-05-13 21:45 - 2014-05-13 21:45 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Skype
2014-05-13 21:43 - 2014-05-13 21:43 - 01677440 _____ (Skype Technologies S.A.) C:\Users\lil nippers\Downloads\SkypeSetup.exe
2014-05-12 22:36 - 2014-05-12 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-11 18:16 - 2014-06-11 18:15 - 00022463 _____ () C:\Users\lil nippers\Desktop\FRST.txt
2014-06-11 18:16 - 2013-02-01 16:06 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Temp
2014-06-11 18:15 - 2014-06-09 19:59 - 00000000 ____D () C:\FRST
2014-06-11 18:14 - 2014-06-11 18:14 - 02081792 _____ (Farbar) C:\Users\lil nippers\Desktop\FRST64.exe
2014-06-11 18:09 - 2014-06-04 21:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:09 - 2014-06-01 00:43 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForlil nippers.job
2014-06-11 18:09 - 2013-11-28 01:47 - 01944190 _____ () C:\windows\WindowsUpdate.log
2014-06-11 00:38 - 2013-02-15 11:54 - 00000000 ___RD () C:\Users\lil nippers\Dropbox
2014-06-11 00:38 - 2013-02-15 11:53 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Dropbox
2014-06-10 23:15 - 2014-01-12 00:49 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\DropboxMaster
2014-06-10 22:07 - 2014-06-10 22:07 - 01673896 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-check-2.1.0.0002.exe
2014-06-10 22:07 - 2013-02-11 16:55 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\CrashDumps
2014-06-10 21:21 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 21:21 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 21:19 - 2013-02-01 16:05 - 00003958 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D96ED468-9AD9-41B5-AFEB-1AB28B8042C9}
2014-06-10 21:13 - 2014-06-08 11:49 - 00000168 _____ () C:\windows\setupact.log
2014-06-10 21:13 - 2013-12-22 14:20 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\HTC MediaHub
2014-06-10 21:13 - 2012-04-19 18:51 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-10 21:13 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-10 21:12 - 2014-06-10 21:12 - 00000448 _____ () C:\windows\PFRO.log
2014-06-09 19:57 - 2014-06-09 19:57 - 02080768 _____ (Farbar) C:\Users\lil nippers\Downloads\FRST64.exe
2014-06-08 22:27 - 2014-06-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-08 22:26 - 2014-06-08 22:26 - 04583424 _____ () C:\Users\lil nippers\Downloads\HPSupportSolutionsFramework.msi
2014-06-08 13:09 - 2014-06-01 16:38 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-08 13:05 - 2014-06-01 14:07 - 00000000 ____D () C:\windows\pss
2014-06-08 11:49 - 2014-06-08 11:49 - 00000000 _____ () C:\windows\setuperr.log
2014-06-07 23:09 - 2013-04-17 21:18 - 00000000 ____D () C:\windows\Minidump
2014-06-06 21:12 - 2014-06-01 16:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 21:46 - 2013-02-05 16:45 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-05 21:45 - 2013-02-23 23:31 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-04 21:01 - 2014-06-04 21:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-04 21:01 - 2013-10-01 18:52 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-04 21:01 - 2013-10-01 18:52 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-01 21:22 - 2009-07-13 23:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-01 16:38 - 2014-06-01 16:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 16:38 - 2014-06-01 16:38 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 16:38 - 2014-06-01 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 16:38 - 2014-06-01 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 16:34 - 2014-06-01 16:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 16:09 - 2013-09-11 19:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 16:09 - 2013-09-11 19:04 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-06-01 16:09 - 2013-05-23 22:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 16:08 - 2014-06-01 16:08 - 04748896 _____ (Piriform Ltd) C:\Users\lil nippers\Downloads\ccsetup414.exe
2014-06-01 15:30 - 2014-06-01 15:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 13:31 - 2011-07-29 11:38 - 00000000 ____D () C:\SYSTEM.SAV
2014-06-01 13:20 - 2013-02-01 16:05 - 00000000 ____D () C:\Users\lil nippers
2014-06-01 13:08 - 2013-02-01 16:05 - 00000000 ___RD () C:\Users\lil nippers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-01 00:52 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-06-01 00:43 - 2014-06-01 00:43 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForlil nippers
2014-06-01 00:39 - 2012-10-24 00:37 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 00:38 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-01 00:37 - 2013-12-13 21:47 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-01 00:37 - 2013-10-12 15:55 - 00002205 _____ () C:\windows\wininit.ini
2014-06-01 00:31 - 2014-03-22 19:54 - 00001584 _____ () C:\windows\Sandboxie.ini
2014-06-01 00:28 - 2013-05-23 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 00:28 - 2013-02-01 22:09 - 00000000 ____D () C:\ProgramData\Norton
2014-06-01 00:28 - 2012-04-19 18:52 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-06-01 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2014-06-01 00:27 - 2013-10-06 00:51 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Conduit
2014-06-01 00:27 - 2013-02-01 16:48 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Mozilla
2014-05-19 01:21 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-05-17 13:53 - 2013-02-28 19:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 21:37 - 2014-05-15 21:37 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-05-15 21:37 - 2013-02-01 22:29 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-05-15 21:36 - 2013-09-17 22:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-15 21:36 - 2013-02-01 22:29 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-05-13 22:07 - 2013-02-01 22:52 - 00000258 __RSH () C:\Users\lil nippers\ntuser.pol
2014-05-13 22:07 - 2013-02-01 16:05 - 00000000 ___RD () C:\Users\lil nippers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-13 22:04 - 2014-04-22 20:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-13 22:03 - 2014-05-13 21:45 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Skype
2014-05-13 22:01 - 2013-07-09 22:41 - 00000000 ____D () C:\windows\system32\MRT
2014-05-13 21:57 - 2013-02-01 17:04 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-13 21:45 - 2014-05-13 21:45 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Skype
2014-05-13 21:43 - 2014-05-13 21:43 - 01677440 _____ (Skype Technologies S.A.) C:\Users\lil nippers\Downloads\SkypeSetup.exe
2014-05-12 22:36 - 2014-05-12 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-12 07:26 - 2014-06-01 16:38 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 16:38 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\lil nippers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hm_g5.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-01 17:34

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Very sorry for the delay.

Please read the following and post back the logs when ready and we'll see about getting you fixed up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you

Share this post


Link to post
Share on other sites

I completed all the steps.  My only deviation was that after running Rkill, I had to restart in order to run the MBAM Clean Removal Process, even though it said not to restart.  Hopefully that's okay.  Oh, & I haven't reactivated my premium MBAM license, just in case it goes away again.

 

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/16/2014 08:36:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\OBroker.exe (PID: 4648) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 06/16/2014 08:37:53 PM
Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/16/2014
Scan Time: 8:53:37 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.16.08
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lil nippers

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291998
Time Elapsed: 11 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

No report appears on my desktop from RogueKiller.

Share this post


Link to post
Share on other sites

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Share this post


Link to post
Share on other sites

Sorry for the slow response; it took much longer to run all those scans than I thought.

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by lil nippers on Tue 06/17/2014 at 22:38:32.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1967055466-1103849898-2557640459-1002\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\shoF29E.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\lil nippers\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\lil nippers\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ FireFox

Successfully deleted: [File] C:\Users\lil nippers\AppData\Roaming\mozilla\firefox\profiles\hketneyy.default-1371613521138\searchplugins\safesearch.xml
Successfully deleted the following from C:\Users\lil nippers\AppData\Roaming\mozilla\firefox\profiles\hketneyy.default-1371613521138\prefs.js

user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.swagbucks.com/\",\"title\":\"Earn Reward Points and Redeem Them For Free Stuff | Swagbucks\"}]");
user_pref("browser.startup.homepage", "www.swagbucks.com");
Emptied folder: C:\Users\lil nippers\AppData\Roaming\mozilla\firefox\profiles\hketneyy.default-1371613521138\minidumps [353 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/17/2014 at 22:45:32.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 22:53:07
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : lil nippers - LILNIPPERS
# Running from : C:\Users\lil nippers\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\lil nippers\AppData\Local\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\prefs.js ]


*************************

AdwCleaner[R0].txt - [13930 octets] - [04/10/2013 13:42:52]
AdwCleaner[R1].txt - [1208 octets] - [17/06/2014 22:51:22]
AdwCleaner[s0].txt - [13972 octets] - [04/10/2013 13:47:52]
AdwCleaner[s1].txt - [1020 octets] - [17/06/2014 22:53:07]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1080 octets] ##########
 

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/17/2014
Scan Time: 10:56:52 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.18.01
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lil nippers

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292805
Time Elapsed: 13 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ESET

 

C:\AdwCleaner\Quarantine\C\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\Extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Documents and Settings\lil nippers\Desktop\Old Firefox Data\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\Plugins\npConduitFirefoxPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Documents and Settings\lil nippers\Downloads\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup405(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup413.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\lil nippers\Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Desktop\Old Firefox Data\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\Plugins\npConduitFirefoxPlugin.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\lil nippers\Downloads\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup405(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup413.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\lil nippers\Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

 

 

Farbar Recovery Scan Tool

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by lil nippers (administrator) on LILNIPPERS on 18-06-2014 22:10:43
Running from C:\Users\lil nippers\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\lil nippers\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPUsageTrack.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-03-21] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-05-15] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-04-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Virtual Account Numbers] => C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe [435712 2013-10-09] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1967055466-1103849898-2557640459-1002\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-15] (Adobe Systems Incorporated)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138
FF DefaultSearchEngine: Swagbucks
FF SelectedSearchEngine: Swagbucks
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\searchplugins\mypoints-search.xml
FF SearchPlugin: C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\searchplugins\swagbucks.xml
FF Extension: WOT - C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-27]
FF Extension: Adblock Plus - C:\Users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-18]
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-06-18]
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2013-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-09]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-12-19] (Intel Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-03-21] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140618.001\IDSvia64.sys [525016 2014-05-30] (Symantec Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140618.016\ENG64.SYS [126040 2014-05-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140618.016\EX64.SYS [2099288 2014-05-31] (Symantec Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 21:45 - 2014-06-18 21:45 - 00004544 _____ () C:\Users\lil nippers\Desktop\eset.txt
2014-06-17 23:13 - 2014-06-17 23:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:55 - 2014-06-17 22:55 - 00001160 _____ () C:\Users\lil nippers\Desktop\AdwCleaner[s1].txt
2014-06-17 22:50 - 2014-06-17 22:50 - 01333465 _____ () C:\Users\lil nippers\Desktop\AdwCleaner.exe
2014-06-17 22:45 - 2014-06-17 22:45 - 00003092 _____ () C:\Users\lil nippers\Desktop\JRT.txt
2014-06-17 22:38 - 2014-06-17 22:38 - 00000000 ____D () C:\windows\ERUNT
2014-06-17 22:37 - 2014-06-17 22:37 - 01016261 _____ (Thisisu) C:\Users\lil nippers\Desktop\JRT.exe
2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-16 21:06 - 2014-06-16 21:07 - 05245952 _____ () C:\Users\lil nippers\Desktop\RogueKillerX64.exe
2014-06-16 20:50 - 2014-06-17 22:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 20:49 - 2014-06-16 20:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 20:49 - 2014-06-16 20:49 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 20:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-16 20:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-16 20:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-16 20:48 - 2014-06-16 20:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-16 20:42 - 2014-06-16 20:42 - 00315392 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-clean-2.0.2.0.exe
2014-06-16 20:39 - 2014-06-16 20:39 - 00000928 _____ () C:\Users\lil nippers\Desktop\NTREGOPT.lnk
2014-06-16 20:39 - 2014-06-16 20:39 - 00000909 _____ () C:\Users\lil nippers\Desktop\ERUNT.lnk
2014-06-16 20:39 - 2014-06-16 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 20:39 - 2014-06-16 20:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 20:38 - 2014-06-16 20:38 - 00791393 _____ (Lars Hederer ) C:\Users\lil nippers\Desktop\erunt-setup.exe
2014-06-16 20:36 - 2014-06-16 20:37 - 00002606 _____ () C:\Users\lil nippers\Desktop\Rkill.txt
2014-06-16 20:35 - 2014-06-16 20:36 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\lil nippers\Desktop\rkill.exe
2014-06-15 00:11 - 2014-06-15 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 18:15 - 2014-06-18 22:11 - 00021850 _____ () C:\Users\lil nippers\Desktop\FRST.txt
2014-06-11 18:14 - 2014-06-18 22:10 - 02082304 _____ (Farbar) C:\Users\lil nippers\Desktop\FRST64.exe
2014-06-10 22:07 - 2014-06-10 22:07 - 01673896 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-check-2.1.0.0002.exe
2014-06-10 21:12 - 2014-06-17 22:54 - 00016322 _____ () C:\windows\PFRO.log
2014-06-09 19:59 - 2014-06-18 22:10 - 00000000 ____D () C:\FRST
2014-06-09 19:57 - 2014-06-09 19:57 - 02080768 _____ (Farbar) C:\Users\lil nippers\Downloads\FRST64.exe
2014-06-08 22:27 - 2014-06-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-08 22:26 - 2014-06-08 22:26 - 04583424 _____ () C:\Users\lil nippers\Downloads\HPSupportSolutionsFramework.msi
2014-06-08 11:49 - 2014-06-18 20:28 - 00000784 _____ () C:\windows\setupact.log
2014-06-08 11:49 - 2014-06-08 11:49 - 00000000 _____ () C:\windows\setuperr.log
2014-06-04 21:01 - 2014-06-18 21:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 21:01 - 2014-06-04 21:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-01 16:33 - 2014-06-01 16:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 16:08 - 2014-06-01 16:08 - 04748896 _____ (Piriform Ltd) C:\Users\lil nippers\Downloads\ccsetup414.exe
2014-06-01 14:07 - 2014-06-08 13:05 - 00000000 ____D () C:\windows\pss
2014-06-01 00:43 - 2014-06-15 22:46 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForlil nippers.job
2014-06-01 00:43 - 2014-06-01 00:43 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForlil nippers

==================== One Month Modified Files and Folders =======

2014-06-18 22:11 - 2014-06-11 18:15 - 00021850 _____ () C:\Users\lil nippers\Desktop\FRST.txt
2014-06-18 22:10 - 2014-06-11 18:14 - 02082304 _____ (Farbar) C:\Users\lil nippers\Desktop\FRST64.exe
2014-06-18 22:10 - 2014-06-09 19:59 - 00000000 ____D () C:\FRST
2014-06-18 22:10 - 2013-02-15 11:53 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Dropbox
2014-06-18 21:45 - 2014-06-18 21:45 - 00004544 _____ () C:\Users\lil nippers\Desktop\eset.txt
2014-06-18 21:23 - 2014-01-12 00:49 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\DropboxMaster
2014-06-18 21:23 - 2013-02-15 11:54 - 00000000 ___RD () C:\Users\lil nippers\Dropbox
2014-06-18 21:22 - 2014-06-04 21:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 20:36 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 20:36 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 20:33 - 2013-11-28 01:47 - 01050396 _____ () C:\windows\WindowsUpdate.log
2014-06-18 20:29 - 2013-12-22 14:20 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\HTC MediaHub
2014-06-18 20:28 - 2014-06-08 11:49 - 00000784 _____ () C:\windows\setupact.log
2014-06-18 20:28 - 2012-04-19 18:51 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-18 20:28 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-17 23:13 - 2014-06-17 23:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-17 22:56 - 2014-06-16 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 22:55 - 2014-06-17 22:55 - 00001160 _____ () C:\Users\lil nippers\Desktop\AdwCleaner[s1].txt
2014-06-17 22:54 - 2014-06-10 21:12 - 00016322 _____ () C:\windows\PFRO.log
2014-06-17 22:53 - 2013-10-04 13:42 - 00000000 ____D () C:\AdwCleaner
2014-06-17 22:50 - 2014-06-17 22:50 - 01333465 _____ () C:\Users\lil nippers\Desktop\AdwCleaner.exe
2014-06-17 22:45 - 2014-06-17 22:45 - 00003092 _____ () C:\Users\lil nippers\Desktop\JRT.txt
2014-06-17 22:38 - 2014-06-17 22:38 - 00000000 ____D () C:\windows\ERUNT
2014-06-17 22:37 - 2014-06-17 22:37 - 01016261 _____ (Thisisu) C:\Users\lil nippers\Desktop\JRT.exe
2014-06-17 21:46 - 2013-02-01 16:05 - 00003958 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D96ED468-9AD9-41B5-AFEB-1AB28B8042C9}
2014-06-16 21:08 - 2014-06-16 21:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-16 21:07 - 2014-06-16 21:06 - 05245952 _____ () C:\Users\lil nippers\Desktop\RogueKillerX64.exe
2014-06-16 20:49 - 2014-06-16 20:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 20:49 - 2014-06-16 20:49 - 00001106 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 20:49 - 2014-06-16 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 20:48 - 2014-06-16 20:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-16 20:42 - 2014-06-16 20:42 - 00315392 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-clean-2.0.2.0.exe
2014-06-16 20:40 - 2013-10-04 12:47 - 00000000 ____D () C:\windows\erdnt
2014-06-16 20:40 - 2013-02-11 16:55 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\CrashDumps
2014-06-16 20:39 - 2014-06-16 20:39 - 00000928 _____ () C:\Users\lil nippers\Desktop\NTREGOPT.lnk
2014-06-16 20:39 - 2014-06-16 20:39 - 00000909 _____ () C:\Users\lil nippers\Desktop\ERUNT.lnk
2014-06-16 20:39 - 2014-06-16 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 20:39 - 2014-06-16 20:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 20:38 - 2014-06-16 20:38 - 00791393 _____ (Lars Hederer ) C:\Users\lil nippers\Desktop\erunt-setup.exe
2014-06-16 20:37 - 2014-06-16 20:36 - 00002606 _____ () C:\Users\lil nippers\Desktop\Rkill.txt
2014-06-16 20:36 - 2014-06-16 20:35 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\lil nippers\Desktop\rkill.exe
2014-06-15 22:46 - 2014-06-01 00:43 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForlil nippers.job
2014-06-15 00:11 - 2014-06-15 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 22:11 - 2013-02-05 16:45 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-12 22:10 - 2013-02-23 23:31 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 22:53 - 2014-03-22 19:54 - 00001584 _____ () C:\windows\Sandboxie.ini
2014-06-10 22:07 - 2014-06-10 22:07 - 01673896 _____ (Malwarebytes Corporation) C:\Users\lil nippers\Desktop\mbam-check-2.1.0.0002.exe
2014-06-09 19:57 - 2014-06-09 19:57 - 02080768 _____ (Farbar) C:\Users\lil nippers\Downloads\FRST64.exe
2014-06-08 22:27 - 2014-06-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-08 22:26 - 2014-06-08 22:26 - 04583424 _____ () C:\Users\lil nippers\Downloads\HPSupportSolutionsFramework.msi
2014-06-08 13:05 - 2014-06-01 14:07 - 00000000 ____D () C:\windows\pss
2014-06-08 11:49 - 2014-06-08 11:49 - 00000000 _____ () C:\windows\setuperr.log
2014-06-07 23:09 - 2013-04-17 21:18 - 00000000 ____D () C:\windows\Minidump
2014-06-04 21:01 - 2014-06-04 21:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-04 21:01 - 2013-10-01 18:52 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-04 21:01 - 2013-10-01 18:52 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-01 21:22 - 2009-07-13 23:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-01 16:34 - 2014-06-01 16:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lil nippers\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-01 16:09 - 2013-09-11 19:04 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 16:09 - 2013-09-11 19:04 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-06-01 16:09 - 2013-05-23 22:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 16:08 - 2014-06-01 16:08 - 04748896 _____ (Piriform Ltd) C:\Users\lil nippers\Downloads\ccsetup414.exe
2014-06-01 13:31 - 2011-07-29 11:38 - 00000000 ____D () C:\SYSTEM.SAV
2014-06-01 13:20 - 2013-02-01 16:05 - 00000000 ____D () C:\Users\lil nippers
2014-06-01 00:52 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-06-01 00:43 - 2014-06-01 00:43 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForlil nippers
2014-06-01 00:39 - 2012-10-24 00:37 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 00:38 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-01 00:37 - 2013-12-13 21:47 - 00000000 ____D () C:\Users\lil nippers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-01 00:37 - 2013-10-12 15:55 - 00002205 _____ () C:\windows\wininit.ini
2014-06-01 00:28 - 2013-05-23 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 00:28 - 2013-02-01 22:09 - 00000000 ____D () C:\ProgramData\Norton
2014-06-01 00:28 - 2012-04-19 18:52 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-06-01 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2014-06-01 00:27 - 2013-02-01 16:48 - 00000000 ____D () C:\Users\lil nippers\AppData\Local\Mozilla
2014-05-19 01:21 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache

Some content of TEMP:
====================
C:\Users\lil nippers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxlmj7.dll
C:\Users\lil nippers\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-13 21:17

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by lil nippers at 2014-06-18 22:11:44
Running from C:\Users\lil nippers\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{6C8684DD-B238-4806-9E93-BDD12CD11998}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{EC8D12E4-A73C-4C27-B1C7-E9683052E556}) (Version: 4.5.25.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.0.3384 - Hewlett-Packard) Hidden
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 7.0.1.1199 - Hewlett-Packard Company) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Virtual Account Numbers (HKLM-x32\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2248 - Citi)
Virtual Account Numbers (x32 Version: 1.0.6.0 - Citi) Hidden
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

22-05-2014 10:14:44 Scheduled Checkpoint
24-05-2014 20:36:56 Removed Skype Click to Call
24-05-2014 20:38:35 Removed Skype™ 6.16
01-06-2014 06:25:44 Restore Operation
01-06-2014 06:36:26 Removed Skype Click to Call
01-06-2014 06:39:01 Removed Skype™ 6.16
09-06-2014 04:26:59 Installed HP Support Solutions Framework

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-10-04 12:58 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {471FFEB4-124A-42AB-A103-FDA13EBAB872} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {6A88321D-433F-4F44-B9EF-4DC913E22171} - System32\Tasks\HPCeeScheduleForlil nippers => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6BDFEB87-B2D1-4F34-8E5A-FD9A7E64C267} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {8A67F4A2-A731-44F9-A405-82084123599F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {9D2C5B16-569E-4F53-8911-E3CA649BA812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BA106B07-646C-4138-9B3F-7547F7C191FF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CD305FF9-ED7F-44A9-B48B-52BDB31B4A04} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DF994D3A-D553-42E9-8ABA-5CBFC4133DE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E82BFE58-FE83-47E2-9718-0124663C7FEC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-04] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForlil nippers.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 17:57 - 2012-01-17 17:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 12:11 - 2013-03-27 12:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 03:03 - 2011-10-12 03:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 14:18 - 2010-09-06 14:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 11:28 - 2013-03-27 11:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-03-26 21:33 - 2012-03-26 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-02-10 15:26 - 2012-02-10 15:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-15 17:46 - 2013-11-15 17:46 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-15 17:47 - 2013-11-15 17:47 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-15 17:48 - 2013-11-15 17:48 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-03-27 11:54 - 2013-03-27 11:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 11:26 - 2013-03-27 11:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 11:52 - 2013-03-27 11:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 11:57 - 2013-03-27 11:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 11:55 - 2013-03-27 11:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 11:30 - 2013-03-27 11:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 11:31 - 2013-03-27 11:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-05-02 19:56 - 2013-10-07 13:31 - 00039424 _____ () C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
2014-02-11 22:50 - 2014-02-11 22:50 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-04-19 18:45 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-24 00:13 - 2013-12-19 23:53 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-04-08 10:16 - 2013-04-08 10:16 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-15 00:11 - 2014-06-15 00:11 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-18 21:23 - 2014-06-18 21:23 - 00043008 _____ () C:\Users\lil nippers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxlmj7.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\lil nippers\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\d6c2584e1532c4506eb2eaff913cae95.600x.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare (2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(4).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(5).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(10).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(11).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(12).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(13).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(14).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(15).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(16).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(17).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(18).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(19).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(20).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(21).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(22).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(23).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(24).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(25).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(26).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(27).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(28).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(29).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(5).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(6).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(7).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(8).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(9).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare.png:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 08:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 10:54:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/18/2014 09:49:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (06/18/2014 09:49:50 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (06/18/2014 08:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error:
%%2

Error: (06/17/2014 10:54:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (06/18/2014 08:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 10:54:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-10-04 12:57:38.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-04 12:57:38.739
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 3979.51 MB
Available physical RAM: 1341.26 MB
Total Pagefile: 7957.2 MB
Available Pagefile: 4945.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:276.04 GB) (Free:213.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.75 GB) (Free:3.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 49FF3189)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=276 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
fixlist.txt

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by lil nippers at 2014-06-19 21:09:36 Run:1
Running from C:\Users\lil nippers\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\lil nippers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxlmj7.dll
C:\Users\lil nippers\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\d6c2584e1532c4506eb2eaff913cae95.600x.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare (2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(4).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(5).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(10).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(11).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(12).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(13).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(14).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(15).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(16).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(17).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(18).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(19).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(20).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(21).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(22).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(23).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(24).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(25).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(26).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(27).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(28).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(29).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(2).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4)(1).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(5).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(6).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(7).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(8).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare(9).png:com.dropbox.attributes
AlternateDataStreams: C:\Users\lil nippers\Dropbox\Documents\PhotoShare.png:com.dropbox.attributes
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
"C:\Users\lil nippers\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxlmj7.dll" => File/Directory not found.
C:\Users\lil nippers\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\lil nippers\Dropbox\Documents\d6c2584e1532c4506eb2eaff913cae95.600x.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare (2).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(1).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(2).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(3).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(4).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1)(5).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(1).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(10).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(11).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(12).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(13).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(14).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(15).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(16).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(17).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(18).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(19).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(1).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(2).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2)(3).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(2).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(20).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(21).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(22).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(23).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(24).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(25).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(26).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(27).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(28).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(29).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(1).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3)(2).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(3).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4)(1).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(4).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(5).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(6).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(7).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(8).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare(9).png => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\lil nippers\Dropbox\Documents\PhotoShare.png => ":com.dropbox.attributes" ADS removed successfully.
CouponPrinterService => Service deleted successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

ComboFix 14-06-19.01 - lil nippers 06/20/2014  17:52:55.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3980.2377 [GMT -6:00]
Running from: c:\users\lil nippers\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-21 to 2014-06-21  )))))))))))))))))))))))))))))))
.
.
2014-06-21 00:03 . 2014-06-21 00:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-21 00:03 . 2014-06-21 00:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-18 05:13 . 2014-06-18 05:13    --------    d-----w-    c:\program files (x86)\ESET
2014-06-18 04:38 . 2014-06-18 04:38    --------    d-----w-    c:\windows\ERUNT
2014-06-17 03:08 . 2014-06-17 03:08    --------    d-----w-    c:\programdata\RogueKiller
2014-06-17 02:50 . 2014-06-20 23:31    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-17 02:49 . 2014-06-17 02:49    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-17 02:49 . 2014-06-17 02:49    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-17 02:49 . 2014-05-12 13:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-17 02:49 . 2014-05-12 13:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-17 02:49 . 2014-05-12 13:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-17 02:39 . 2014-06-17 02:39    --------    d-----w-    c:\program files (x86)\ERUNT
2014-06-10 01:59 . 2014-06-20 03:09    --------    d-----w-    C:\FRST
2014-06-09 04:27 . 2014-06-09 04:27    --------    d-----w-    c:\program files (x86)\Hp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 03:01 . 2013-10-02 00:52    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-05 03:01 . 2013-10-02 00:52    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 03:57 . 2013-02-01 23:04    93223848    ----a-w-    c:\windows\system32\MRT.exe
2014-05-09 06:14 . 2014-05-14 03:55    477184    ----a-w-    c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 03:55    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-05-06 04:40 . 2014-05-14 04:01    23544320    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-06 04:17 . 2014-05-14 04:01    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-06 03:07 . 2014-05-14 04:01    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-06 03:00 . 2014-05-14 04:01    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-04-12 02:22 . 2014-05-14 03:55    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 03:55    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 03:55    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 03:55    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 03:55    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 03:55    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 03:55    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 03:55    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 03:55    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-04-02 00:05 . 2014-04-02 00:06    659440    ----a-w-    c:\windows\couponprinter_x64.ocx
2014-04-02 00:05 . 2014-04-02 00:06    444912    ----a-w-    c:\windows\CouponPrinter.ocx
2014-03-25 02:43 . 2014-05-14 03:55    14175744    ----a-w-    c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-03-01 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-05-15 290688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-08-07 12313720]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2013-06-05 683656]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2013-04-23 185144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2013-10-09 435712]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-07-31 337184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19    75648    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1503000.00C\ccSetx64.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 03:01]
.
2014-06-20 c:\windows\Tasks\HPCeeScheduleForlil nippers.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\lil nippers\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-03-22 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2014-05-28 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\lil nippers\AppData\Roaming\Mozilla\Firefox\Profiles\hketneyy.default-1371613521138\
FF - prefs.js: browser.search.selectedEngine - Swagbucks
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-MfeEpePcMonitor - c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.3.0.12;c:\program files (x86)\Norton 360\Engine64\21.3.0.12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-20  18:07:41
ComboFix-quarantined-files.txt  2014-06-21 00:07
.
Pre-Run: 231,637,041,152 bytes free
Post-Run: 231,040,675,840 bytes free
.
- - End Of File - - A6C5341D2B8B1B817A1E7E49D982A593
 

Share this post


Link to post
Share on other sites

So how is the computer running now?

Are there anymore BSOD or signs of an infection or issues with MBAM running?

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Share this post


Link to post
Share on other sites

No, no more BSODs.  Aside from not being able to run MBAM, I never did notice anything wrong with my computer.  It's running the same now as it did before.  I haven't run any MBAM scans (or any other scans) so I can only assume that it's working correctly.  It hasn't disappeared from my notification area, though.

 

May I ask what you found wrong with my computer?  If I understand correctly, you don't use ComboFix unless other things haven't worked, so I'm pretty concerned about what might have been wrong.

 

Here is the log.

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

Your computer was mainly infected with Conduit which is classified as a PUP (Possibly Unwanted Program) but often I've seen computers with that infection also end up getting rootkits so I ran CF to make sure it too found nothing. Its a very good tool at finding and fixing things.

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove anything found.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Share this post


Link to post
Share on other sites

Thank you for explaining that!

 

Here is the log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2014
Scan Time: 10:13:53 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lil nippers

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304552
Time Elapsed: 12 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Great, At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Share this post


Link to post
Share on other sites

Awesome!  Thank you so much!

 

The only problem I've had is my Flash Player crashing all the time & Firefox eating up lots of memory, but I don't think those are malware problems.

 

I do have MBAM Premium, & I'm glad to have it working again.

 

It's okay to do Windows Updates, Flash updates, run CCleaner, etc. now, right?

Share this post


Link to post
Share on other sites

Great!  I did the Windows Updates & removed Flash.  Everything seems to be working fine!  Thank you again.

Share this post


Link to post
Share on other sites

Oh, I have to take it back...My IE is not working at all.  I don't even get an error message.  It won't navigate to ANY page at all.  It's just a white page.

 

My Firefox is working fine, so I don't think it's an internet problem.  Is there some setting I need to change back?  I tried restarting with no luck.

Share this post


Link to post
Share on other sites

I uninstalled it & reinstalled it before you replied.  Seems to be working now.  Not sure what the problem was.  Thank you anyway.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

At the request of the member, this topic is re-opened for further research...please carry on.

Share this post


Link to post
Share on other sites

Hi, I still need some help with this issue.  I have had 2 more BSOD instances, & my MBAM is not running again.  I saved the logs to my desktop in case they are needed.  Please advise.  Thank you!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.