Jump to content

cannot resolve lpmxp malware issue


Recommended Posts

Hello,

 

The other night I noticed the "your web browser is not up to date, please install a new version" page on my internet explorer coming from a lpmxp2124.com website. I knew something was off, especially because I never opened IE. Every since this has occured, the sound on my computer is butchered as if someone else has access and the system is running much slower than usual. I tried to remove using malwarebytes, and tried to identify processes, files, and keys associated with lpmxp but haven't found any. I have seen people online with similar problems, but there does not appear to be an easy fix or identifiable files to get rid of the problem. While I am no longer being redirected to the page, the system performance is still off.

 

If anyone has helpful tips to fix my problem, please let me know! I appreciate any suggestions in advance! Thanks

 

Link to post
Share on other sites

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:
  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.
  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.


warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



51a612a8b27e2-Zoek.png Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


Cheers,
Naat :)
Link to post
Share on other sites

Hello Naat, sorry about that. You can call me Lance. Here is the zoek-results 

 

 
Zoek.exe v5.0.0.0 Updated 19-08-2014
Tool run by Q on Wed 08/20/2014 at 11:59:45.78.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Q\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
8/20/2014 12:01:05 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
Adobe Flash Player 14 Plugin  
Adobe Reader XI (11.0.08)  
Adobe Shockwave Player 11.6  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
AuthenTec TrueAPI 64-bit  
Bonjour  
CyberLink YouCam  
D3DX10  
Energy Star  
Google Chrome  
Google Update Helper  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP 3D DriveGuard  
HP CoolSense  
HP Customer Experience Enhancements  
HP Documentation  
HP Quick Start  
HP Recovery Manager  
HP Registration Service  
HP SimplePass  
HP Support Assistant  
HP Utility Center  
HP Wireless Button Driver  
IDT Audio  
Intel® Management Engine Components  
Intel® PRO/Wireless Driver  
Intel® Processor Graphics  
Intel® PROSet/Wireless Software for Bluetooth® Technology  
Intel® Rapid Storage Technology  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel® Smart Connect Technology 4.0 x64  
Intel® Update Manager  
Intel® WiDi  
Intelr PROSet/Wireless Software  
Intelr PROSet/Wireless WiFi Software  
Intelr Trusted Connect Service Client  
iTunes  
Malwarebytes Anti-Malware version 2.0.2.1012  
MATLAB R2012b  
McAfee Security Scan Plus  
Microsoft Application Error Reporting  
Microsoft Office 365 Home Premium - en-us  
Microsoft Silverlight  
Microsoft SkyDrive  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Movie Maker  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
NVIDIA Control Panel 331.65  
NVIDIA Graphics Driver 331.65  
NVIDIA Install Application  
NVIDIA Optimus 1.11.3  
NVIDIA PhysX  
NVIDIA PhysX System Software 9.12.1031  
NVIDIA Update 1.11.3  
NVIDIA Update Components  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
Photo Common  
Photo Gallery  
Polar FlowSync 1.0.2  
QuickTime 7  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Seagate Dashboard 2.0  
Sharepod 4.0.1.0  
swMSM  
Synaptics ClickPad Driver  
Validity WBF DDK  
Widevine Media Optimizer IE 6.0.0  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
 
==== Running Processes ======================
 
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Users\Q\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 12221 MB
CPU Info: Intel® Core i7-4700MQ CPU @ 2.40GHz
CPU Speed: 2395.0 MHz
Sound Card: Speakers / HP (IDT High Definit | 
Communication Headphones (IDT H | 
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | NVIDIA GeForce GT 740M
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth Device (Personal Area Network) | Realtek PCIe GBE Family Controller | Intel® Centrino® Wireless-N 2230
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  913.5GB | D:  16.8GB
Hard Disks - Free: C:  796.5GB | D:  1.7GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: US Mountain Standard Time
Motherboard *: Hewlett-Packard 1963
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.143
Internet Explorer Version: 11.0.9600.17239 
Google Chrome version: 36.0.1985.143
Adobe Reader version: 11.0.8.4
Flash Player version: 14.0.0.179
Shockwave Player version: 11.6.6r636
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\Q\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-08-15 16:18:45 128EC9879D462F89829E663417FE5DBD 710144 ----a-w- C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-15 16:18:44 2C01D8EA2B0FA834597FCD96AAAE4F52 406400 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-15 16:18:40 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-15 16:18:40 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-15 16:18:39 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-15 16:18:39 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-15 16:18:38 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-15 16:18:36 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-15 16:18:36 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-15 16:18:35 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-15 16:18:35 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-15 16:18:28 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-15 16:18:28 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-15 16:18:27 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-15 16:18:16 030041C8800A1781134B6EC3E3EF3F9C 291840 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-15 16:18:15 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2014-08-15 16:18:14 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:18:14 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-15 16:18:13 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-15 16:17:21 38045850ACB96313A1983A8803302906 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-15 16:13:43 FBE8AE41ED2A9FE4C2DE069C522CA9C0 12711424 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 16:13:41 854E970293BA92F9BB69FFD1CE051D9C 189016 ----a-w- C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-15 16:13:40 684CF6A72A8DF7D66D262AC4A6E07845 270848 ----a-w- C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 16:13:37 16CDD058883E38FB43D582FB080F721A 2318336 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2014-08-15 16:13:36 F8D0951A75826AD557CFAC323A936AA6 281088 ----a-w- C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-15 16:13:36 86DB4BA87BAF3D467D04821602E586A9 3304448 ----a-w- C:\WINDOWS\SysWOW64\msi.dll
2014-08-15 16:13:35 DB3ED0BA26D7C598481A23E7D06A370E 2344448 ----a-w- C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-15 16:13:34 DBC4D46A7DDC14D1D1ED4B613F9E41A4 1064448 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-15 16:13:18 949E0E42DAAD0418513B44C31A697CA5 1797896 ----a-w- C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-15 16:13:18 5BD2BD14753D3B0ADDE842CDF25A4C60 2144984 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-15 16:13:14 1E14463F10B324B02EB2DA7415345D15 1473080 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-15 16:13:13 E65B5352AD0743F1F59BDA9466719EFE 265216 ----a-w- C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-15 16:13:13 E28501E3A241DDC5DC65382E55661B1D 285696 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-15 16:13:11 EA15CC7B75A2DE287E3B0C266A35490C 235008 ----a-w- C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-15 16:13:11 E4783EB6A6B2D04F3B541B378E843617 229888 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-15 16:13:09 0CCDFED2DFCD4FBA73EE989249379458 52736 ----a-w- C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-15 16:13:08 A750BB0258ECF6265A903905A0B14EB3 198656 ----a-w- C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-15 16:13:07 BA6E52B0D82682EDE4B49D9CCC7D529B 207360 ----a-w- C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-15 16:13:07 855D508F0053CEDC3BBAF2CB245A674A 1035264 ----a-w- C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-15 16:13:07 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-15 16:13:06 BEA7A26C2C22381B6DD88758352B9D9B 62976 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-15 16:13:06 57E0A896C38C41C8B5B7F3127F8FD0D9 56320 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-15 16:13:05 191B7F25BE13D9F9E56B2B4EA595AC62 11776 ----a-w- C:\WINDOWS\SysWOW64\d3d8thk.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-08-20 17:15:16 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\WINDOWS\Sysnative\WPRO_41_2001woem.tmp
2014-08-16 01:46:22 00AD15C6BA3C337CB68A476C0AD05338 918528 ----a-w- C:\WINDOWS\Sysnative\MrmCoreR.dll
2014-08-15 16:18:46 1BB9CC78C91536CBA7B04B61ED0F85C4 1273184 ----a-w- C:\WINDOWS\Sysnative\rpcrt4.dll
2014-08-15 16:18:44 59EAFAE3A34B4925990A2E679CA91C5B 517528 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2014-08-15 16:18:44 454978FB3D24DE5C4199162D5F81FBEE 2133504 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2014-08-15 16:18:39 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2014-08-15 16:18:39 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll
2014-08-15 16:18:38 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl
2014-08-15 16:18:37 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2014-08-15 16:18:36 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\WINDOWS\Sysnative\dxtmsft.dll
2014-08-15 16:18:36 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2014-08-15 16:18:34 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll
2014-08-15 16:18:33 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll
2014-08-15 16:18:33 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll
2014-08-15 16:18:32 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll
2014-08-15 16:18:32 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2014-08-15 16:18:30 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-08-15 16:18:16 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2014-08-15 16:18:16 38D14F3D0A289050CA9BF8E98F37313F 333312 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll
2014-08-15 16:18:15 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe
2014-08-15 16:18:15 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\WINDOWS\Sysnative\JavaScriptCollectionAgent.dll
2014-08-15 16:18:14 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll
2014-08-15 16:18:13 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2014-08-15 16:17:21 6DBE73C09215E281F4283641144110A5 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2014-08-15 16:13:45 50A49F3F16EF82E30BFB11E6B6A8F4A6 16871936 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2014-08-15 16:13:41 313117AE2B0986ED7D3AA6AE10603239 216368 ----a-w- C:\WINDOWS\Sysnative\rsaenh.dll
2014-08-15 16:13:40 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\WINDOWS\Sysnative\WUDFHost.exe
2014-08-15 16:13:40 9CDC2059A23E3C9B57696178508777E7 99840 ----a-w- C:\WINDOWS\Sysnative\WUDFSvc.dll
2014-08-15 16:13:40 42D257559F97B30A94A027EB4555C62F 323584 ----a-w- C:\WINDOWS\Sysnative\DaOtpCredentialProvider.dll
2014-08-15 16:13:40 1A54E3DF2CBB8DBE8A17C87BB07E3A7E 209408 ----a-w- C:\WINDOWS\Sysnative\WUDFPlatform.dll
2014-08-15 16:13:40 08DCA300264238F9AE941302321F3D54 423768 ----a-w- C:\WINDOWS\Sysnative\hal.dll
2014-08-15 16:13:37 68F887EF33C09CDA957A51ECE871D642 2642944 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2014-08-15 16:13:36 28E0C3AAA68579ABD9A27B92DFD5F119 2790912 ----a-w- C:\WINDOWS\Sysnative\msi.dll
2014-08-15 16:13:36 10D8859CF01C1284603582ABD9B0482C 114520 ----a-w- C:\WINDOWS\Sysnative\consent.exe
2014-08-15 16:13:36 08914C8989AB93F5EC3A452D014E2C8D 356352 ----a-w- C:\WINDOWS\Sysnative\msihnd.dll
2014-08-15 16:13:35 E7DE316FEEFC79327CFAD8F527979CC0 3118080 ----a-w- C:\WINDOWS\Sysnative\Wpc.dll
2014-08-15 16:13:35 E2F4125BFAC99244088324A1841C0B83 3048880 ----a-w- C:\WINDOWS\Sysnative\WpcMon.exe
2014-08-15 16:13:35 6BC31FB4E24A962C98801D3687A984C0 2861056 ----a-w- C:\WINDOWS\Sysnative\WpcWebSync.dll
2014-08-15 16:13:34 A39C4AB750E0AD4431C7B7F46AB0EBED 4148224 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2014-08-15 16:13:34 87CEF71F9D5951C9379D2F956C07C37D 1336624 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll
2014-08-15 16:13:33 F381B380B7B2704EA4C0F8D8C49C1C50 623616 ----a-w- C:\WINDOWS\Sysnative\MDMAgent.exe
2014-08-15 16:13:32 BCCFB97B1B68DD18F2BDACFE37409386 716800 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll
2014-08-15 16:13:32 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe
2014-08-15 16:13:32 04142EC4BDD7F502922914F65A5EE1D1 4756992 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll
2014-08-15 16:13:18 C1E44A99F7CF8C3A08CD5ADDF451636C 2125344 ----a-w- C:\WINDOWS\Sysnative\d3d9.dll
2014-08-15 16:13:16 0CD0356C5BBCFDC1B7BCEEDE74AB348B 2140888 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2014-08-15 16:13:15 EA432A85ABF371E14FB364D5F4405897 403968 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll
2014-08-15 16:13:15 B6E947CE54A5AAD55484E0D3BC2D5948 1025536 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2014-08-15 16:13:15 98D0985521BF8F7086EA9C860898A1EE 721408 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2014-08-15 16:13:14 D71845D255EA3FDC96A2DED98EE4C7D9 2844160 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2014-08-15 16:13:14 CED9FA1ECCF3E6B7028940FE22C69B40 1726224 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2014-08-15 16:13:14 05DE04005CE0D84D0E6AD21CAEB369C6 353280 ----a-w- C:\WINDOWS\Sysnative\dhcpcore.dll
2014-08-15 16:13:13 6B374D279DC423FE69DB8DD1401E84FC 301056 ----a-w- C:\WINDOWS\Sysnative\framedynos.dll
2014-08-15 16:13:13 61FE99A86352AD6E27FA480CDC8B225A 285696 ----a-w- C:\WINDOWS\Sysnative\SkyDriveShell.dll
2014-08-15 16:13:11 E07C80468D0C599BFF01D9D4EC7AEDC3 339456 ----a-w- C:\WINDOWS\Sysnative\bdesvc.dll
2014-08-15 16:13:11 10AC9494ECE22A2362E4E4D98C528D01 271872 ----a-w- C:\WINDOWS\Sysnative\dhcpcore6.dll
2014-08-15 16:13:10 20FB137ADDE1255F15F265A7BD9579BE 827392 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL
2014-08-15 16:13:10 1824052F17B12B5D7B21445B869EE9F2 71168 ----a-w- C:\WINDOWS\Sysnative\ncobjapi.dll
2014-08-15 16:13:09 FBB1841434072FFA76E4AD287448E34A 262656 ----a-w- C:\WINDOWS\Sysnative\framedyn.dll
2014-08-15 16:13:09 6CDCCD5323EEB8EBD66E02CB8C9C703F 118272 ----a-w- C:\WINDOWS\Sysnative\winbici.dll
2014-08-15 16:13:08 D261A12A43D33122CB90E70D3BC1CC68 226816 ----a-w- C:\WINDOWS\Sysnative\WebClnt.dll
2014-08-15 16:13:08 7E1EBDB3424337ABB553F249A7811D94 87552 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc.dll
2014-08-15 16:13:08 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\WINDOWS\Sysnative\Robocopy.exe
2014-08-15 16:13:07 DEA76F90F9777E3427D70E380222B23B 1063424 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL
2014-08-15 16:13:07 D3883FBCA97D10C8A39632D6CDDC6E85 65024 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc6.dll
2014-08-15 16:13:07 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\WINDOWS\Sysnative\BulkOperationHost.exe
2014-08-15 16:13:05 B7CC32E00C5C5152D221DF182827F58E 50745 ----a-w- C:\WINDOWS\Sysnative\srms.dat
2014-08-15 16:13:05 71BAEAFD05B3040173F5BBEA2CFE9607 997888 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
====== C:\WINDOWS\Sysnative\drivers =====
2014-08-20 18:36:17 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-20 18:35:43 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-08-20 18:35:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-08-20 18:35:43 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-08-15 16:18:44 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-08-15 16:17:25 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys
2014-08-15 16:13:42 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-08-15 16:13:41 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 ----a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys
2014-08-15 16:13:41 93435654DCA210298BA0F986EB51C679 419672 ----a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys
2014-08-15 16:13:41 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys
2014-08-15 16:13:40 D79920BE4E6683D3AB50F71457A4F6C6 27480 ----a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys
2014-08-15 16:13:40 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys
2014-08-15 16:13:40 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-08-15 16:13:40 48BA326A3DBA5B5BEB5F2777F4618696 89944 ----a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys
2014-08-15 16:13:40 064260B3A5868AC894A4943543BC7AB7 37376 ----a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys
2014-08-15 16:13:13 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-08-15 16:13:10 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys
2014-08-15 16:13:08 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\WINDOWS\Sysnative\drivers\vwifimp.sys
2014-08-15 16:13:06 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\WINDOWS\Sysnative\drivers\vwififlt.sys
====== C:\WINDOWS\Tasks ======
2014-08-20 16:24:32 9CCBCD6AFA850605745BB8A42B9A05D4 3870 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-08-20 16:24:32 693C9CBA769B4C432CA22C91CFB06840 898 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 16:24:32 64DE38EF4BD9610460AFAF88DE13D5BA 3634 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-08-20 16:24:32 5D9F4D12CDB0EBB20F2FDF17D73D289A 894 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 02:35:37 C5AD196CE3649B9CFFBA552B5A8FF214 3188 ----a-w- C:\WINDOWS\Sysnative\Tasks\HPCeeScheduleForQSPC$
2014-07-26 02:35:37 911E1E6FE729D6710513C74402A90A78 352 ----a-w- C:\WINDOWS\Tasks\HPCeeScheduleForQSPC$.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-20 16:24:28 -------- d-----w- C:\PROGRA~2\Google
======= C: =====
====== C:\Users\Q\AppData\Roaming ======
2014-08-20 07:16:17 -------- d-----w- C:\Users\Q\AppData\Roaming\IDT
2014-07-26 02:35:31 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Hewlett-Packard
====== C:\Users\Q ======
2014-08-20 18:34:28 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Q\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-20 18:33:11 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Q\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-20 16:25:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-20 16:23:57 E87E6872A387665E067F5BC572DD2026 895120 ----a-w- C:\Users\Q\Downloads\ChromeSetup.exe
2014-08-20 16:01:53 E960C16E42BD9A3D0BC6123CD0887F01 1361671 ----a-w- C:\Users\Q\Downloads\adwcleaner_3.307.exe
2014-08-20 15:54:51 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-08-20 14:58:47 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Q\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 02:34:02 4C2A1DF3A8AD0FDF829AD6BD1FF88E56 29553288 ----a-w- C:\Users\Q\Downloads\FreeYouTubeToMP3Converter(1).exe
 
====== C: exe-files ==
2014-08-20 16:24:31 E87E6872A387665E067F5BC572DD2026 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-08-20 16:24:31 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-08-20 16:24:31 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-08-20 16:24:30 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-08-20 16:24:28 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-08-20 16:24:28 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-08-20 16:24:28 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-08-20 16:24:28 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-08-19 18:00:08 F157D08FD3EA1CAE564325F09C602FD1 838848 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officec2rclient.exe
2014-08-19 18:00:08 BAF12796292BDE195348C94BC53EDA09 2356912 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\officeclicktorun.exe
2014-08-19 18:00:08 AC1FE6589C5C25530874E4A93E9F9CE2 824552 ----a-w- C:\Program Files\Microsoft Office 15\Data\ClientUpdateDir\integratedoffice.exe
2014-08-15 16:18:38 7D709E893B53092E3F5995FF5C3061E2 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-08-15 16:18:37 E8F1154367F708BD9E5BFD6A2112B4D3 810128 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2014-08-20 18:36:17 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-20 18:35:43 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-20 18:35:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-20 18:35:43 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-20 16:52:34 96C375C3008CD53BEA364A99F611109B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4128545975-372182933-1264625623-1002\$IJAD2BI.zip
2014-08-20 16:51:57 59F2F74BA00C35BBF1935B403A8430E1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4128545975-372182933-1264625623-1002\$IJWCTVM.zip
2014-08-15 16:18:44 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-15 16:17:25 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-08-15 16:13:42 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-08-15 16:13:41 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-08-15 16:13:41 93435654DCA210298BA0F986EB51C679 419672 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-08-15 16:13:41 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-08-15 16:13:40 D79920BE4E6683D3AB50F71457A4F6C6 27480 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-08-15 16:13:40 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-08-15 16:13:40 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2014-08-15 16:13:40 48BA326A3DBA5B5BEB5F2777F4618696 89944 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-08-15 16:13:40 064260B3A5868AC894A4943543BC7AB7 37376 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-08-15 16:13:34 A39C4AB750E0AD4431C7B7F46AB0EBED 4148224 ----a-w- C:\Windows\System32\win32k.sys
2014-08-15 16:13:13 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-08-15 16:13:10 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\Windows\System32\drivers\agilevpn.sys
2014-08-15 16:13:08 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\Windows\System32\drivers\vwifimp.sys
2014-08-15 16:13:06 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\Windows\System32\drivers\vwififlt.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-4128545975-372182933-1264625623-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Q\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe"
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"DBAgent"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe /WinStart"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Q\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe"
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"
 
==== Startup Folders ======================
 
2013-08-26 03:28:34 1102 ----a-w- C:\Users\Q\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
2013-07-02 16:56:13 2061 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
2013-10-10 12:02:21 1954 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/20/2014 09:24 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/20/2014 09:24 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4128545975-372182933-1264625623-1002Core.job --a-------- C:\Users\Q\AppData\Local\Google\Update\GoogleUpdate.exe [12/15/2013 09:44 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4128545975-372182933-1264625623-1002UA.job --a-------- [undetermined Task]
C:\WINDOWS\tasks\HPCeeScheduleForQ.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]
C:\WINDOWS\tasks\HPCeeScheduleForQSPC$.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]
C:\WINDOWS\tasks\MATLAB R2012b Startup Accelerator.job --a-------- C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [07/20/2012 07:59 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4128545975-372182933-1264625623-1002Core" [C:\Users\Q\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4128545975-372182933-1264625623-1002UA" [C:\Users\Q\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForQ" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForQSPC$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\WINDOWS\SysNative\tasks\MATLAB R2012b Startup Accelerator" [C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe]
"C:\WINDOWS\SysNative\tasks\Q DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C74434DE-766B-4F6E-8426-3D1CDA8D2CC0}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_toastNotify.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 03:36 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Q\AppData\Roaming\Mozilla\Firefox\Profiles\4vslm6dw.default
- Widevine Media Optimizer - %ProfilePath%\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
- WebSlingPlayer - %ProfilePath%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Q\AppData\Roaming\Mozilla\Firefox\Profiles\4vslm6dw.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Users\Q\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
4A270804DC8AB72DCB4F694D050A3517 - C:\Users\Q\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll - Widevine Media Optimizer
3ADEB04F410DC57CBA0F33B25E570080 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
DAD55CEF682EAE6FA7B4C9487563A496 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
hmbkhknacohfhbmmpnmbkgdffdbildof - C:\Program Files (x86)\HP SimplePass\tschrome.crx[12/12/2012 09:31 PM]
 
Google Docs - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Website Logon - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof
Google Wallet - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Q\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://espn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Wed 08/20/2014 at 12:08:37.39 ======================
 
 
 
and here are the results from the malwarebytes 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/20/2014
Scan Time: 11:37:25 AM
Logfile: malwarebytesscanlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.20.07
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Q
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345303
Time Elapsed: 20 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

You are running a 64-bit OS, so I'm gonna need another reports. And no worries about attaching, my friend.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.