Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all 2798 articles
Browse latest View live

Daily pop-up tab in Firefox

September 23, 2014, 5:43 am
$
0
0
Since mid August, my laptop at work has his pop-up in the form of a new tab in Firefox. It displays advertisement for PC repair (Tuneuppro, Avanquest,…) or reduction vouchers for Delhaize,…. The pop-up only shows after a restart of the computer or a log off; it does not appear after e.g. a lock of the laptop. There’s no other negative effect from it, so far.

I’ve tried Spybot S&D, CCleaner, and check of installed software and extensions. There’s nothing there that seems to be related.
I did a check on the internet for this adware, but most seem to focus on the specific pop-up (so only on Tuneuppro, or only on Avanquest), whereas -at least to me- there seems to be something larger behind it that can launch any of these pop-ups.

I add here the the extract from DSS, and attach requested zip file. Hopefully you can help me! Many thanks!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by janjans at 14:03:58 on 2014-09-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5455 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\janjans\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\janjans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\janjans\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 193.190.230.21 193.190.144.19
TCP: Interfaces\{9E858657-0A14-4297-BFCB-6BAABC4C5959} : DHCPNameServer = 193.190.230.21 193.190.144.19
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D} : DHCPNameServer = 193.190.230.21 193.190.144.19
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D}\25F424D25487475627E616C6 : DHCPNameServer = 193.190.230.21 193.190.144.19
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D}\25F424D27457563747 : DHCPNameServer = 192.168.188.1 193.190.230.21
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D}\25F424D294E6475627E616C6 : DHCPNameServer = 193.190.230.21 193.190.144.19
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D}\543575751303 : DHCPNameServer = 8.8.8.8 195.130.130.11
TCP: Interfaces\{CD013A76-DC2A-43FD-A97D-37D6F868DB1D}\77D6F6D2075726C69636 : DHCPNameServer = 193.5.23.1 212.121.128.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\janjans\AppData\Roaming\Mozilla\Firefox\Profiles\3lwt4ytm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.astro.oma.be/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\janjans\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Users\janjans\AppData\Roaming\Blue Jeans\bjnplugin\2.4.143.8\npbjninstallplugin_2.4.143.8.dll
FF - plugin: C:\Users\janjans\AppData\Roaming\Blue Jeans\bjnplugin\2.4.143.8\npbjnplugin_2.4.143.8.dll
FF - plugin: C:\Users\janjans\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=008edbb00000000000004ceb429d4a41&q=
FF - user.js: extensions.BabylonToolbar.id - 008edbb00000000000004ceb429d4a41
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15610
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1215:58:23
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110823&tt=120912_pcp_3912_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2012-6-5 27264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-4-8 30496]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-6-5 379520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-1 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-10 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-5 2656280]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-6-5 16768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-10 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-14 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-14 169584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-8-19 110336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-2-18 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-15 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-8-19 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-15 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
.
=============== Created Last 30 ================
.
2014-09-22 11:00:43 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669ABF25-4FD6-4796-B8C0-81381CF66CFA}\offreg.dll
2014-09-22 10:57:37 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669ABF25-4FD6-4796-B8C0-81381CF66CFA}\mpengine.dll
2014-09-22 05:55:04 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-16 19:28:00 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CD5A3EE-82AF-46B7-A078-AC2860705FB1}\gapaengine.dll
2014-09-15 05:46:50 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-12 09:16:09 -------- d-----w- C:\Users\janjans\AppData\Local\WebEx
2014-09-12 06:03:28 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 06:03:28 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 05:45:58 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 05:45:57 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 05:45:39 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 05:45:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 05:45:18 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 05:45:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 05:45:18 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-11 05:45:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 05:45:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 05:45:08 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-11 05:45:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-04 12:50:16 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-28 05:54:26 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 05:54:26 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 05:54:25 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-27 11:57:18 -------- d-----w- C:\Program Files\CCleaner
2014-08-27 06:58:29 -------- d-----w- C:\Users\janjans\AppData\Local\Adobe
.
==================== Find3M ====================
.
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-17 11:27:39 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2014-09-10 09:13:41 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 09:13:40 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 09:13:07 10036224 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 14:05:30.95 ===============


Attached Files
File Type: zip Attach.zip (4.0 KB)
Search

Virus Threat - Virus Infected

September 23, 2014, 10:03 am
$
0
0
using a Dell Vostro 220 posting this from a different pc

order parts - being shipped by UPS
opened Yahoo email - noticed email from UPS stating part was shipped, no one home to receive, but need number to pick up at UPS. Click on icon 4 number but it was a virus attacked. Me dropping my guard and did not noticed this was in the Spam folder and not thinking UPS does not do this way to make contact.

Attached windows words with screen print of virus (was this OK?)

The virus pops out in front of current screen with many different domain names showing on main page, "verysceongig.c**, vacuum-create.c** but all with the same screen showing different icons to click on but all dead ends, ex. Titles and Sub categories, "Arts" - Music, Movies, Television, "Health" - Medicine, Fitness, Relaxation, etc.

They are all seen on the bottom bar showing the "IE" icon and you cannot delete them until you can see a number along IE. The only way I found was to do the alt-ctrl-delete and then it may pop the number up with IE in order to delete the screen.

The IE displays on screen that "it cannot display the webpage".

I ran AVG Internet Security and it found & removed two threats but did not remove the virus.

Ran the "dds" and it states 2 logs on desktop but only see 1 "attached" text, not seeing the "DDs.txt"

Ran "Gmer" but will not scan...the pc shuts down stating "a problem has been detected & Windows has been shut down to prevent damage to your computer - I temporary turned of AVG security but it did not matter either way. GMER ran up to 45% and then turned off.

Tried both ways as to unchecked "IAT/EAT, C:/, Show All, or Systems only".

Cannot get "GMER" to scan...

Moved all files to external hard drive and have a "Carbonite Backup" (never used but installed)

out of options now except to replace "hard drive"

your support is greatly appreciated.

Brad

Malware that won't go away

September 23, 2014, 8:09 pm
$
0
0
Quote:
I've recently installed something (presumably malwarebytes trial) through some google link and afterwards my browsers started getting affected by Calcitapp search engine and an extension to my browsers called GoSave. Random ads would continue to floor my browser and it the GoSave extension just keeps coming back when I remove the extension on Chrome. http://puu.sh/bLrie/1f97308979.jpg I'm also actually not sure if it's fully rid of my firefox but the ads aren't showing on there anymore.

Can anybody help me? I've tried Superantispyware Pro (which has detected adware and removed it) but it just keeps coming back :banghead:. Anything else you need please ask and I'll try to provide any info needed.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Owner at 22:06:25 on 2014-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.7665.4959 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
mStart Page = Google
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\Owner\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6d16978b263247d3bbe7e92931eb2528-29139e77f00113675fe3f0a09dd8a96875cfd54c --CMPID 0913b
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [LogitechGalleryRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{075EE478-1103-4A59-98B9-CAC055217CC1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{075EE478-1103-4A59-98B9-CAC055217CC1} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{075EE478-1103-4A59-98B9-CAC055217CC1}\1434E42424 : DHCPNameServer = 10.100.2.1
TCP: Interfaces\{075EE478-1103-4A59-98B9-CAC055217CC1}\2656C6C6538393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D3DFB3A4-5D08-4171-906B-BF82634B13DE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D3DFB3A4-5D08-4171-906B-BF82634B13DE} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = Google
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kscepe77.default-1382743975748\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/|https://www.facebook.com/?ref=logo|h...76889709050456
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\Downloaded Program Files\266808\npxbdsetup.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-4-17 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2013-1-14 356128]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-12-6 23552]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-24 1128952]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-12-24 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-12-24 188544]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-9 121416]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-24 47232]
S2 4d349a54;GS_Sustainer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-22 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-22 860472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-2 46136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29280]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29280]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-22 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-22 63704]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-27 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-3-24 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-27 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-27 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: QSync.exe: Open="C:\Program Files (x86)\Logitech\Video\QSync.exe"
.
=============== Created Last 30 ================
.
2014-09-23 23:46:28 64856 ----a-w- C:\Windows\System32\klfphc.dll
2014-09-23 23:45:50 -------- d-----w- C:\Windows\ELAMBKUP
2014-09-23 23:45:30 91008 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-09-23 23:21:14 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-09-23 23:11:34 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-09-22 21:13:47 -------- d-----w- C:\ProgramData\SUPERSetup
2014-09-22 20:19:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-09-22 20:19:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-09-22 20:19:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-09-22 19:53:39 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-22 19:52:40 -------- d-----w- C:\AdwCleaner
2014-09-22 05:32:57 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-22 05:32:45 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-22 05:32:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-22 05:32:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-22 05:32:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-21 06:52:35 -------- d-----w- C:\ProgramData\YoutubeAdBulocckeu
2014-09-21 06:52:31 -------- d-----w- C:\Program Files (x86)\YoutubeAdBulocckeu
2014-09-21 06:52:22 -------- d-----w- C:\ProgramData\GoSSAVe
2014-09-21 06:52:17 -------- d-----w- C:\Program Files (x86)\GoSSAVe
2014-09-21 06:52:09 -------- d-----w- C:\ProgramData\b56db12b8eac46f9
2014-09-21 06:52:08 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo
2014-09-18 23:51:51 198232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2014-09-12 19:56:19 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 19:56:19 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-12 19:11:10 17903792 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-12 18:04:33 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-12 18:04:32 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-12 18:04:24 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-12 18:04:24 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-12 18:04:15 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-12 18:04:15 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-12 18:04:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-12 18:04:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-12 18:04:14 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-12 18:04:11 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-12 18:04:11 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-28 05:10:07 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 05:10:07 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 05:10:07 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M ====================
.
2014-09-24 01:41:52 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2014-09-24 00:09:27 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2014-09-24 00:09:27 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-09-24 00:09:27 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2014-09-24 00:09:27 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2014-09-24 00:09:27 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2014-09-24 00:09:26 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-12 19:11:23 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-12 19:11:23 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-26 10:51:33 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-29 21:02:15 0 ----a-w- C:\Windows\ativpsrm.bin
2014-07-29 20:56:06 190464 ----a-w- C:\Windows\PAExec.exe
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 22:07:39.44 ===============


Also, I don't have a windows install disc.

Attached Files
File Type: zip attach.zip (5.8 KB)

Websites not loading properly

September 23, 2014, 9:11 pm
$
0
0
I was asked to post in here because I am having issues with many websites loading in text only format down the left side of the screen or loading what looks right but links are broken. It happens on both Google Chrome and IE 11. I have run Malwarebytes premium (the paid version), Microsoft's malware/virus scans as well as CCleaner and ADWcleaner to no avail. I am running windows 7 on a custom build computer by me. I have tried flushing DNS and changing DNS addresses again with no luck. Internet speeds are consistent and other devices on the wifi work fine. Any help at all would be a great help as i have been trying to figure this out for 2 weeks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Adam at 17:34:03 on 2014-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12188.6678 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Users\Adam\AppData\Local\Apps\2.0\PX84YWZQ.EL9\TQPHXAPY.HDZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_A8A74C443D959D090116AB80EF7334F8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
StartupFolder: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4AE8440A-B4C5-42CA-87F8-972E5E9FB79D} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{4AE8440A-B4C5-42CA-87F8-972E5E9FB79D} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{C61E78F3-E942-417F-B52A-ABFE35696CEC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C61E78F3-E942-417F-B52A-ABFE35696CEC}\34963736F60373438343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C61E78F3-E942-417F-B52A-ABFE35696CEC}\441667563775962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{C61E78F3-E942-417F-B52A-ABFE35696CEC}\4416675672370277962756C656373702E6564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-8-12 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-8-12 38528]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2014-5-6 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-12-11 780152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-11 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-11 860472]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-10 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-10 21007192]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-12 1128952]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2011-11-21 377088]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2011-11-21 455424]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-10 413128]
R3 AE3000;Linksys AE3000 Driver;C:\Windows\System32\drivers\AE3000w764.sys [2012-10-10 1798240]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-11 122584]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-10 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-10 40392]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-18 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-8-20 156328]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-12 47232]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2014-6-7 23680]
S?3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-11 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-12 471144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-23 23:35:58 -------- d-----w- C:\Users\Adam\AppData\Local\CrashDumps
2014-09-19 23:57:39 67072 ----a-w- C:\Windows\splwow64.exe
2014-09-19 23:57:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-09-19 05:05:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-09-19 05:02:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-09-19 05:02:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-09-19 05:02:54 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-09-19 05:02:54 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-09-19 05:02:54 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-09-19 05:02:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-09-19 05:02:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-09-19 05:01:30 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-19 05:01:30 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-19 04:54:22 -------- d-----w- C:\New Folder
2014-09-19 00:36:50 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-09-19 00:35:44 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-09-19 00:31:14 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-09-19 00:10:24 -------- d-----w- C:\Users\Adam\AppData\Roaming\EZDownloader
2014-09-19 00:10:04 -------- d-----w- C:\ProgramData\OOptOn
2014-09-19 00:10:03 -------- d-----w- C:\Program Files (x86)\OOptOn
2014-09-18 23:43:51 -------- d-----w- C:\ProgramData\Trusted Publisher
2014-09-18 23:43:37 -------- d-----w- C:\ProgramData\YouutubeAdBloccke
2014-09-18 23:43:36 -------- d-----w- C:\Program Files (x86)\YouutubeAdBloccke
2014-09-18 23:43:32 -------- d-----w- C:\ProgramData\GoSaave
2014-09-18 23:43:31 -------- d-----w- C:\Program Files (x86)\GoSaave
2014-09-18 23:43:27 -------- d-----w- C:\Users\Adam\AppData\Local\Torch
2014-09-18 23:43:27 -------- d-----w- C:\Users\Adam\AppData\Local\Comodo
2014-09-18 23:43:27 -------- d-----w- C:\Users\Adam\AppData\Local\Chromatic Browser
2014-09-18 23:43:27 -------- d-----w- C:\ProgramData\c6d378d926d1a011
2014-09-16 03:28:56 -------- d-----w- C:\Users\Adam\AppData\Roaming\NewspaperDirect
2014-09-16 03:05:24 -------- d-----w- C:\Program Files\CCleaner
2014-09-14 07:34:24 -------- d-----w- C:\Users\Adam\AppData\Roaming\LolClient
2014-09-14 06:52:59 -------- d-----w- C:\ProgramData\Riot Games
2014-09-14 06:52:26 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2014-09-14 06:52:26 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2014-09-14 06:52:26 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-09-14 06:52:26 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-09-14 06:52:26 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-09-14 06:52:25 -------- d-----w- C:\Riot Games
2014-09-14 06:49:12 -------- d-----w- C:\Users\Adam\hpremote
2014-09-14 06:41:12 -------- d-----w- C:\ProgramData\ErrorEND64
2014-09-14 06:41:06 -------- d-----w- C:\Program Files\ErrorEND
2014-09-14 05:59:48 -------- d-----w- C:\Users\Adam\AppData\Roaming\Riot Games
2014-09-11 23:41:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 23:41:23 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 23:41:23 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 23:41:23 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 23:41:23 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-08-30 13:36:22 78336 ----a-w- C:\Windows\SysWow64\rzvirtualdev.dll
2014-08-28 01:22:08 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 01:22:08 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 01:22:08 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 03:44:18 895488 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
.
==================== Find3M ====================
.
2014-09-23 23:16:14 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-21 03:37:28 156328 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2014-08-13 11:28:32 356864 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-08-07 09:53:22 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-08-07 09:53:22 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-08-07 09:53:18 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-12 10:04:26 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-07-12 10:02:13 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-07-12 10:02:13 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 17:34:09.72 ===============

Attached Files
File Type: zip attach & ark.zip (4.4 KB)

Can’t reach the Web! No Browser will load but Outlook Email is fine.

September 24, 2014, 12:04 am
$
0
0
Quick background: I’m sending this via my Vista D: partition. I use it for emergencies since it was the native OS on this laptop. The problem I’m having is on the Win7 C: partition which I use 99%. My laptop is connected by Cat5 to router & modem. I did something stupid in hopes I could fix the issue of ESPN embedded video always crashing the last 6 month or so. I thought I was downloading the newest flash release but nearly in time realized it was a pop-up add not the real thing. I tried to stop it but too late. I got 5 new unwanted programs on my Laptop. I went to “programs” & tried to manually uninstall them. Some came off easy, others refused to uninstall. It was like the last uninstall didn’t work. I’d give it 15-20 mins & move to the next to uninstall. It would say. Allow previous uninstall to finish. I rebooted several times & no luck. At this point I could still get online with default Firefox, but an annoying new tab would pop up. I ran Malewarebytes. It found a lot of stuff & I quarantined all of it. I rebooted & now I can’t get any browser to access the web. They don’t even fully load to where you get “File” etc… Once you boot up the PC the last thing to come on is the little flag in the right corner with the warning sign. It says Firewall is off. All options to open the firewall setting or to just turn it on are blocked. “Action Center can’t turn on firewall”. I try manually & still can’t. My next thought was to back the system to a Restore point. I could only go back to right when the trouble started. The furthest recorded action was my trying to uninstall one of the bad programs. I tried to find something from the night before but no luck. I did the restore twice & both time I got an antivirus or firewall error that would not let the restore complete. I went into Msconfig & made sure to enable all services & all Startups listed. Every time I go back after reboot Avast is unchecked & Base Filtering Engine is unchecked. No matter what I do I can not get them to stay checked after reboot. I would go into task manager-services- selected Avast which is stopped. I try to start & get the “Access Denied” error window. I can’t run Avast. In Safe mode sometimes it loads then crashes before it can start. It just hangs with the spinning circle of death. When launching from “All Programs” then “As Admin” you can see it in the task manager 12,000K but no interface is seen. Any program that has anything to do with malware/spyware/ anti-virus loads then hangs with the circle of death. Sometimes you can not end process or end process tree.
My friend thinks the virus is blocking all programs that try to get out to internet. Its lone exception is Outlook Email. I have been able to send & receive them all day/night. He could “ping” yahoo.com” but can’t open any type of browser. My friend said all web-browsers use IE info or setting to make their browsers work. So he uninstalled IE & reinstalled. Did not help. Skype, kayako Live chat & Teamviewer service can not get to the web. When you launch any of these & any browser you can see them listed as active in Task Manager-Processes. Skype show 50,000K memory which is about normal. Firefox or IE are at just 5,000K-8,000K memory. Normally they would start in the 200,000K at least. All the same problems happen in Safe Mode & Safe Mode with Networking. I was able to run Glary 4 (not updated since April) while in Safe/network mode. It didn’t help. Strangely MS Security Essentials says: Protected. It even lets me update in real-time so I assume it’s getting to the web. Dropbox works if I close it in task manager then re-open it “As Admin”. As last ditch effort my friend tried to use Combofix. It will not load/install. It hangs at the half way point. (Output Folder C:\32788R2….)
I really would like to not format the drive & reinstall Win7. Any help would be greatly appreciated!!!

4 month old Dell showing circular egg timer at every turn

September 24, 2014, 3:40 pm
$
0
0
As described in a thread posted in the Windows support forum

http://www.techsupportforum.com/foru...rn-897010.html

Quote:
Having a contact in Dell, I got myself a well-enough spec'ed Latitude E5540 (Windows 7 / i5-4200 /4GB RAM) for basic home work: spreadsheet/word processing/surfing. Figured it'd have enough under the bonnet to stay fast even as time slowed it down.

4 months in and everything's a drag: you get that circular egg timer for just about every activity. Even opening Explorer and clicking through folders and sub-folders (not actually opening files) gives a flash of the bloody thing.

After start up, Word takes 20 seconds to open. Firefox another 20 seconds. Surfing is slow even though broadband speed is checking out as good.
That's about the size of it - a much-slowed up laptop. Old Rich took up the baton with actions as follows:
- started in safemode + networking and WOW! computer as fast as it used to be.

- couldn't turn off McAfee in order to see whether that causing the slowness

- unchecked everything in msconfig/startup and re-booted but no improvement

- none of the items on the suggestion-list (Old Rich linked to) of things that would cause slowness (bar a virus) appear relevant to this case. The computer is sufficient spec, almost new and has very little installed on it since coming out of the box.

- Old Rich got me to post a HijackThis log and on the basis of that advised me to post here.

Any help much appreciated, many thanks for your giving your time - Ian

I've got a Dell installation disc.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Ian at 21:59:12 on 2014-09-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.353.1033.18.4002.1904 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DPCardEngine.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\DellTPad\HidMonitorSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\msdtc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DPAgent.exe
C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{1AD7A5CC-4F2E-43F6-A7CE-A389DA90E5A9} : DHCPNameServer = 10.107.16.5 205.223.6.15
TCP: Interfaces\{74C23562-F463-4182-AE88-1E60BB02F3AF} : DHCPNameServer = 89.101.160.5 89.101.160.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [CSFTrayApp] "C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" showtraymin
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\7y1ieh6e.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CredFltL;Dell SED PBA Filter;C:\Windows\System32\drivers\CredFltL.sys [2014-5-9 37120]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-3-5 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-3-5 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-3-4 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 348552]
R0 SEDFilter;Dell SED PBA Enhancement;C:\Windows\System32\drivers\SEDFilter.sys [2014-5-9 61184]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2014-3-5 22128]
R2 ApHidMonitorService;Alps HID Monitor Service;C:\Program Files\DellTPad\HidMonitorSvc.exe [2014-5-2 87384]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-8-26 1685880]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 Dell.PowerManager.Service;Dell.PowerManager.Service;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-1-14 198664]
R2 DellMgmtAgent;Dell Management Agent Service;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [2014-3-10 248160]
R2 DellMgmtLoader;Dell Security Framework Loader;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [2014-3-10 26464]
R2 DellMgmtServer;DELL Security Framework Local Server;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [2014-3-10 33632]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-31 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-4 169432]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2014-3-5 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-3-5 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2014-3-5 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-3-5 189912]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-4-6 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-2 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-4-7 23552]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-3-5 246488]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-12-20 1915920]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2013-10-9 35328]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-17 3816176]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-7-23 140600]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-9-5 1390904]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 72128]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2014-3-4 176096]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-3-4 495888]
R3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-9-19 119240]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-3-5 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-3-5 786416]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-6-28 25528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
R3 O2FJ2RDR;O2FJ2RDR;C:\Windows\System32\drivers\O2FJ2w7x64.sys [2014-3-5 185760]
R3 ST_Accel;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2014-3-5 75976]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-21 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-6-19 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-5-3 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-6-28 35256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-5 452088]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 InvProtectDrv;InvProtectDrv;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [2013-7-30 34824]
S3 InvProtectSvc;Invincea Enterprise Service;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2013-7-30 2947856]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2014-3-5 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-17 284912]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 SboxDrv;SboxDrv;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [2013-7-30 202248]
S3 SboxSvc;SboxSvc;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [2013-7-30 124616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-9-6 14464]
.
=============== Created Last 30 ================
.
2014-09-23 22:37:30 388096 ----a-r- C:\Users\Ian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-09-23 22:37:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-09-20 17:43:11 -------- d-----w- C:\Users\Ian\AppData\Roaming\PDAppFlex
2014-09-20 17:42:45 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-09-20 17:22:35 -------- d-----r- C:\Users\Ian\Creative Cloud Files
2014-09-11 02:00:12 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 02:00:12 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:38:18 -------- d-----w- C:\Windows\pss
2014-09-10 21:38:18 -------- d-----w- C:\Users\Ian\AppData\Local\ElevatedDiagnostics
2014-09-10 05:14:52 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 05:14:43 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 05:14:28 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 05:14:28 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 05:14:15 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 05:14:15 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 05:14:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 05:14:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 05:14:14 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-08-28 04:42:25 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 04:42:25 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 04:42:25 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M ====================
.
2014-09-10 08:24:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 08:24:13 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 13:33:10 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-07-24 13:32:30 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-07-24 13:31:56 444720 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 22:00:29.55 ===============

Attached Files
File Type: zip attach.zip (4.6 KB)

PUP.optional.MySearchDial.A Malware

September 24, 2014, 11:46 pm
$
0
0
I have a Windows 7 desktop and use "Anti-malware Bytes" as an an anti-virus program. Every day, sometimes more than once, I get a warning from by program about the above malware and go through the process of quarantining and removing it. Sure enough it appears the following day usually attache as an extension to Google Search. Can I remove it completely or is it not harmful?

about : blank ? can't remove ?

September 25, 2014, 11:05 am
$
0
0
I ran malwarebytes, re-booted, etc. , it's still there ? thanks I have bit defender; I didn't have this problem, them I downloaded malwarebytes and bit defender, then I noticed the problem with internet explorer ? thanks
Search

Foxfire - keep getting viruses

September 28, 2014, 5:06 pm
$
0
0
Before I run the DDS, etc. :angel:
1st I wanted to check with you about having Malwarebytes Premium and Avast (free) anti-virus on my laptop at the same time.
I installed both after reading that a computer needed another anti-virus to work with the Malwarebytes.
Were they wrong?? Should I uninstall Avast?

***I wanted to see if the problem I've been having with Malwarebytes finding viruses all the time - was because of Firefox OR if from my searching, surfing, checking emails, opening news, etc.***** :ermm:

Below is a copy of 1 of the viruses after scanning with Malwarebytes Premium (2nd time):

PUP.Optional.FreeCauseTB.A, C:\Users\Bet\AppData\Roaming\Mozilla\Firefox\Profiles\5rd6ovwd.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}, , [840127c8a1dace6850a47a6889795ea2],

--------------------
Concerning Avast - not sure how good it is -
1st - I scanned with Malwarebytes Pre (viruses were quarantined)
2nd - went online for a short time & did my usual
3rd - I scanned using Avast - nothing was found
4th - I immediately scanned with Malwarebytes Premium & it found viruses - like the one above (I quarantined all - after I copied & pasted to word.
--------------------
The above may answer my questions - if not, please let me know if I need to complete the instructions for further assistance.

Thank you.:blush:

Possible Virus

September 29, 2014, 12:05 pm
$
0
0
I have a Toshiba Laptop Model L675D-S7016 running Windows 8 PRO. It runs completely normal in all normal daily respects except the following:

If you try to restart, it freezes during the shutting down phase. Only working recourse is a hard shutdown (holding down power key until shutdown). Then, when powering up, hold down F2 key to get to BIOS where you find it has been reset to defaults and the time reset to midnite. The date remains correct. Reset time, save and exit and it proceeds to boot up normally.

If you try Shutdown instead, it will try to start but freezes in the startup phase. Then, the corrective action as in restart is required to get a normal restart.

Multiple runnings of updated Windows Defender, Malwarebytes and Trend Micro has produced nothing.

I suspect it might be the CMOS/RTC battery but my laptop requires complete disassembly to get to it and then it's soldered in so I want to be sure it isn't a virus first before trying that.

So I wanted to check with you folks first and would greatly appreciate your opinion.

The files requested in your instructions are attached.

Thank you very much for your time and help.

C.B.

Attached Files
File Type: txt dds.txt (11.2 KB)
File Type: zip attach.zip (1.6 KB)
File Type: zip ark.zip (1.1 KB)

Directed here from Hard Drive Support

September 29, 2014, 1:36 pm
$
0
0
I was directed here from Hard Drive support to see if any potential virus or malware is on my computer causing me to lose space on my HDD.

Link to that thread is here http://www.techsupportforum.com/foru...dd-898777.html

Anyways here is the DDS text:
DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005
Run by De Santiago at 13:30:03 on 2014-09-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2139 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\De Santiago\AppData\Local\Apps\2.0\H6P7ZG7E.384\TE95M2EZ.87H\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\De Santiago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{E72F4C89-3983-4E19-907A-C85CE807C2FE} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-8-30 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-8-30 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-8-30 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-8-30 427360]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-3-5 14136]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-30 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-8-30 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-30 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-30 1721800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-9-10 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-09-27 22:29:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-19 05:05:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-19 05:05:22 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-30 18:42:05 427360 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2014-08-30 18:41:07 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-30 18:41:07 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-30 18:41:07 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2014-08-30 18:41:07 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2014-08-30 18:41:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-30 18:41:07 307344 ----a-w- C:\Windows\System32\aswBoot.exe
2014-08-30 18:41:07 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-30 18:41:07 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-30 18:41:07 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-08-30 16:48:23 525792 ----a-w- C:\Windows\DIFxAPI.dll
2014-08-11 20:31:46 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-08-11 20:31:46 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-08-11 20:31:46 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-08-05 16:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 13:30:23.78 ===============

Unwanted Adware

September 29, 2014, 2:06 pm
$
0
0
Hey,

I've got some adware on my computer which I can't seem to get rid of. It's called Codec-V and I've got several banners and other commercials on every webpage... Any idea how I can get rid of this? You can find the logs attached to this post. Thanks!

Lies


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Liesbeth at 20:54:19 on 2014-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4004.1154 [GMT 2:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Users\Liesbeth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uURLSearchHooks: {B922D405-6D13-4A2B-AE89-08A030DA4402} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {B922D405-6D13-4A2B-AE89-08A030DA4402} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
uRun: [Spotify Web Helper] "C:\Users\Liesbeth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5A1398B8-1756-4938-AF35-92BE3F20E5C8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A1398B8-1756-4938-AF35-92BE3F20E5C8}\46C696E6B6D254636493 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A1398B8-1756-4938-AF35-92BE3F20E5C8}\C496E6B6379737 : DHCPNameServer = 195.238.2.21 195.238.2.22 192.168.1.1
TCP: Interfaces\{F65C5FE3-9152-4200-A801-227A754FDF53} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ju8zr643.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sibelius Software\Scorch\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ju8zr643.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2012-02-23 23:21; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: !HIDDEN! 2012-06-18 22:26; {87775fdb-6972-41f9-ae51-8326e38cb206}; C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ju8zr643.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
FF - ExtSQL: !HIDDEN! 2012-06-19 20:39; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ju8zr643.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: !HIDDEN! 2012-06-19 20:39; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ju8zr643.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-04-08 20:49; FFPDFArchitectConverter@pdfarchitect.com; C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - 7c4e86d4000000000000642737d1488f
FF - user.js: extensions.funmoods_i.instlDay - 15393
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.223:15:54
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-1-29 14456]
R0 Lbd;Lbd;C:\windows\System32\drivers\Lbd.sys [2012-2-24 69376]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-2-20 55856]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-20 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-20 13336]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-20 1692480]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-20 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-20 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-20 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2013-8-19 176000]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
R3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2014-5-19 41032]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-20 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-20 533096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BrYNSvc;BrYNSvc;"C:\Program Files (x86)\Browny02\BrYNSvc.exe" --> C:\Program Files (x86)\Browny02\BrYNSvc.exe [?]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2014-9-29 22704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-17 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-09-29 14:15:29 22704 ----a-w- C:\windows\System32\drivers\EsgScanner.sys
2014-09-29 14:15:24 110080 ----a-r- C:\Users\Liesbeth\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-09-29 14:15:24 110080 ----a-r- C:\Users\Liesbeth\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-09-29 14:15:23 110080 ----a-r- C:\Users\Liesbeth\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-09-29 14:15:17 -------- d-----w- C:\sh4ldr
2014-09-29 14:15:17 -------- d-----w- C:\Program Files\Enigma Software Group
2014-09-29 14:14:32 -------- d-----w- C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-29 14:14:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-09-23 18:38:33 3675824 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-23 18:19:42 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-23 18:19:42 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-17 17:27:59 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-09-17 17:14:58 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-09-17 17:14:58 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-16 19:55:28 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-16 19:55:28 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-16 19:55:28 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-16 19:55:27 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-09-16 19:55:27 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-09-16 19:54:58 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-09-16 19:54:58 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-09-16 19:49:25 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-09-16 19:49:25 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-09-16 19:48:12 578048 ----a-w- C:\windows\System32\aepdu.dll
2014-09-16 19:48:11 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-09-16 19:30:54 -------- d-----w- C:\Program Files\iPod
2014-09-16 19:30:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-16 19:30:53 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2014-09-23 18:38:41 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 18:38:41 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\windows\SysWow64\wininet.dll
2014-08-11 19:37:08 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-31 21:02:56 0 ----a-w- C:\windows\SysWow64\shoEEE1.tmp
2014-07-28 12:52:00 6112072 ----a-w- C:\windows\System32\usbaaplrc.dll
2014-07-28 12:52:00 54784 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2014-07-25 00:35:46 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
.
============= FINISH: 20:56:00,66 ===============

Attached Files
File Type: zip attach.zip (6.5 KB)

Onlinemapfinder. All clear?

October 2, 2014, 6:58 am
$
0
0
Hi
This is my parents laptop, they were experiencing problems, freezing, lagging etc.
I ran Malwarebytes which removed 329 entries, mainly based around Onlinemapfinder_9pEI.
The laptop seems to be running much better now, although I have a suspicion the HDD may be on its way out.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 11.20.2
Run by nanaginge at 13:45:19 on 2014-10-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3835.1799 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001067-0002-0067-ABCDEFFEDCBC} - <orphaned>
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F54FD138-57DB-4FD2-A18C-03AB0A9E86C5} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\nanaginge\AppData\Roaming\Mozilla\Firefox\Profiles\elo887pl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-5-9 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-2-7 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-5-19 72216]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [2011-9-16 703584]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-19 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-19 1255736]
.
=============== Created Last 30 ================
.
2014-10-02 12:37:09 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-02 12:37:09 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-02 12:37:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-02 12:37:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-10-02 12:13:29 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2014-10-02 11:57:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-02 11:56:59 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-02 11:56:59 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-02 11:56:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-02 11:56:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-02 11:56:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-02 11:55:57 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F843F709-02AF-4BA9-B3D9-32C341E0E079}\gapaengine.dll
2014-10-02 11:55:10 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F01E1AD6-3165-4220-A5A1-F92D4B302F67}\mpengine.dll
2014-09-23 17:32:53 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-10 12:06:14 -------- d-----w- C:\Program Files\iTunes
2014-09-10 11:55:14 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-09-10 11:42:17 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 11:42:16 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 11:41:33 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 11:41:33 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 11:17:06 -------- d-----w- C:\Program Files (x86)\EPSON
.
==================== Find3M ====================
.
2014-09-23 18:25:29 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 18:25:29 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-31 12:29:57 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-31 12:28:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-21 07:18:32 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-07-21 07:18:32 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-07-21 07:18:31 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-07-17 17:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 17:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-07 02:06:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-07-07 01:39:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:46:04.81 ===============

Attached Files
File Type: zip ark.zip (3.9 KB)

Browser hijacked

October 2, 2014, 7:37 am
$
0
0
Hello to all

W7, Dell Laptop. Many sites keep popping up on this PC and other problem noticed.

For example. I enter Evening Standard. When I switch the Pc Off and then On, later, Evening Standard appears as soon as the Pc boots up.

I have used one at a time Spybot, Sophos, Ad Aware. Problem remain.

When I enter a different site for example, Ehow, as I switch on again Ehow appears. An advert for Tesco offers, Win £500 shopping and various other adverts. All of those antivirus programs says the Pc is free of viruses.

Thank you for your assistance.

Listone

:thumb:

Combofix report

October 3, 2014, 3:21 am
$
0
0
This the report of the combofix i used to solve the redirect of a link site.
i dont know what to do next :sad:

Attached Files
File Type: txt ComboFix.txt (52.3 KB)
Search

Conduit

October 3, 2014, 4:52 pm

Search Snacks keeps reinstalling itself!

September 18, 2014, 10:35 am
$
0
0
Hello, this search snacks adware keeps reinstalling itself on my computer and i have no idea how. I have uninstalled it numerous times, and performed system scans with Avira and Malwayrebytes, followed my ccleaner. It would detect stuff and i would delete it. But after a few hours, i find that search snacks is back on my computer again. It keeps redirecting to me to random sites. I have also disabled it on my extensions as well as having reset my browser settings. How do i get rid of this permanently? I feel like i have done everything






DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Brenick at 13:27:56 on 2014-09-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8136.6361 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brenick\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 172.16.128.11 172.16.128.10
TCP: Interfaces\{4080BF46-6A74-4114-ACAD-FE8B1ACC4769} : DHCPNameServer = 172.16.128.11 172.16.128.10
TCP: Interfaces\{FF73CCBF-08F7-4E3E-B045-82F7884B4D79} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-21 20464]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-9-10 28600]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-31 46376]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-9-10 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-9-10 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-9-10 117712]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-8-27 160048]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-22 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-22 18973144]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-22 411936]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-21 383472]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-21 795120]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-8-22 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-22 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-22 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-22 888536]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-5-19 31400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-14 111616]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2014-8-22 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2014-8-22 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-22 1255736]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2014-8-22 1075712]
.
=============== Created Last 30 ================
.
2014-09-17 02:28:32 -------- d-----w- C:\Program Files\HitmanPro
2014-09-17 02:24:38 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-17 02:19:35 -------- d-----w- C:\Windows\ERUNT
2014-09-15 02:29:16 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-15 02:00:26 98816 ----a-w- C:\Windows\sed.exe
2014-09-15 02:00:26 256000 ----a-w- C:\Windows\PEV.exe
2014-09-15 02:00:26 208896 ----a-w- C:\Windows\MBR.exe
2014-09-15 01:17:04 70144 ----a-w- C:\Windows\SysWow64\tasks.dll
2014-09-14 07:20:24 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 07:20:24 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-14 07:17:40 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-14 07:17:40 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-14 07:17:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-14 07:17:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-14 07:16:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-14 07:16:51 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-14 07:16:51 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-14 07:16:51 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-14 07:16:51 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-14 07:16:47 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-14 07:16:47 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-13 04:07:31 -------- d-----w- C:\Program Files (x86)\Techsnab
2014-09-11 01:48:59 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-09-11 01:47:51 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Avira
2014-09-11 01:47:12 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-09-11 01:47:12 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-09-11 01:45:37 -------- d-----w- C:\ProgramData\Avira
2014-09-11 01:45:37 -------- d-----w- C:\Program Files (x86)\Avira
2014-09-11 01:17:03 -------- d-----w- C:\Program Files (x86)\GetPrivate
2014-09-11 01:17:01 -------- d-----w- C:\Users\Brenick\AppData\Roaming\GetPrivate
2014-09-09 15:28:35 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC1866F7-8F70-4F35-AE9A-9D86DBC07024}\mpengine.dll
2014-09-05 05:45:40 -------- d-----w- C:\Program Files\CCleaner
2014-09-05 03:19:04 -------- d-sh--w- C:\Users\Brenick\AppData\Local\EmieUserList
2014-09-05 03:19:04 -------- d-sh--w- C:\Users\Brenick\AppData\Local\EmieSiteList
2014-09-02 21:07:10 -------- d-----w- C:\Users\Brenick\AppData\Local\ElevatedDiagnostics
2014-09-02 21:01:49 -------- d-----w- C:\Users\Brenick\AppData\Local\Diagnostics
2014-09-01 02:03:18 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Mumble
2014-09-01 01:52:16 -------- d-----w- C:\Program Files (x86)\Mumble
2014-08-28 01:19:24 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 01:19:24 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 01:19:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 23:24:56 -------- d-----w- C:\Users\Brenick\AppData\Local\SCE
2014-08-25 00:26:51 -------- d-----w- C:\Users\Brenick\AppData\Local\Razer
2014-08-24 05:43:25 -------- d-----w- C:\Users\Brenick\AppData\Roaming\LolClient
2014-08-24 05:13:09 -------- d-----w- C:\Users\Brenick\AppData\Local\Microsoft Games
2014-08-24 04:42:29 -------- d-----w- C:\ProgramData\Riot Games
2014-08-24 04:41:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-08-24 04:41:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-08-24 04:41:08 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-08-24 04:40:04 -------- d-----w- C:\Riot Games
2014-08-24 04:38:20 -------- d-----w- C:\Users\Brenick\AppData\Local\PMB Files
2014-08-24 04:38:19 -------- d-----w- C:\ProgramData\PMB Files
2014-08-24 04:38:17 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-08-24 04:37:57 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Riot Games
2014-08-22 23:46:55 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-08-22 23:46:55 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-08-22 23:46:42 67072 ----a-w- C:\Windows\splwow64.exe
2014-08-22 23:46:42 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-08-22 20:06:38 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-08-22 20:06:38 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-08-22 20:06:38 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-08-22 20:06:38 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-08-22 19:58:47 -------- d-----w- C:\Windows\Migration
2014-08-22 19:45:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-22 19:28:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-08-22 19:25:18 -------- d-----w- C:\Windows\System32\MRT
2014-08-22 18:49:57 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-22 18:49:57 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-22 18:49:57 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-22 18:49:57 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-22 18:49:57 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-22 18:49:57 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-22 18:49:44 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-22 18:49:44 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-22 18:49:24 -------- d-s---w- C:\Windows\System32\CompatTel
2014-08-22 17:20:45 -------- d-----w- C:\Users\Brenick\AppData\Roaming\NVIDIA
2014-08-22 17:20:40 -------- d-----w- C:\Program Files (x86)\GPU-Z
2014-08-22 15:46:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-22 15:46:03 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-22 15:46:03 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-08-22 15:46:03 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-22 15:46:03 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-22 15:44:52 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-08-22 15:43:59 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-22 15:32:53 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-08-22 15:31:57 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-08-22 15:30:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-22 15:30:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-22 15:30:46 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-08-22 15:30:46 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-08-22 15:30:41 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-08-22 15:30:36 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-08-22 15:30:36 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-08-22 15:30:36 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-08-22 15:25:01 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-08-22 15:23:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-08-22 15:23:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-08-22 15:23:52 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-08-22 15:23:52 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-08-22 15:23:52 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-08-22 15:23:52 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-08-22 15:23:48 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-22 15:23:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-08-22 15:21:58 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2014-08-22 15:20:38 331776 ----a-w- C:\Windows\System32\oleacc.dll
2014-08-22 15:19:00 77312 ----a-w- C:\Windows\System32\packager.dll
2014-08-22 15:19:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-08-22 15:12:01 -------- d-----w- C:\Program Files\005
2014-08-22 14:43:31 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-22 14:14:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-08-22 14:14:44 -------- d-----w- C:\Program Files (x86)\Steam
2014-08-22 14:09:17 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-08-22 14:09:17 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-08-22 14:09:17 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-08-22 14:09:17 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-08-22 14:09:17 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-08-22 14:09:17 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-08-22 14:09:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-22 14:09:05 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-22 14:09:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-22 14:09:05 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-22 14:09:04 -------- d-----w- C:\Users\Brenick\AppData\Local\NVIDIA Corporation
2014-08-22 13:54:50 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-08-22 13:54:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-08-22 13:54:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-08-22 13:54:07 -------- d-----w- C:\Users\Brenick\AppData\Local\Google
2014-08-22 13:53:38 -------- d-----w- C:\Users\Brenick\AppData\Local\Deployment
2014-08-22 13:53:38 -------- d-----w- C:\Users\Brenick\AppData\Local\Apps
2014-08-22 13:52:13 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 13:51:59 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-22 13:51:59 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-22 13:51:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-22 13:51:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-22 13:51:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 13:51:49 -------- d-----w- C:\Users\Brenick\AppData\Local\Programs
2014-08-22 13:46:31 43328 ----a-w- C:\Windows\System32\drivers\PCAMp50a64.sys
2014-08-22 13:46:31 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2014-08-22 13:46:31 1075712 ----a-w- C:\Windows\System32\drivers\WPN111vx.sys
2014-08-22 13:46:31 -------- d-----w- C:\Program Files (x86)\NETGEAR
2014-08-22 13:37:57 -------- d-----w- C:\Users\Brenick\AppData\Local\NVIDIA
2014-08-22 13:22:55 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-08-22 13:22:55 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-08-22 13:22:55 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-08-22 13:22:55 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-08-22 13:22:55 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-08-22 13:22:55 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-08-22 13:22:55 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-08-22 13:22:45 75040 ----a-w- C:\Windows\System32\OpenCL.dll
2014-08-22 13:22:45 61912 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-08-22 13:22:42 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-08-22 13:22:40 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-08-22 13:19:39 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-08-22 13:19:39 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-08-22 13:19:39 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-08-22 13:19:37 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-08-22 13:19:34 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-08-22 13:19:31 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2014-08-22 13:19:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2014-08-22 13:19:30 14498552 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-08-22 13:19:23 3196816 ----a-w- C:\Windows\System32\nvapi64.dll
2014-08-22 13:19:23 2814656 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-08-22 13:18:56 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-08-22 13:15:52 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2014-08-22 13:15:46 -------- d-----w- C:\Intel
2014-08-22 13:09:11 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-08-22 13:09:11 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-08-22 13:09:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-08-22 13:06:50 -------- d-sh--w- C:\Windows\Installer
2014-08-22 13:06:50 -------- d-----w- C:\ProgramData\Package Cache
2014-08-22 09:00:41 -------- d-----w- C:\Windows\Panther
2014-08-22 07:26:20 -------- d-----w- C:\Windows\SysWow64\Wat
2014-08-22 07:26:20 -------- d-----w- C:\Windows\System32\Wat
2014-08-22 07:23:04 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-08-22 07:23:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-08-22 07:23:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-08-22 07:23:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-08-22 07:23:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-08-22 07:23:04 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-08-22 07:23:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-08-22 07:18:56 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-08-22 07:18:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-08-22 07:18:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-08-22 04:44:57 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-08-21 17:37:36 795120 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2014-08-21 17:37:36 383472 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2014-08-21 17:37:35 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2014-08-21 17:37:35 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
.
==================== Find3M ====================
.
2014-08-22 19:45:36 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-11 20:31:46 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-08-11 20:31:46 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-31 20:20:42 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-15 11:01:14 4012632 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-07-15 07:30:32 950488 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 07:10:24 2000152 ----a-w- C:\Windows\System32\MBAPO264.dll
2014-07-11 07:10:20 1728792 ----a-w- C:\Windows\SysWow64\MBAPO232.dll
2014-07-09 08:57:18 2808024 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-07-07 06:07:00 2860760 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-07-04 03:07:24 1024728 ----a-w- C:\Windows\System32\RtkApi64.dll
.
============= FINISH: 13:28:24.16 ===============

Attached Files
File Type: zip New Compressed (zipped) Folder.zip (2.6 KB)

1359 java install error! Please Help

October 6, 2014, 5:47 pm
$
0
0
I tried to update Java. I continue to get a "1359" error during install...

I then attempted the following: (same error each time)
Removed all old versions of Java
tried manual install of Java
Removed antivirus and firewall (w/manual install also)
tried "JavaRa"

Thought maybe a virus so did the following....
Ran full system scan with Kapersky, (updated of course) - nothing
Tried "Malwarebyles" - WOULD NOT LOAD!! (Java?)
Tried "SUPERAntiSpyware" - nothing
tried "Housecall" nothing
Tried to uninstalll malwarebytes with removal tool, and re-install.. same error..

ran microsoft "fix it" did not work...

Don't know what else to do....

Here is the DDS.txt file..

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Armisto at 15:58:42 on 2014-10-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1114 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Kodak\CloudPrinting\KCPConnector.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Armisto\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Armisto\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
G:\JavaRa-2.6\JavaRa-2.6\JavaRa.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = about:blank
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdSjIdZdSFA6Sj6771pA96ClckoVvJOcKErimo1f9RtVuv8fnIjPDOth_giswys-2Usz2BgRK7q1-U3mFkZHWHGvO8K4FudUEX5rcqBleEZ5ZpYn6vT0SFgPPqdGX91cQ,,&q={searchTerms}
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MusicManager] "c:\users\armisto\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [0D289B4B47E184F94B23A471B514CBB5474C88FE._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [GoogleChromeAutoLaunch_32C4154C21D2615C6AC1D992C9AAAFB8] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\armisto\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\armisto\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30EAF4AD-8B17-46D2-A386-4AFA1489465C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2011-7-28 15784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2014-3-26 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2014-3-26 144992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-4 176128]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2014-3-26 214512]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files\kodak\cloudprinting\kcpconnector.exe -s --> c:\program files\kodak\cloudprinting\KCPConnector.exe -s [?]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-4-22 474168]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2014-3-26 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2014-3-26 25696]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 CLKMSVC10_E92D8507;CyberLink Product - 2011/07/28 21:09:28;c:\program files\cyberlink\powerdvd9\navfilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-11-12 19456]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-10 108032]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-2 110296]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2011-9-7 59776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-29 52224]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2014-6-10 94304]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-03 08:44:15 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{414d2265-d7bb-4b47-813b-b3c16f82c491}\mpengine.dll
2014-10-02 10:37:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-02 10:36:35 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-02 10:36:35 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-02 10:36:35 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-02 10:36:34 -------- d-----w- c:\programdata\Malwarebytes
2014-10-02 10:36:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-02 02:48:57 -------- d-----w- C:\SUPERDelete
2014-10-02 02:47:25 -------- d-----w- c:\users\armisto\appdata\roaming\SUPERAntiSpyware.com
2014-10-02 02:46:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-10-02 02:26:26 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-10-02 02:24:47 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-02 01:56:59 98816 ----a-w- c:\windows\sed.exe
2014-10-02 01:56:59 256000 ----a-w- c:\windows\PEV.exe
2014-10-02 01:56:59 208896 ----a-w- c:\windows\MBR.exe
2014-10-01 11:51:42 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 21:10:32 -------- d-----w- c:\programdata\KingsIsle Entertainment
2014-09-24 18:23:35 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-11 03:37:11 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 18:36:27 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 18:36:27 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 18:35:55 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 18:35:53 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 18:35:44 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 18:35:43 302592 ----a-w- c:\windows\system32\aeinv.dll
.
==================== Find3M ====================
.
2014-09-24 19:03:12 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 19:03:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 13:06:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
============= FINISH: 16:02:09.26 ===============

THANK YOU!!

Malware, possible virus

October 7, 2014, 5:40 pm
$
0
0
I am looking at a neighbor's machine. I will attach all pertinent log files to this post. It is running Win7 Home Premium. He does use NIS, but it is throwing an error after every reboot, a 5013,3 error which the Norton site says is related to the Base Filtering Engine, which is not shown in services at all on this machine.

I don't know all the symptoms that he is having, but so far I have noticed the NIS error, and it takes about 5 minutes to startup or shutdown. I did run MWBytes on it and it showed over 3500 items. Obviously I could nuke this thing and start over, but there are some programs that he can't find the install disks for, so that is a last resort. Any assistance would be greatly appreciated!


DDS log follows

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.60.2
Run by Burks at 13:52:32 on 2014-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1457 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\Mobogenie3\MobogenieService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Burks\AppData\Local\Temp\nsw26F2.tmp\PEV.DAT
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
uSearch Bar = Google
uSearch Page = Google
uDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.4.0.13
uProxyServer = hxxp=127.0.0.1:13081
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [NortonSupport] "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\symerr.exe" /supportreboot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://ssl1.ricoh-usa.com/+CSCOL+/csvrloader32.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~2.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-3 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [2014-10-3 1587416]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-3 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20141006.001\IDSviA64.sys [2014-10-6 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-3 593112]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-28 244624]
R2 lxbl_device;lxbl_device;C:\Windows\System32\lxblcoms.exe -service --> C:\Windows\System32\lxblcoms.exe -service [?]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-2-23 105664]
R2 MobogenieService;MobogenieService;C:\Program Files (x86)\Mobogenie3\MobogenieService.exe [2014-7-15 113344]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-3 276376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-28 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-07 01:26:06 -------- d-----w- C:\Windows\pss
2014-10-07 01:10:17 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-07 00:00:56 -------- d-----w- C:\NPE
2014-10-06 16:51:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-06 16:51:04 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-06 16:51:04 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-06 16:51:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-06 16:51:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-06 16:51:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 20:45:10 876248 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys
2014-10-03 20:45:10 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys
2014-10-03 20:45:10 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys
2014-10-03 20:45:10 37592 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys
2014-10-03 20:45:10 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symelam.sys
2014-10-03 20:45:10 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys
2014-10-03 20:45:09 266968 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys
2014-10-03 20:45:09 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys
2014-10-03 20:44:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1506000.020
2014-09-30 23:46:47 -------- d-----w- C:\Users\Burks\AppData\Local\PETN
2014-09-30 23:46:47 -------- d-----w- C:\Program Files (x86)\PETN
2014-09-30 23:43:28 1935872 ----a-w- C:\Windows\SysWow64\8977285
2014-09-30 22:29:42 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 22:29:42 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-23 18:36:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 18:36:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-12 08:03:11 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 08:03:11 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 19:45:32 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 19:45:32 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 19:45:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 19:45:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 19:45:12 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 19:45:12 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 19:45:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 19:45:12 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 19:45:12 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-11 19:45:09 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-11 19:45:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-11 00:18:44 -------- d-----w- C:\Program Files\iPod
2014-09-11 00:18:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 00:18:42 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2014-09-23 22:13:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 22:13:22 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-28 19:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 19:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 13:53:27.07 ===============

Attached Files
File Type: zip attach.zip (5.0 KB)

Problem with cltmngui.exe

October 8, 2014, 2:53 pm
$
0
0
I installed Search Protect by Conduit with a software by inattention.
But I deleted it by Adwcleaner and check it by Find in Regedit, and it seems OK.
But in Notification Area Icons, it still show program cltmngui.exe;
I look for this program by Find in All Programs and in Registry, I don't find it.
How do I delete it and where?
Thank you.

Attached Thumbnails
Click image for larger version Name: NotificationAreaIcons22 Oct. 06 16.54.jpg Views: N/A Size: 9.2 KB ID: 198905  
Viewing all 2798 articles
Browse latest View live
Search