Hello.
Recently, whenever I boot up my pc, Chrome automatically launches a website full of adds (advertraff dot org, which then redirects to play-toolbar dot org).
I have adblock plus installed, and I don't ever get redirected to that website again after the first initial boot, it only happens on startup.
I have tried uninstalling chrome, and after I booted I immediately got an error message saying that I didn't have supporting software to run the application ( the app was advertraff, I'm sorry I can't remember exactly how the error message went)
Then I reinstalled chrome and the issue persists again.
I tried running numerous anti-virus scans, but none of them detected anything.
I don't have any extensions or programs installed that seem suspicious ( At least that's what I believe, I will provide a list if necessary)
Nor do I have anything suspicious in the "startup" tab in msconfig.
It's not that big of a deal really, but It has been getting on my nerves lately, so any help would be appreciated.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Bucket at 13:09:42 on 2014-10-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8095.6638 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [CMD] cmd.exe /c start http://adverttraff.org && exit
uRun: [uTorrent] "C:\Users\Bucket\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [GoogleChromeAutoLaunch_279130913BEF9875D4F9F326E677AAA2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Bucket\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bucket\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
TCP: Interfaces\{8D53A2ED-FB35-4433-92B4-E0D86E2EEED4} : DHCPNameServer = 5.45.75.11 5.45.75.36
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: dtlite.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: hamachi-2-ui.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: dtlite.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: hamachi-2-ui.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: sptdinst-x64.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bucket\AppData\Roaming\Mozilla\Firefox\Profiles\4yaq9ez1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bucket\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-6-25 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-6-25 42624]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-25 224896]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-25 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-25 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-25 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-16 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2014-6-25 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2014-6-25 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2014-6-25 149120]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-25 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-25 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-25 50344]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2013-10-8 2099000]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-12-16 138456]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-12-16 422616]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2014-6-25 27392]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2014-6-25 151808]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2014-6-25 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2014-6-25 12288]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-6-25 39168]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-9-18 14112]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-25 58536]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-25 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2014-10-15 1579936]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-10-18 2529616]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-10-18 417552]
.
=============== Created Last 30 ================
.
2014-10-23 19:33:46 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-10-21 17:19:27 -------- d-----w- C:\wifidata
2014-10-21 17:19:27 -------- d-----w- C:\Program Files (x86)\IO3O LLC
2014-10-21 16:37:05 -------- d-----w- C:\Windows\System32\log
2014-10-20 20:41:00 -------- d-----w- C:\Users\Bucket\AppData\Roaming\Trove
2014-10-20 20:13:09 -------- d-----w- C:\Users\Bucket\AppData\Local\Glyph
2014-10-20 20:13:09 -------- d-----w- C:\ProgramData\Glyph
2014-10-20 20:13:07 -------- d-----w- C:\Program Files (x86)\Glyph
2014-10-20 09:06:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-17 16:50:32 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2014-10-15 21:20:09 -------- d-----w- C:\Program Files\Echobit
2014-10-15 21:19:59 -------- d-----w- C:\ProgramData\Echobit
2014-10-15 21:19:58 -------- d-----w- C:\Users\Bucket\AppData\Local\Echobit
2014-10-15 21:12:51 -------- d-----w- C:\Users\Bucket\AppData\Roaming\Borderlands - The Pre-Sequel
2014-10-10 10:42:51 -------- d-----w- C:\Users\Bucket\AppData\Roaming\AMD
2014-10-10 10:40:26 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-10-10 10:37:06 -------- d-----w- C:\Users\Bucket\AppData\Local\Adobe
2014-10-10 09:57:06 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-10-01 07:14:59 -------- d-----w- C:\Users\Bucket\AppData\Local\JDownloader v2.0
2014-09-26 09:30:48 -------- d-----w- C:\Program Files\Speccy
2014-09-25 13:41:35 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-09-25 12:11:39 43152 ----a-w- C:\Windows\avastSS.scr
.
==================== Find3M ====================
.
2014-09-25 12:11:39 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-09-25 12:11:39 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-09-25 12:11:39 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-25 12:11:39 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-09-25 12:11:39 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-09-25 12:11:39 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-09-25 12:11:39 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-09-15 22:32:04 128384 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-09-15 22:32:04 118096 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-09-15 22:00:04 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-09-15 22:00:00 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-09-15 21:59:50 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2014-09-15 21:59:46 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2014-09-15 21:59:40 827392 ----a-w- C:\Windows\System32\coinst_14.30.dll
2014-09-15 21:59:20 1210880 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-09-15 21:59:16 900608 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-09-15 21:59:14 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-09-15 21:59:12 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-09-15 21:59:08 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-09-15 21:59:06 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-09-15 16:21:34 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-09-15 16:19:58 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-08-05 07:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-02 11:07:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-02 11:07:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 13:09:52.50 ===============

Attached Files

info.zip (4.6 KB)

Does anybody know of an application to remove Adchoices.

I've tried all the usual stuff e.g. uninstall, browser (IE) add-ons and also the usual adware programs, but with no success.

As this is a very common nuisance, I'm really looking for a specific "find and kill" application directed at Adchoices. A nuclear solution seems like my only remaining option, but I don't have the technology!!!!

T

Hi,

I have tried a couple of times to post this.. After being connected to the internet for more than 20 min.. I get the dialog box that started all my problems.. Once, I clicked cancel for more times than I can recall, and the dialog boxes went to the back and I was able to keep typing. But they kept popping up in the background and the computer blue screened.. If I recall, it said the computer was out of memory.. I even posted this thread in the wrong section because I was trying to hurry.. I couldn't figure out how to delete the thread, so I changed it to solved under the General Computer Security.. If there is a way to delete that tread, please do so..

Anyway, on to the how the issue started and where things are at right now.. Yesterday I was on a web site looking at a part for my lawn mower.. When I the problems with my computer began. A dialog box popped up asking to install a Java Update.. Which looked more like an application wanting to install rather than a real Java Update. I clicked cancel about 30 times.. I couldn't do anything else because the dialog caused the screen to fade back and the dialog was the only thing I could click on. and then my antivirus went off.. MSE warned of a program that needed to be cleaned. I clicked clean and then the computer began to shot down.

I rebooted in safe mode, looked at MSE and it have found several files. One was listed as being clened, which was PWS:Win32/Zbot.gen!plock Category: Password Stealer.. The others were quarantined. I told MSE to remove everything and rebooted in to windows normally.

When windows started, I received an error dialog that a file (something).exe.vrs couldn't be found. I looked in the startup folder. Found the file and removed it.. I assume MSE cleaned it and it was just left over. I turned off Wi-Fi, so there was no internet connection and ran another MSE scan. It quarantined a couple more files. I told MSE to remove the files and then I came to this site and began downloading the pre-requisites.. While browsing to this site or any site, I get a dialog box that says Webpage Error.. Do you want to debug this webpage.. It gives a line number and the error on that line.. I click cancel a coupe of times then I am able to see the site.. On some sites, including this one, I see Chinese letters across the top of the pages.. Not all pages, but many.. While downloading DDS and GMER, the computer screen faded to the back, like windows was going to ask about running a program but nothing showed up and the screen was faded gray and I couldn't click on anything. So I tried to the ATL + TAB keys to see if I could see what was running and the computer blue screened. Something about memory..

When I rebooted it ran a scandisk and went back into windows.. I ran another MSE scan and it showed more quarantined files. I told MSE to remove them again and thought I would reboot.. When I clicked on Start Restart, the screen flashed back and forth between several adds, (one was Kroger) then others I couldn't make out, and my desktop.. This flashed back and fourth 3-4 times then the computer shot down..

When it rebooted, I tried running DDS.. It only produced the attached.txt file.. I ran it 5 times, same result, only 1 file.. I rebooted and tried several more times.. The results were the same, only the attached.txt file..

I then ran gmer.. It crashed several times.. It seems to always crash when it reaches MSE files in the Libraries section of the scan.. So I finally just ran it with the alternative options for when you have issues running the normal options.. I did, however, have a successful scan with all the normal options, except with Libraries unchecked.. I am not including this txt file with this post.. I can provide that file if needed..

While typing this.. Several pop ups came up.. Two web pages from C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML and two Notepad files called DECRYPT_INSTRUCTION.TXT..
The test files say:


What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)


What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.


How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.


What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/p5ifNa
2.https://paytordmbdekmizq.pay2tor.com/p5ifNa
3.https://paytordmbdekmizq.tor2pay.com/p5ifNa
4.https://paytordmbdekmizq.pay4tor.com/p5ifNa

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/p5ifNa
4.Follow the instructions on the site.



I'm kind of afraid to reboot my computer.. I have heard of some people getting locked out of their computers by some password that they don't know.. And you guys don't help with password issues like that.. So Looking forward to your help as soon as possible..

Attached Files

attach.zip (6.1 KB)

hello all
i have avast antivirus installed on my system, and it is working fine. till now the application called pointer is working fine and suddenly avast think it is a malware or virus and removed it from the system, and cannot able to run the application whenever i use to re install it.

before two day it is working fine and avast was not able to block this app, it was running smooth suddenly what happened i don't know.
if i disable the antivirus then it OK, after i enable the antivirus it dose the same thing blocking the app and moving it to cest.
thank you help will be appreciated.
fujju

Lately I can't send and received any emails with my gmail account. When I hit the send button, it hangs for a long time and after some time it crashed and shuts down automatically. Again I try to resend, but that is a hassle. It is not the internet problem, because everything else works fine.

I need instant solution Plz help me!!!I'm waiting for your opinion..

I have been downloading torrents and now I think I have a virus or viruses. My computer keeps shutting down and the I've been getting UDP floods and I honestly have no idea what that is. My internet can get really slow for no reason at all. I'd really like to get some help detecting and removing the potential viruses.

Hello, hello!

So I'm surfing away and I get a message from Avast that I've just been attacked by the "WSE Astromenda" virus. I told Avast to remove it but by Chrome's homepage and search engine was changed to Astromenda.com anyway. I immediately ran to this forum which has helped me immeasurably in the past.

Here's the DDS log and attached are the other two logs.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.71.2
Run by Keith at 3:04:22 on 2014-10-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.221 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350322420296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: Interfaces\{33F70FA9-0FBB-4111-8FC4-C4F836B9D898} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-4-17 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-17 422760]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-10-9 47488]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-20 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-17 50344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-6 54760]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-3-21 148016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
S2 ofcservice;Websensecamreportserver;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-8 25600]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2014-3-6 35256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [2010-10-7 19677]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-26 52312]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2011-6-14 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2011-6-14 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2011-6-14 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2011-6-14 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2012-6-13 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2012-6-13 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2012-6-13 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2012-6-13 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2012-6-13 113680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
S4 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
.
=============== File Associations ===============
.
ShellExec: Cdj.exe: null="c:\program files\padus\discjuggler\Cdj.exe"
.
=============== Created Last 30 ================
.
2014-10-28 08:50:39 -------- d-----w- C:\AdwCleaner
2014-10-28 08:24:29 -------- d-----w- c:\documents and settings\keith\local settings\application data\VS Revo Group
2014-10-28 08:24:16 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2014-10-25 11:51:03 -------- d-----w- c:\documents and settings\keith\application data\Astromenda
2014-10-25 08:51:39 43152 ----a-w- c:\windows\avastSS.scr
2014-10-25 08:12:12 -------- d-----w- c:\documents and settings\keith\application data\WSE_Astromenda
2014-10-25 07:40:27 -------- d-----w- c:\program files\MagicISO
2014-10-19 20:56:32 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-10-19 20:56:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-19 19:09:46 -------- d-----w- c:\program files\hpHosts
2014-10-09 21:55:04 483328 ----a-w- c:\windows\system32\drivers\updater_mdysgpquyp.exe
2014-10-09 21:55:02 47488 ----a-w- c:\windows\system32\drivers\netfilter.sys
2014-10-08 21:50:20 -------- d-----w- c:\program files\FFmpeg for Audacity
2014-10-08 21:50:06 -------- d-----w- c:\program files\Lame For Audacity
2014-10-08 21:42:47 -------- d-----w- c:\program files\Audacity
2014-10-06 05:34:32 -------- d-----w- c:\documents and settings\keith\local settings\application data\Mixesoft
2014-10-03 22:35:25 -------- d-----w- c:\windows\system32\%appdata%
2014-10-03 22:34:56 -------- d-----w- c:\documents and settings\keith\application data\Seagate
2014-10-03 22:33:50 -------- d-----w- c:\documents and settings\all users\application data\Nero
2014-10-03 22:33:28 -------- d-----w- c:\program files\Seagate
.
==================== Find3M ====================
.
2014-10-25 11:13:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-25 08:51:40 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-25 08:51:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-25 08:51:40 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-25 08:51:40 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-25 08:51:28 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-09-26 23:34:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-26 23:34:44 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 3:05:05.67 ===============

Attached Files

attach.zip (7.4 KB)

No sure where these came from in the past week, but I have two shadow icons on my desktop, and every folder has a desktop.ini configuration settings item. Tried to remove with MalwareByte anti-Malware and McAfee Security to no avail. Now I am experiencing blue screen on a regular basis. Any help would be greatly appreciated from a not so competent user.

Attached Files

	dds.txt (20.4 KB)
	Desktop.zip (7.6 KB)

I use NSIS installer a lot for my developments. I got a lot of complaints from customers that programs that uses nsis are being detected as a possible threat by mcafee. I also checked official nsis installer with virus total and still mcafee is the only virusguard who checks this as a threat

https://www.virustotal.com/en/file/7...03a5/analysis/

Also found some mcafee community discussion about this false positive.
https://community.mcafee.com/message/355351#355351

anyone who faces the same problem, please tell me what to do or file a complaint to mcafee

Hi there,

First off, thanks ever so much for your help. I've picked up something from irresponsible surfing :(

This laptop was bought new and, apart from having iTunes and Skype onboard, is solely used for streaming video in my home theatre system. I streamed some latest season episodes of a TV show illegally from a 3rd-party site about 8 months ago...i wasnt running an antivirus at the time...voila, the pc began running super slow. Stupid, stupid me. :facepalm:

Boot up time feels like forever, but I timed it to actually be around 4:45. The first error message on screen upon the desktop being populated is titled

'ubd.exe - Entry Point Not Found
The procedure entry point _objc_init_image could not be located in the dynamic link library objc.dll.'

The next thing that alerts me is from the Intel Rapid Storage Technology application, which tells me that an error exists on port:0. I open the application and the status of port:0 is 'At Risk'. There is a prompt option for me to reset disk to normal, which immediately changes the status to normal. Upon exiting the application the application pops up again almost immediately with the same issue.

Other than that, Firefox takes a long time to boot up, and videos also take a long time and often hang up after entering full screen mode which often causes them to automatically exit full screen mode. Everything just drags.

I thought i may have a corrupted hard drive at first, but checking the hardware status in Control Panel seemed fine. Please help! Thank you!

The laptop came with a retail version of Windows 7 Home Edition already loaded; so as such I have no copy of a boot disk for it.

I hope I have provided sufficient detail for you to get an impression of what I have on my hands. Thank you again for your generous service. Kind regards, --Joe

Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344
Run by Joe at 9:11:55 on 2014-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3000.1812 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TOSDCR] c:\program files\toshiba\passwordutility\TOSDCR.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [WireLessMouse] c:\program files\nortek\activo wireless and wired mouse\StartAutorun.exe KMConfig.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Razer Mamba Elite Driver] c:\program files\razer\mamba\RazerMambaSysTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\5416379724F687D2444424134353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\64259445A51224F6870264F6E60275C414E40273134313 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{6CF44091-6599-4CE2-8265-9A885985C2E8}\64275656F575966496F5746514 : DHCPNameServer = 195.186.152.32 195.186.216.32
TCP: Interfaces\{C22C2105-F383-4F24-A4BD-F12F0C8D184E} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\mp3ksrrk.default-1398267199374\
FF - prefs.js: browser.startup.homepage - hxxp://www.nba.tv/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-16 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-7-16 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-7-16 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2009-9-1 5632]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\drivers\nuvotonhidcir.sys [2009-9-1 23040]
R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\drivers\nuvotonir.sys [2009-9-1 67072]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-16 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-16 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-16 862208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 17024]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-15 52224]
.
=============== Created Last 30 ================
.
2014-10-28 10:12:46 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39818c82-5d3c-400c-bc43-b9193d755c93}\mpengine.dll
2014-10-18 02:58:37 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-18 02:58:31 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-18 02:58:29 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-10-18 02:45:47 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-18 02:44:21 3221504 ----a-w- c:\windows\system32\mstscax.dll
2014-10-18 02:44:19 1051136 ----a-w- c:\windows\system32\mstsc.exe
2014-10-18 02:44:15 523264 ----a-w- c:\windows\system32\termsrv.dll
2014-10-18 02:44:14 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-18 02:44:14 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-18 02:44:13 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-18 02:44:13 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-18 02:44:13 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-10-18 02:44:13 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-18 02:44:12 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-18 02:44:12 17408 ----a-w- c:\windows\system32\credssp.dll
2014-10-18 02:42:30 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-18 02:42:15 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-18 02:39:50 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-18 02:39:50 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-18 02:39:48 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-18 02:39:05 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-12 02:35:09 -------- d-----w- c:\users\joe\appdata\local\Adobe
2014-10-02 07:03:33 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 07:02:54 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2014-10-12 02:35:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-12 02:35:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-02 07:53:02 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-01 11:35:06 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
.
============= FINISH: 9:20:04.71 ===============

Attached Files

	attach.zip (3.1 KB)
	ark.zip (3.6 KB)

I've been infected - ads popping up and new tabs being created. I have begun the process and downloaded dds & gmer. I'm using Win 8.1. I just recently had a hard drive crash and have replaced the HD, Win, installed all SW and restored all data from Carbonite. No problems before the HD crash. I think I probably picked up adware in loading one of my SW programs (games).

I am having copatability issues with DDS so I downloaded FRST64 and windows won't let me run that app.

Good evening.

When I start up I get a box that states 'the file or directory is corrupted and unreadable' of what looks like Windows Updater. So I followed the instructions and have posted two scripts to this message.

However.. I was not successful in using DSS and GMER so I instead used RSIT and HijackThis (although they are both coming up as HijackThis?). The logs are posted below as per instruction.

I can post a photo of the box that appears if this is helpful.

Thank you

Logfile of random's system information tool 1.10 (written by random/random)
Run by charlotte at 2014-10-29 21:11:47
Microsoft Windows 8.1
System drive C: has 311 GB (70%) free of 446 GB
Total RAM: 3971 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:11:48, on 29/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\charlotte\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\charlotte\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\charlotte.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microlink – The UK’s Largest Independent Assistive Technology Supplier
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Bho - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKLM\..\Run: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
O4 - HKLM\..\Run: [BookExpress_B6FU] "C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: flstudio11.exe.lnk = C:\Users\charlotte\Documents\WindowsUpdates\flstudio11.exe
O4 - Global Startup: Device Detector 4.lnk = C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Logger service (DragonLoggerService) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @oem27.inf,%EMAUD.Win32.DisplayName%;E-MU Audio Service (emaudsv) - Unknown owner - C:\Windows\system32\emaudsv.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13179 bytes

======Scheduled tasks folder======

C:\Windows\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe --autorun
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20 627712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609C0837-8DD3-4F9B-AAC5-446F36BC0353}]
Dragon Web Extension For Internet Explorer - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12 613952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-08-26 626528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20 386048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20 627712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2013-04-19 374784]
"1.TPUReg"=C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2013-03-27 2216800]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-10-11 60712]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2011-10-12 2068856]
"DNS7reminder"=C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [2014-05-30 325960]
"BookExpress_B6FU"=C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe [2013-10-18 713216]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"E-MU USB Audio Control Panel"=C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe [2007-11-26 274432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Device Detector 4.lnk - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe

C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
flstudio11.exe.lnk - C:\Users\charlotte\Documents\WindowsUpdates\flstudio11.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.pspgru"=pspgru.acm
"msacm.vorbis"=vorbis.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-10-29 20:49:58 ----D---- C:\rsit
2014-10-29 20:49:58 ----D---- C:\Program Files (x86)\trend micro
2014-10-28 18:51:48 ----D---- C:\Users\charlotte\AppData\Roaming\vlc
2014-10-28 18:46:37 ----D---- C:\Program Files (x86)\VideoLAN
2014-10-28 18:45:00 ----D---- C:\Users\charlotte\AppData\Roaming\Macromedia
2014-10-21 18:56:50 ----A---- C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-10-21 18:56:39 ----A---- C:\Windows\SysWOW64\mfcore.dll
2014-10-21 18:56:34 ----A---- C:\Windows\SysWOW64\Windows.Media.dll
2014-10-21 18:56:31 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-21 18:56:28 ----A---- C:\Windows\SysWOW64\SRH.dll
2014-10-21 18:56:28 ----A---- C:\Windows\SysWOW64\printui.dll
2014-10-21 18:56:28 ----A---- C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-21 18:56:26 ----A---- C:\Windows\SysWOW64\wlanmsm.dll
2014-10-21 18:56:26 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2014-10-21 18:56:25 ----A---- C:\Windows\SysWOW64\mftranscode.dll
2014-10-21 18:56:24 ----A---- C:\Windows\SysWOW64\mfplat.dll
2014-10-21 18:56:23 ----A---- C:\Windows\SysWOW64\SHCore.dll
2014-10-21 18:56:20 ----A---- C:\Windows\SysWOW64\comdlg32.dll
2014-10-21 18:56:18 ----A---- C:\Windows\SysWOW64\netcfgx.dll
2014-10-21 18:56:18 ----A---- C:\Windows\SysWOW64\AppxPackaging.dll
2014-10-21 18:56:14 ----A---- C:\Windows\SysWOW64\puiobj.dll
2014-10-21 18:56:14 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2014-10-21 18:56:14 ----A---- C:\Windows\SysWOW64\Display.dll
2014-10-21 18:56:13 ----A---- C:\Windows\SysWOW64\storagewmi.dll
2014-10-21 18:56:12 ----A---- C:\Windows\SysWOW64\winmmbase.dll
2014-10-21 18:56:11 ----A---- C:\Windows\SysWOW64\wisp.dll
2014-10-21 18:56:11 ----A---- C:\Windows\SysWOW64\aclui.dll
2014-10-21 18:56:08 ----A---- C:\Windows\SysWOW64\wlanapi.dll
2014-10-21 18:56:08 ----A---- C:\Windows\SysWOW64\bcryptprimitives.dll
2014-10-21 18:56:06 ----A---- C:\Windows\SysWOW64\wsecedit.dll
2014-10-21 18:56:06 ----A---- C:\Windows\SysWOW64\AppxSip.dll
2014-10-21 18:56:04 ----A---- C:\Windows\SysWOW64\prnntfy.dll
2014-10-21 18:56:03 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2014-10-21 18:56:03 ----A---- C:\Windows\SysWOW64\winmm.dll
2014-10-21 18:56:02 ----A---- C:\Windows\SysWOW64\puiapi.dll
2014-10-21 18:56:01 ----A---- C:\Windows\SysWOW64\SndVol.exe
2014-10-21 18:56:00 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2014-10-21 18:56:00 ----A---- C:\Windows\SysWOW64\dwmapi.dll
2014-10-21 18:55:59 ----A---- C:\Windows\SysWOW64\VAN.dll
2014-10-21 18:55:57 ----A---- C:\Windows\SysWOW64\clusapi.dll
2014-10-21 18:55:55 ----A---- C:\Windows\SysWOW64\iasnap.dll
2014-10-21 18:55:55 ----A---- C:\Windows\SysWOW64\gpedit.dll
2014-10-21 18:55:54 ----A---- C:\Windows\SysWOW64\rsaenh.dll
2014-10-21 18:55:53 ----A---- C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-10-21 18:55:52 ----A---- C:\Windows\SysWOW64\osk.exe
2014-10-21 18:55:52 ----A---- C:\Windows\SysWOW64\mispace.dll
2014-10-21 18:55:51 ----A---- C:\Windows\SysWOW64\Windows.Networking.dll
2014-10-21 18:55:51 ----A---- C:\Windows\SysWOW64\SettingSync.dll
2014-10-21 18:55:51 ----A---- C:\Windows\SysWOW64\DafPrintProvider.dll
2014-10-21 18:55:49 ----A---- C:\Windows\SysWOW64\wshbth.dll
2014-10-21 18:55:49 ----A---- C:\Windows\SysWOW64\stobject.dll
2014-10-21 18:55:48 ----A---- C:\Windows\SysWOW64\ActionCenter.dll
2014-10-21 18:55:47 ----A---- C:\Windows\SysWOW64\KBDRUM.DLL
2014-10-21 18:55:47 ----A---- C:\Windows\SysWOW64\GdiPlus.dll
2014-10-21 18:55:46 ----A---- C:\Windows\SysWOW64\schannel.dll
2014-10-21 18:55:45 ----A---- C:\Windows\SysWOW64\user32.dll
2014-10-21 18:55:44 ----A---- C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-21 18:55:44 ----A---- C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-21 18:55:44 ----A---- C:\Windows\SysWOW64\KBDRU.DLL
2014-10-21 18:55:44 ----A---- C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-21 18:55:41 ----A---- C:\Windows\SysWOW64\PrintDialogs.dll
2014-10-21 18:55:41 ----A---- C:\Windows\SysWOW64\certcli.dll
2014-10-21 18:55:40 ----A---- C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-21 18:55:39 ----A---- C:\Windows\SysWOW64\BluetoothApis.dll
2014-10-21 18:55:35 ----A---- C:\Windows\SysWOW64\KBDTT102.DLL
2014-10-21 18:47:56 ----D---- C:\Windows\SysWOW64\spool
2014-10-20 21:18:30 ----D---- C:\Program Files (x86)\Evernote
2014-10-17 08:13:54 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2014-10-17 08:13:51 ----A---- C:\Windows\SysWOW64\msxml3.dll
2014-10-17 08:13:51 ----A---- C:\Windows\SysWOW64\dxgi.dll
2014-10-17 08:13:20 ----A---- C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-17 08:13:16 ----A---- C:\Windows\SysWOW64\wusa.exe
2014-10-17 08:13:16 ----A---- C:\Windows\SysWOW64\gdi32.dll
2014-10-17 08:10:35 ----A---- C:\Windows\SysWOW64\adtschema.dll
2014-10-17 08:10:23 ----A---- C:\Windows\SysWOW64\wups.dll
2014-10-17 08:10:23 ----A---- C:\Windows\SysWOW64\wudriver.dll
2014-10-17 08:10:23 ----A---- C:\Windows\SysWOW64\wuapi.dll
2014-10-17 08:10:22 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2014-10-17 08:10:22 ----A---- C:\Windows\SysWOW64\wuapp.exe
2014-10-17 08:10:17 ----A---- C:\Windows\SysWOW64\Wpc.dll
2014-10-17 08:10:07 ----A---- C:\Windows\SysWOW64\twinapi.appcore.dll
2014-10-17 08:09:50 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 08:09:49 ----A---- C:\Windows\SysWOW64\urlmon.dll
2014-10-17 08:09:48 ----A---- C:\Windows\SysWOW64\mshtml.dll
2014-10-17 08:09:47 ----A---- C:\Windows\SysWOW64\iertutil.dll
2014-10-17 08:09:47 ----A---- C:\Windows\SysWOW64\ieframe.dll
2014-10-17 08:09:45 ----A---- C:\Windows\SysWOW64\jscript9.dll
2014-10-17 08:09:45 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 08:09:44 ----A---- C:\Windows\SysWOW64\wininet.dll
2014-10-17 08:09:34 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 08:09:34 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 08:09:33 ----A---- C:\Windows\SysWOW64\vbscript.dll
2014-10-17 08:09:32 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 08:09:32 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 08:09:31 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 08:09:31 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 08:09:31 ----A---- C:\Windows\SysWOW64\iesetup.dll
2014-10-17 08:09:31 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 08:08:51 ----A---- C:\Windows\SysWOW64\packager.dll
2014-10-17 08:08:19 ----A---- C:\Windows\SysWOW64\rastls.dll
2014-10-17 08:04:54 ----A---- C:\Windows\SysWOW64\actxprxy.dll
2014-10-17 08:04:53 ----A---- C:\Windows\SysWOW64\twinui.dll
2014-10-17 08:04:52 ----A---- C:\Windows\SysWOW64\UXInit.dll
2014-10-17 08:04:52 ----A---- C:\Windows\SysWOW64\explorer.exe
2014-10-17 08:04:52 ----A---- C:\Windows\explorer.exe
2014-10-17 07:59:59 ----A---- C:\Windows\SysWOW64\WSShared.dll
2014-10-17 07:59:59 ----A---- C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-17 07:59:58 ----A---- C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-17 07:59:58 ----A---- C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-17 07:59:58 ----A---- C:\Windows\SysWOW64\mstscax.dll
2014-10-17 07:59:54 ----A---- C:\Windows\SysWOW64\shell32.dll
2014-10-17 07:59:53 ----A---- C:\Windows\SysWOW64\SearchFolder.dll
2014-10-17 07:59:52 ----A---- C:\Windows\SysWOW64\Wldap32.dll
2014-10-17 07:59:52 ----A---- C:\Windows\SysWOW64\propsys.dll
2014-10-17 07:59:52 ----A---- C:\Windows\SysWOW64\ntdll.dll
2014-10-17 07:59:52 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2014-10-17 07:59:50 ----A---- C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-17 07:57:15 ----A---- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-17 07:52:02 ----A---- C:\Windows\SysWOW64\drvinst.exe
2014-10-17 07:51:54 ----A---- C:\Windows\SysWOW64\d3d9.dll
2014-10-17 07:51:52 ----A---- C:\Windows\SysWOW64\dhcpcore.dll
2014-10-17 07:51:50 ----A---- C:\Windows\SysWOW64\framedynos.dll
2014-10-17 07:51:50 ----A---- C:\Windows\SysWOW64\dhcpcore6.dll
2014-10-17 07:51:48 ----A---- C:\Windows\SysWOW64\ncobjapi.dll
2014-10-17 07:51:41 ----A---- C:\Windows\SysWOW64\Robocopy.exe
2014-10-17 07:51:40 ----A---- C:\Windows\SysWOW64\framedyn.dll
2014-10-17 07:51:40 ----A---- C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-10-17 07:51:40 ----A---- C:\Windows\SysWOW64\dhcpcsvc.dll
2014-10-17 07:51:40 ----A---- C:\Windows\SysWOW64\d3d8thk.dll
2014-10-17 07:51:24 ----A---- C:\Windows\SysWOW64\DWrite.dll
2014-10-17 07:51:23 ----A---- C:\Windows\SysWOW64\mrt100.dll
2014-10-17 07:51:23 ----A---- C:\Windows\SysWOW64\mrt_map.dll
2014-10-17 07:51:09 ----A---- C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-10-17 07:50:52 ----A---- C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-10-17 07:50:42 ----A---- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-10-17 07:50:38 ----A---- C:\Windows\SysWOW64\winmde.dll
2014-10-17 07:50:38 ----A---- C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-10-17 07:50:38 ----A---- C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-17 07:50:38 ----A---- C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-10-17 07:50:38 ----A---- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-17 07:50:36 ----A---- C:\Windows\SysWOW64\rdpencom.dll
2014-10-17 07:50:36 ----A---- C:\Windows\SysWOW64\mfsvr.dll
2014-10-17 07:50:35 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-17 07:50:35 ----A---- C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-10-17 07:50:34 ----A---- C:\Windows\SysWOW64\rpchttp.dll
2014-10-17 07:50:34 ----A---- C:\Windows\SysWOW64\MSVideoDSP.dll
2014-10-17 07:50:34 ----A---- C:\Windows\SysWOW64\gpapi.dll
2014-10-17 07:50:33 ----A---- C:\Windows\SysWOW64\wintrust.dll
2014-10-17 07:50:33 ----A---- C:\Windows\SysWOW64\mf.dll
2014-10-17 07:50:33 ----A---- C:\Windows\SysWOW64\AudioSes.dll
2014-10-17 07:50:33 ----A---- C:\Windows\SysWOW64\AudioEng.dll
2014-10-17 07:50:28 ----A---- C:\Windows\SysWOW64\resutils.dll
2014-10-17 07:50:27 ----A---- C:\Windows\SysWOW64\tlscsp.dll
2014-10-17 07:50:24 ----A---- C:\Windows\SysWOW64\wlanhlp.dll
2014-10-17 07:50:24 ----A---- C:\Windows\SysWOW64\srclient.dll
2014-10-17 07:49:53 ----A---- C:\Windows\SysWOW64\qedit.dll
2014-10-17 07:49:38 ----A---- C:\Windows\SysWOW64\authui.dll
2014-10-17 07:49:37 ----A---- C:\Windows\SysWOW64\msi.dll
2014-10-17 07:33:39 ----A---- C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-10-17 07:32:15 ----A---- C:\Windows\SysWOW64\msihnd.dll
2014-10-17 07:31:03 ----A---- C:\Windows\SysWOW64\twinui.appcore.dll
2014-10-16 23:01:23 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-16 23:01:23 ----D---- C:\Program Files (x86)\iTunes
2014-10-16 23:00:30 ----D---- C:\Program Files (x86)\Bonjour
2014-10-16 21:07:23 ----D---- C:\Program Files (x86)\SearchProtect
2014-10-16 21:07:21 ----D---- C:\Program Files (x86)\ORBTR
2014-10-16 21:06:46 ----D---- C:\ProgramData\Freemake
2014-10-16 21:06:30 ----D---- C:\Users\charlotte\AppData\Roaming\RHEng
2014-10-16 21:06:27 ----D---- C:\Users\charlotte\AppData\Roaming\OpenCandy
2014-10-16 21:06:27 ----D---- C:\Program Files (x86)\Freemake
2014-10-16 08:02:38 ----A---- C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-10-16 08:02:35 ----A---- C:\Windows\SysWOW64\msftedit.dll
2014-10-16 08:02:30 ----A---- C:\Windows\SysWOW64\msxml6.dll
2014-10-16 08:02:29 ----A---- C:\Windows\SysWOW64\dwmcore.dll
2014-10-16 08:02:29 ----A---- C:\Windows\SysWOW64\d3d11.dll
2014-10-16 08:02:27 ----A---- C:\Windows\SysWOW64\ole32.dll
2014-10-16 08:02:25 ----A---- C:\Windows\SysWOW64\ReAgent.dll
2014-10-16 08:02:25 ----A---- C:\Windows\SysWOW64\kerberos.dll
2014-10-16 08:02:24 ----A---- C:\Windows\SysWOW64\kernel32.dll
2014-10-16 08:02:24 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2014-10-16 08:02:22 ----A---- C:\Windows\SysWOW64\wlidprov.dll
2014-10-16 08:02:18 ----A---- C:\Windows\SysWOW64\dcomp.dll
2014-10-16 08:02:17 ----A---- C:\Windows\SysWOW64\rasapi32.dll
2014-10-16 08:02:16 ----A---- C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-10-16 08:02:16 ----A---- C:\Windows\SysWOW64\SessEnv.dll
2014-10-16 08:02:15 ----A---- C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-10-16 08:02:14 ----A---- C:\Windows\SysWOW64\SensorsApi.dll
2014-10-16 08:02:14 ----A---- C:\Windows\SysWOW64\netlogon.dll
2014-10-16 08:02:10 ----A---- C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-10-16 08:02:09 ----A---- C:\Windows\SysWOW64\WsmSvc.dll
2014-10-16 08:02:08 ----A---- C:\Windows\SysWOW64\userenv.dll
2014-10-16 08:02:08 ----A---- C:\Windows\SysWOW64\davclnt.dll
2014-10-16 08:02:07 ----A---- C:\Windows\SysWOW64\spp.dll
2014-10-16 08:02:07 ----A---- C:\Windows\SysWOW64\pdh.dll
2014-10-16 08:02:05 ----A---- C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-10-16 08:02:04 ----A---- C:\Windows\SysWOW64\wlangpui.dll
2014-10-16 08:02:04 ----A---- C:\Windows\SysWOW64\w32tm.exe
2014-10-16 08:02:03 ----A---- C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-10-16 08:02:02 ----A---- C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2014-10-16 08:02:02 ----A---- C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2014-10-16 08:02:02 ----A---- C:\Windows\SysWOW64\ReInfo.dll
2014-10-16 08:02:01 ----A---- C:\Windows\SysWOW64\LocationApi.dll
2014-10-16 08:02:00 ----A---- C:\Windows\SysWOW64\sxproxy.dll
2014-10-16 08:02:00 ----A---- C:\Windows\SysWOW64\nshwfp.dll
2014-10-16 08:01:58 ----A---- C:\Windows\SysWOW64\l2gpstore.dll
2014-10-16 07:55:48 ----A---- C:\Windows\SysWOW64\OobeFldr.dll
2014-10-16 07:55:40 ----A---- C:\Windows\SysWOW64\glcndFilter.dll
2014-10-16 07:55:19 ----A---- C:\Windows\SysWOW64\wmp.dll
2014-10-16 07:55:12 ----A---- C:\Windows\SysWOW64\combase.dll
2014-10-16 07:55:11 ----A---- C:\Windows\SysWOW64\tquery.dll
2014-10-16 07:55:08 ----A---- C:\Windows\SysWOW64\mssrch.dll
2014-10-16 07:54:55 ----A---- C:\Windows\SysWOW64\dui70.dll
2014-10-16 07:54:49 ----A---- C:\Windows\SysWOW64\Windows.Globalization.dll
2014-10-16 07:54:46 ----A---- C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2014-10-16 07:54:45 ----A---- C:\Windows\SysWOW64\webservices.dll
2014-10-16 07:54:39 ----A---- C:\Windows\SysWOW64\msctf.dll
2014-10-16 07:54:37 ----A---- C:\Windows\SysWOW64\SettingSyncHost.exe
2014-10-16 07:54:36 ----A---- C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-10-16 07:54:35 ----A---- C:\Windows\SysWOW64\mfnetsrc.dll
2014-10-16 07:54:34 ----A---- C:\Windows\SysWOW64\wer.dll
2014-10-16 07:54:32 ----A---- C:\Windows\SysWOW64\WWAHost.exe
2014-10-16 07:54:32 ----A---- C:\Windows\SysWOW64\mfnetcore.dll
2014-10-16 07:54:30 ----A---- C:\Windows\SysWOW64\SettingSyncCore.dll
2014-10-16 07:54:29 ----A---- C:\Windows\SysWOW64\WMPDMC.exe
2014-10-16 07:54:29 ----A---- C:\Windows\SysWOW64\twinapi.dll
2014-10-16 07:54:29 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2014-10-16 07:54:28 ----A---- C:\Windows\SysWOW64\setupapi.dll
2014-10-16 07:54:28 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll
2014-10-16 07:54:19 ----A---- C:\Windows\SysWOW64\apphelp.dll
2014-10-16 07:54:16 ----A---- C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-16 07:54:09 ----A---- C:\Windows\SysWOW64\scrrun.dll
2014-10-16 07:36:23 ----A---- C:\Windows\SysWOW64\wimgapi.dll
2014-10-16 07:36:23 ----A---- C:\Windows\SysWOW64\Taskmgr.exe
2014-10-16 07:36:22 ----A---- C:\Windows\SysWOW64\RacEngn.dll
2014-10-16 07:36:19 ----A---- C:\Windows\SysWOW64\usercpl.dll
2014-10-16 07:36:15 ----A---- C:\Windows\SysWOW64\WerFault.exe
2014-10-16 07:36:12 ----A---- C:\Windows\SysWOW64\mssph.dll
2014-10-16 07:36:11 ----A---- C:\Windows\SysWOW64\MMDevAPI.dll
2014-10-16 07:36:08 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2014-10-16 07:36:04 ----A---- C:\Windows\SysWOW64\msctfuimanager.dll
2014-10-16 07:36:03 ----A---- C:\Windows\SysWOW64\tdh.dll
2014-10-16 07:36:02 ----A---- C:\Windows\SysWOW64\msvproc.dll
2014-10-16 07:36:01 ----A---- C:\Windows\SysWOW64\Faultrep.dll
2014-10-16 07:36:00 ----A---- C:\Windows\SysWOW64\slc.dll
2014-10-16 07:35:58 ----A---- C:\Windows\SysWOW64\thumbcache.dll
2014-10-16 07:35:58 ----A---- C:\Windows\SysWOW64\mssvp.dll
2014-10-16 07:35:57 ----A---- C:\Windows\SysWOW64\uxtheme.dll
2014-10-16 07:35:57 ----A---- C:\Windows\SysWOW64\advapi32.dll
2014-10-16 07:35:54 ----A---- C:\Windows\SysWOW64\ntshrui.dll
2014-10-16 07:35:45 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-10-16 07:35:45 ----A---- C:\Windows\SysWOW64\DismApi.dll
2014-10-16 07:35:44 ----A---- C:\Windows\SysWOW64\WSClient.dll
2014-10-16 07:35:43 ----A---- C:\Windows\SysWOW64\themeui.dll
2014-10-16 07:35:43 ----A---- C:\Windows\SysWOW64\ncryptsslp.dll
2014-10-16 07:35:43 ----A---- C:\Windows\SysWOW64\MrmIndexer.dll
2014-10-16 07:35:41 ----A---- C:\Windows\SysWOW64\Dism.exe
2014-10-16 07:35:40 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2014-10-16 07:35:40 ----A---- C:\Windows\SysWOW64\InputSwitch.dll
2014-10-16 07:35:34 ----A---- C:\Windows\SysWOW64\sppc.dll
2014-10-16 07:35:31 ----A---- C:\Windows\SysWOW64\SyncCenter.dll
2014-10-16 07:35:29 ----A---- C:\Windows\SysWOW64\WlanMM.dll
2014-10-16 07:35:29 ----A---- C:\Windows\SysWOW64\WinTypes.dll
2014-10-16 07:35:27 ----A---- C:\Windows\SysWOW64\authz.dll
2014-10-16 07:35:25 ----A---- C:\Windows\SysWOW64\rdpcore.dll
2014-10-16 07:35:24 ----A---- C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2014-10-16 07:35:24 ----A---- C:\Windows\SysWOW64\mdmregistration.dll
2014-10-16 07:35:24 ----A---- C:\Windows\SysWOW64\clrhost.dll
2014-10-16 07:35:23 ----A---- C:\Windows\SysWOW64\ninput.dll
2014-10-16 07:35:19 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2014-10-16 07:35:17 ----A---- C:\Windows\SysWOW64\sqmapi.dll
2014-10-16 07:35:13 ----A---- C:\Windows\SysWOW64\fsutil.exe
2014-10-16 07:35:13 ----A---- C:\Windows\SysWOW64\CloudNotifications.exe
2014-10-16 07:35:12 ----A---- C:\Windows\SysWOW64\wscapi.dll
2014-10-16 07:35:11 ----A---- C:\Windows\SysWOW64\imm32.dll
2014-10-16 07:35:10 ----A---- C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2014-10-16 07:35:10 ----A---- C:\Windows\SysWOW64\gameux.dll
2014-10-16 07:35:09 ----A---- C:\Windows\SysWOW64\SndVolSSO.dll
2014-10-16 07:35:07 ----A---- C:\Windows\SysWOW64\wermgr.exe
2014-10-16 07:35:04 ----A---- C:\Windows\SysWOW64\powrprof.dll
2014-10-16 07:35:04 ----A---- C:\Windows\SysWOW64\PlayToManager.dll
2014-10-16 07:35:03 ----A---- C:\Windows\SysWOW64\WSDApi.dll
2014-10-16 07:35:03 ----A---- C:\Windows\SysWOW64\WLanConn.dll
2014-10-16 07:35:03 ----A---- C:\Windows\SysWOW64\rasgcw.dll
2014-10-16 07:35:02 ----A---- C:\Windows\SysWOW64\RestoreOptIn.exe
2014-10-16 07:35:01 ----A---- C:\Windows\SysWOW64\zipfldr.dll
2014-10-16 07:35:01 ----A---- C:\Windows\SysWOW64\UserAccountBroker.exe
2014-10-16 07:35:00 ----A---- C:\Windows\SysWOW64\srchadmin.dll
2014-10-16 07:35:00 ----A---- C:\Windows\SysWOW64\newdev.dll
2014-10-16 07:34:59 ----A---- C:\Windows\SysWOW64\wscinterop.dll
2014-10-16 07:34:58 ----A---- C:\Windows\SysWOW64\bcd.dll
2014-10-16 07:34:54 ----A---- C:\Windows\SysWOW64\cleanmgr.exe
2014-10-16 07:34:50 ----A---- C:\Windows\SysWOW64\taskeng.exe
2014-10-16 07:34:48 ----A---- C:\Windows\SysWOW64\WerFaultSecure.exe
2014-10-16 07:34:48 ----A---- C:\Windows\SysWOW64\netid.dll
2014-10-16 07:34:47 ----A---- C:\Windows\SysWOW64\dmvdsitf.dll
2014-10-16 07:34:47 ----A---- C:\Windows\SysWOW64\BioCredProv.dll
2014-10-16 07:34:45 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2014-10-16 07:34:45 ----A---- C:\Windows\SysWOW64\netiohlp.dll
2014-10-16 07:34:42 ----A---- C:\Windows\SysWOW64\dmdskmgr.dll
2014-10-16 07:34:41 ----A---- C:\Windows\SysWOW64\bcrypt.dll
2014-10-16 07:34:39 ----A---- C:\Windows\SysWOW64\samlib.dll
2014-10-16 07:34:39 ----A---- C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2014-10-16 07:34:38 ----A---- C:\Windows\SysWOW64\MbaeApiPublic.dll
2014-10-16 07:34:38 ----A---- C:\Windows\SysWOW64\deviceaccess.dll
2014-10-16 07:34:37 ----A---- C:\Windows\SysWOW64\netplwiz.dll
2014-10-16 07:34:37 ----A---- C:\Windows\SysWOW64\acppage.dll
2014-10-16 07:34:35 ----A---- C:\Windows\SysWOW64\wlidcredprov.dll
2014-10-16 07:34:35 ----A---- C:\Windows\SysWOW64\scrobj.dll
2014-10-16 07:34:35 ----A---- C:\Windows\SysWOW64\provsvc.dll
2014-10-16 07:34:32 ----A---- C:\Windows\SysWOW64\slpts.dll
2014-10-16 07:34:32 ----A---- C:\Windows\SysWOW64\PkgMgr.exe
2014-10-16 07:34:31 ----A---- C:\Windows\SysWOW64\winbrand.dll
2014-10-16 07:34:31 ----A---- C:\Windows\SysWOW64\autofmt.exe
2014-10-16 07:34:30 ----A---- C:\Windows\SysWOW64\autochk.exe
2014-10-16 07:34:29 ----A---- C:\Windows\SysWOW64\untfs.dll
2014-10-16 07:34:29 ----A---- C:\Windows\SysWOW64\autoconv.exe
2014-10-16 07:34:25 ----A---- C:\Windows\SysWOW64\DWWIN.EXE
2014-10-16 07:34:25 ----A---- C:\Windows\SysWOW64\AuthBroker.dll
2014-10-16 07:34:23 ----A---- C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
2014-10-16 07:34:23 ----A---- C:\Windows\SysWOW64\StorageContextHandler.dll
2014-10-16 07:34:22 ----A---- C:\Windows\SysWOW64\mssprxy.dll
2014-10-16 07:34:21 ----A---- C:\Windows\SysWOW64\spwizeng.dll
2014-10-16 07:34:20 ----A---- C:\Windows\SysWOW64\WimBootCompress.ini
2014-10-16 07:34:20 ----A---- C:\Windows\SysWOW64\spbcd.dll
2014-10-16 07:34:12 ----A---- C:\Windows\SysWOW64\sud.dll
2014-10-16 07:34:10 ----A---- C:\Windows\SysWOW64\wlidcli.dll
2014-10-16 07:34:09 ----A---- C:\Windows\SysWOW64\SettingMonitor.dll
2014-10-16 07:34:06 ----A---- C:\Windows\SysWOW64\offreg.dll
2014-10-16 07:34:05 ----A---- C:\Windows\SysWOW64\winsku.dll
2014-10-16 07:34:05 ----A---- C:\Windows\SysWOW64\SSShim.dll
2014-10-16 07:34:05 ----A---- C:\Windows\SysWOW64\CloudStorageWizard.exe
2014-10-16 07:34:04 ----A---- C:\Windows\SysWOW64\PlayToDevice.dll
2014-10-16 07:34:04 ----A---- C:\Windows\SysWOW64\IdCtrls.dll
2014-10-16 07:34:04 ----A---- C:\Windows\SysWOW64\deviceassociation.dll
2014-10-16 07:34:03 ----A---- C:\Windows\SysWOW64\UserLanguagesCpl.dll
2014-10-16 07:34:03 ----A---- C:\Windows\SysWOW64\powercfg.exe
2014-10-16 07:34:02 ----A---- C:\Windows\SysWOW64\werui.dll
2014-10-16 07:34:01 ----A---- C:\Windows\SysWOW64\migisol.dll
2014-10-16 07:34:00 ----A---- C:\Windows\SysWOW64\ReAgentc.exe
2014-10-16 07:33:59 ----A---- C:\Windows\SysWOW64\dfrgui.exe
2014-10-16 07:33:58 ----A---- C:\Windows\SysWOW64\easwrt.dll
2014-10-16 07:33:56 ----A---- C:\Windows\SysWOW64\diskpart.exe
2014-10-16 07:33:55 ----A---- C:\Windows\SysWOW64\cscript.exe
2014-10-16 07:33:54 ----A---- C:\Windows\SysWOW64\sxshared.dll
2014-10-16 07:33:54 ----A---- C:\Windows\SysWOW64\msshooks.dll
2014-10-16 07:33:53 ----A---- C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-10-16 07:33:53 ----A---- C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2014-10-16 07:33:46 ----AH---- C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll
2014-10-16 07:33:44 ----A---- C:\Windows\SysWOW64\wincorlib.dll
2014-10-16 07:33:44 ----A---- C:\Windows\SysWOW64\setupugc.exe
2014-10-16 07:33:36 ----A---- C:\Windows\SysWOW64\finger.exe
2014-10-16 07:33:34 ----A---- C:\Windows\SysWOW64\themecpl.dll
2014-10-16 07:33:34 ----A---- C:\Windows\SysWOW64\SettingSyncPolicy.dll
2014-10-16 07:33:31 ----A---- C:\Windows\SysWOW64\ocsetapi.dll
2014-10-16 07:33:31 ----A---- C:\Windows\SysWOW64\GlobCollationHost.dll
2014-10-16 07:33:29 ----A---- C:\Windows\SysWOW64\korwbrkr.dll
2014-10-16 07:33:28 ----AH---- C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll
2014-10-16 07:33:25 ----A---- C:\Windows\SysWOW64\dataclen.dll
2014-10-16 07:33:22 ----AH---- C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll
2014-10-16 07:33:21 ----AH---- C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll
2014-10-16 07:33:21 ----AH---- C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll
2014-10-16 07:33:21 ----A---- C:\Windows\SysWOW64\occache.dll
2014-10-16 07:33:20 ----A---- C:\Windows\SysWOW64\f3ahvoas.dll
2014-10-15 13:22:49 ----D---- C:\Program Files (x86)\Common Files\Java
2014-10-15 13:22:48 ----A---- C:\Windows\SysWOW64\javaws.exe
2014-10-15 13:22:46 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 13:22:46 ----A---- C:\Windows\SysWOW64\javaw.exe
2014-10-15 13:22:46 ----A---- C:\Windows\SysWOW64\java.exe
2014-10-14 21:31:48 ----A---- C:\Windows\LENDIG.sys
2014-10-14 21:15:56 ----N---- C:\Windows\Updreg.EXE
2014-10-14 21:13:55 ----D---- C:\Windows\SysWOW64\Data
2014-10-14 21:13:55 ----A---- C:\Windows\SysWOW64\INRES.DLL
2014-10-14 21:13:51 ----D---- C:\Program Files (x86)\Creative Professional
2014-10-14 20:54:37 ----D---- C:\Program Files (x86)\DriverToolkit
2014-10-14 20:10:38 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2014-10-14 20:10:08 ----D---- C:\Users\charlotte\AppData\Roaming\Image-Line
2014-10-14 20:09:50 ----D---- C:\Users\charlotte\AppData\Roaming\FlowStone
2014-10-14 20:09:50 ----D---- C:\Program Files (x86)\DSPRobotics
2014-10-14 20:04:50 ----D---- C:\Program Files (x86)\Image-Line
2014-10-06 15:54:11 ----D---- C:\Program Files (x86)\VstPlugins
2014-10-06 15:54:11 ----A---- C:\Windows\SysWOW64\rewire.dll
2014-10-06 15:53:55 ----D---- C:\Program Files (x86)\Outsim
2014-10-06 15:38:18 ----D---- C:\Users\charlotte\AppData\Roaming\WinRAR
2014-10-06 14:56:17 ----RD---- C:\Windows\BrowserChoice
2014-10-06 14:41:48 ----D---- C:\ProgramData\RosettaStoneLtdBackup
2014-10-06 14:39:50 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2014-10-06 14:39:40 ----D---- C:\ProgramData\Rosetta Stone
2014-10-06 14:39:40 ----D---- C:\Program Files (x86)\Rosetta Stone
2014-10-06 14:35:26 ----D---- C:\Users\charlotte\AppData\Roaming\uTorrent
2014-10-06 13:57:44 ----D---- C:\Program Files (x86)\WinRAR
2014-10-06 11:20:56 ----A---- C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-06 11:20:45 ----A---- C:\Windows\SysWOW64\mfds.dll
2014-10-06 11:20:44 ----A---- C:\Windows\SysWOW64\Windows.Graphics.dll
2014-10-06 11:20:42 ----A---- C:\Windows\SysWOW64\msieftp.dll
2014-10-06 11:18:59 ----A---- C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-10-06 11:18:58 ----A---- C:\Windows\SysWOW64\sti.dll
2014-10-06 11:18:58 ----A---- C:\Windows\SysWOW64\OEMLicense.dll
2014-10-06 11:09:54 ----A---- C:\Windows\SysWOW64\msdrm.dll
2014-10-06 11:04:46 ----A---- C:\Windows\SysWOW64\iernonce.dll
2014-10-06 11:04:46 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-06 11:04:43 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2014-10-06 11:04:42 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-06 11:04:41 ----A---- C:\Windows\SysWOW64\msrating.dll
2014-10-06 11:01:49 ----A---- C:\Windows\SysWOW64\WMPhoto.dll
2014-10-06 10:57:28 ----A---- C:\Windows\SysWOW64\d2d1.dll
2014-10-06 10:54:47 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2014-10-06 10:54:47 ----A---- C:\Windows\SysWOW64\dbghelp.dll
2014-10-06 10:54:47 ----A---- C:\Windows\SysWOW64\dbgeng.dll
2014-10-06 10:41:41 ----A---- C:\Windows\SysWOW64\poqexec.exe
2014-10-06 10:36:22 ----A---- C:\Windows\SysWOW64\pcaui.exe
2014-10-06 10:35:04 ----D---- C:\Program Files (x86)\Google
2014-10-06 10:31:46 ----D---- C:\ProgramData\ClassicShell

======List of files/folders modified in the last 1 month======

2014-10-29 21:06:54 ----D---- C:\Users\charlotte\AppData\Roaming\ClassicShell
2014-10-29 21:06:18 ----D---- C:\Windows\System32
2014-10-29 21:06:18 ----D---- C:\Windows\Inf
2014-10-29 21:05:59 ----D---- C:\Windows\Prefetch
2014-10-29 21:01:09 ----D---- C:\Windows\Temp
2014-10-29 21:01:09 ----D---- C:\Windows\SysWOW64
2014-10-29 20:49:58 ----RD---- C:\Program Files (x86)
2014-10-28 20:38:11 ----SHD---- C:\System Volume Information
2014-10-28 17:15:48 ----D---- C:\Windows\Microsoft.NET
2014-10-28 09:32:13 ----D---- C:\Windows\AppReadiness
2014-10-27 22:55:34 ----SHD---- C:\Windows\Installer
2014-10-27 22:55:34 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-10-27 22:55:05 ----RSD---- C:\Windows\assembly
2014-10-27 22:54:55 ----D---- C:\Program Files (x86)\Common Files\Microsoft Shared
2014-10-24 07:35:35 ----D---- C:\Windows\rescache
2014-10-23 07:13:48 ----D---- C:\Windows
2014-10-23 07:13:47 ----D---- C:\Windows\WinSxS
2014-10-23 01:29:32 ----RD---- C:\Windows\ToastData
2014-10-23 01:29:22 ----D---- C:\Windows\SysWOW64\wbem
2014-10-23 01:29:22 ----D---- C:\Windows\SysWOW64\setup
2014-10-23 01:29:22 ----D---- C:\Windows\SysWOW64\en-US
2014-10-23 01:29:18 ----RD---- C:\Windows\ImmersiveControlPanel
2014-10-23 01:29:13 ----RSD---- C:\Windows\Fonts
2014-10-23 01:29:12 ----D---- C:\Windows\apppatch
2014-10-23 01:29:11 ----D---- C:\Windows\SysWOW64\InputMethod
2014-10-22 21:23:40 ----D---- C:\Windows\Tasks
2014-10-21 19:35:39 ----D---- C:\Windows\CbsTemp
2014-10-21 19:11:03 ----D---- C:\Users\charlotte\AppData\Roaming\Adobe
2014-10-21 19:00:46 ----D---- C:\ProgramData\FLEXnet
2014-10-21 18:52:25 ----D---- C:\Program Files (x86)\Adobe
2014-10-21 18:51:51 ----D---- C:\ProgramData\Adobe
2014-10-21 18:51:24 ----D---- C:\Program Files (x86)\Common Files\Adobe
2014-10-21 00:02:39 ----D---- C:\Windows\MediaViewer
2014-10-21 00:02:38 ----D---- C:\Windows\FileManager
2014-10-21 00:02:38 ----D---- C:\Windows\Camera
2014-10-21 00:02:37 ----D---- C:\Program Files (x86)\Windows Defender
2014-10-21 00:02:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-21 00:02:24 ----D---- C:\Windows\PolicyDefinitions
2014-10-21 00:02:15 ----D---- C:\Windows\WinStore
2014-10-21 00:02:09 ----D---- C:\Windows\SysWOW64\migration
2014-10-17 11:05:08 ----D---- C:\Users\charlotte\AppData\Roaming\Apple Computer
2014-10-17 07:56:40 ----D---- C:\Windows\Logs
2014-10-17 00:47:32 ----D---- C:\Windows\servicing
2014-10-17 00:47:32 ----D---- C:\Program Files (x86)\Windows Portable Devices
2014-10-17 00:47:32 ----D---- C:\Program Files (x86)\Windows Multimedia Platform
2014-10-17 00:47:32 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-17 00:47:31 ----D---- C:\Windows\SysWOW64\oobe
2014-10-17 00:47:31 ----D---- C:\Windows\SysWOW64\Dism
2014-10-17 00:47:28 ----D---- C:\Windows\en-US
2014-10-16 23:05:34 ----SD---- C:\Users\charlotte\AppData\Roaming\Microsoft
2014-10-16 23:01:25 ----RD---- C:\Program Files
2014-10-16 23:01:24 ----D---- C:\Program Files (x86)\Common Files\Apple
2014-10-16 23:01:23 ----HD---- C:\ProgramData
2014-10-16 23:01:23 ----D---- C:\ProgramData\Apple Computer
2014-10-16 23:00:42 ----D---- C:\ProgramData\Apple
2014-10-15 13:22:56 ----D---- C:\ProgramData\Oracle
2014-10-15 13:22:49 ----D---- C:\Program Files (x86)\Common Files
2014-10-15 13:22:45 ----D---- C:\Program Files (x86)\Java
2014-10-14 21:13:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 15:54:41 ----SD---- C:\ProgramData\Microsoft
2014-10-06 14:57:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-10-06 11:23:39 ----SHD---- C:\$Recycle.Bin
2014-10-06 10:56:51 ----D---- C:\ProgramData\CanonIJPLM
2014-10-06 10:31:17 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys []
R0 tos_sps64;@oem14.inf,%SERVICE_DESC_amd64%;TOSHIBA tos_sps64 Service; C:\Windows\System32\drivers\tos_sps64.sys []
R0 TVALZ;@oem6.inf,%TVALZ.SvcDesc%;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\System32\drivers\TVALZ_O.SYS []
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 PEGAGFN;PEGAGFN; \??\C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [2009-09-11 14344]
R3 AmUStor;@oem12.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
R3 athr;@oem23.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys []
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys []
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys []
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\BthLEEnum.sys []
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys []
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcDAud;@oem7.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 iwdbus;@oem10.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys []
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C63x64.sys []
R3 MEIx64;@oem1.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys []
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys []
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys []
R3 SPPD;SPPD; \??\C:\Windows\system32\drivers\SPPD.sys []
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 Thotkey;@oem3.inf,%Thotkey%;Toshiba Hotkey Driver; C:\Windows\System32\drivers\Thotkey.sys []
R3 tosrfec;@oem22.inf,%busenum.SVCDESC%;Bluetooth ACPI; C:\Windows\System32\drivers\tosrfec.sys []
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 emusba10;@oem27.inf,%EMUSBA10.Driver.DisplayName%;E-MU USB-Audio 1.0 Driver; C:\Windows\system32\DRIVERS\emusba10.sys []
S3 intaud_WaveExtensible;@oem9.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys []
S3 USBAAPL64;@oem28.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WDC_SAM;@oem26.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys []
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-08-22 312448]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-09-25 2436280]
R2 CltMngSvc;Search Protect Service; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-10-02 3015128]
R2 DragonLoggerService;Dragon Logger service; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [2014-07-12 137280]
R2 DragonSvc;Dragon Service; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2014-07-12 339008]
R2 dts_apo_service;DTS APO Service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-09-10 19792]
R2 emaudsv;@oem27.inf,%EMAUD.Win32.DisplayName%;E-MU Audio Service; C:\Windows\system32\emaudsv.exe []
R2 GFNEXSrv;GFNEX Service; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [2013-03-27 163168]
R2 Orbiter;Orbiter; C:\Windows\System32\svchost.exe [2013-08-22 31552]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2013-08-16 339456]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-08-09 328544]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 116648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-10 279024]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-10-06 655624]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 116648]
S3 Olympus DVR Service;Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-11-08 174592]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-09-25 150600]

-----------------EOF-----------------




---------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:09:19, on 29/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\charlotte\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microlink – The UK’s Largest Independent Assistive Technology Supplier
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Bho - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKLM\..\Run: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
O4 - HKLM\..\Run: [BookExpress_B6FU] "C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: flstudio11.exe.lnk = C:\Users\charlotte\Documents\WindowsUpdates\flstudio11.exe
O4 - Global Startup: Device Detector 4.lnk = C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Logger service (DragonLoggerService) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @oem27.inf,%EMAUD.Win32.DisplayName%;E-MU Audio Service (emaudsv) - Unknown owner - C:\Windows\system32\emaudsv.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13030 bytes

Hi,

I have a few machines that i'm having issues with.

They are all showing the same symptoms (all different networks).

When opening any internet browser (IE, Chrome, firefox) after browsing to any website the browser stops responding and closes.

I have ran pretty much every tool on the system to try and resolve this issue but to no avail.

I have ran ESET Online Scanner which did find Win64\Dridex.A trojan and stated that it did remove it but it looks like this hasn't resolved the issue.

What I think has happened is that an email has been opened (the notorious MS Doc Macro document) that has infected the machine and i'm at a complete loss on how to get the systems back to working standard without re-installing the machine.

Any help would be much appreciated,

Many thanks,

Lewis

according to one of this forums moderators i have some kind of malware problem. so i have included the gmer file as well as the 2 dds i think that i have done it correctly so just let me know ifi have and if theres anything else u need im having problems with my IE it says proxy isnt responding i have included a screen shot of whats going on things i have tried include reinstalling IE but whenever i try to do that it says i have the latest version installed already and i have tried going into tools -internet options-connections -lan settings and unchecking the proxy check mark but whenever i click ok then i go back into the connections and it is re-checked.
THANKS IN ADVANCE
RUBEN
P.S. i know there isnt anything wrong with the internet connection because i am using the internet on that very same rig but only with mozilla firefox i even tried installing google chrome but got the same message well not the same message just the proxy isnt responding.

Attached Thumbnails

 

Attached Files

ark.zip (8.2 KB)

Hello,
I'm experiencing a problem with a browser hijack. (It does not affect my firefox; only my aol browser.) When I have my aol software open, it will keep popping up a browser page directing to the following address: hxxp://ib.adnxs.com/bounce?%2Ftt%3Fi...om%26cb%3D1771. After I close, it will pop up again within a few short seconds and makes it very difficult to compose and send emails. My OS is microsoft xp. I have run the logs as instructed.

Thank you in advance!

PS - my Avira was disable before I scanned the system, but may have been enabled when I opened dds.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by Donald at 10:53:07 on 2014-11-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1066 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\RunDll32.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~1\Intuit\QUICKB~1\COMPON~1\qbagent\QBDAGE~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Do Not Track Plus: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
StartupFolder: c:\docume~1\donald\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340082316618
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340081901306
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{F6871B6F-65ED-4699-B9E4-C3A82D6DEAD5} : DHCPNameServer = 10.0.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs= c:\progra~1\linkey\ieexte~1\iedll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\donald\application data\mozilla\firefox\profiles\t9ghxv7h.default\
FF - prefs.js: browser.startup.homepage - msn
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll

Attached Files

attach.zip (8.3 KB)

I am not 100% sure if I have a virus or some kind of crappy Malware or something on my laptop. I let a friend of mine borrow my laptop for a couple weeks. I get it back and its not the same. I have a feeling he did something stupid and wont tell me about it.

I would just like to know of someone can guide me to the right place, where I can look up the basic/major areas of the registry to look for unusual things. Like if you look in a certain registry folder there should only be certain things in that folder. And if there is anything else in there then it may/may not be harmful.
Maybe the major reistry things to look for with the common malware/virus's that are around right now.
Like in the Shell Folder or the Run Folders etc..
I have looked in my programs and see nothing unusual in there to uninstall. But I know that there are things that are bad going on now I just dont know exactly what to look for specifically.
I am running Vista Home Premium. ITs an HP PAvilion laptop.

Any help is appreciated...

Oh yah.. I did look in a registry folder called
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] and there was something in there that is called :
!Do Not Use This Registry Key

Is that supposed to be there? I just dont recall ever seeing that before...

As posted earlier, I'm getting 'ledoborota' alerts from avast. Attached are the requested logs and the print screens I made of the original alerts.

Thanks

Attached Files

	dds.zip (5.3 KB)
	attach.zip (3.0 KB)
	Ledoborota.doc (712.0 KB)

Ok, so I have a virus. I've run a full Security Essentials scan, as well as Malware Bytes...I'm sure my kids d/l'd something that caused it. I removed all the suspicious programs, ran the scan again..and I'm still getting browser pop-ups for spam removal, etc...

DDS log:

GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-11-06 17:34:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00U9B0 rev.05.00K05 931.51GB
Running: gmer.exe; Driver: C:\Users\Darren\AppData\Local\Temp\uxdirpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037a7000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037a702f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071e917fa 2 bytes JMP 00000000822ea370
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071e91860 2 bytes JMP 00000000822ea3d6
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071e91942 2 bytes JMP 000000010279a9b8
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071e9194d 2 bytes JMP 000000010279a9c3
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2272] entry point in ".rdata" section 000000006fac71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Gigabyte\ET6\GUI.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000765851dd 7 bytes JMP 000000011003ac50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007658610b 7 bytes JMP 000000011003b000
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007658c6c1 7 bytes JMP 000000011003abc0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000765cfc98 7 bytes JMP 000000011003af50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000765cfcd1 7 bytes JMP 000000011003adf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000765cfcf5 7 bytes JMP 000000011003af00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Users\Darren\AppData\Roaming\uTorrent\uTorrent.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767b1465 2 bytes [7B, 76]
.text C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767b14bb 2 bytes [7B, 76]
.text ... * 2
---- Processes - GMER 2.1 ----

Process C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Darren\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [2740](2014-01-28 22:36:04) 0000000000400000

---- Files - GMER 2.1 ----

File C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Cookies\MNYR7S54.txt 93 bytes

---- EOF - GMER 2.1 ----

Attached Files

attach.zip (9.5 KB)

I installed Pinnacle Game Profiler from download.cnet.com, using the Direct Download Link. Bad idea. After installation, I was prompted to restart my computer, so I did. After logging in, I was bombarded by error messages. Lots and lots of stuff not working. It looked like some of it was AVG related, which I have installed. I checked, and sure enough, AVG wasn't running.

I had created a system restore point before downloading the program, just in case. Unfortuantely, doing it didn't change anything. I tried using Add/Remove Programs to uinstall it, but clicking the Change/Remove button didn't do anything. And I couldn't launch any programs, although the only ones I tried were Firefox, Photoshop, and Media Player Classic.

Currently, I'm on Linux Mint 15 until I get this fixed. Doing some research, I found that Pinnacle Game Profiler frequently triggers false alarms with anti-virus software, but I couldn't find any evidence of it being malware. And I'll be happy to do the DDS with logs thing if people here think it's necessary at this stage.

Anyone know how to fix this?

My 2011 Dell Windows 7 machine is not super fast, but I am not sure whether that is normal at its age. My Mozilla Firefox (latest version), however, is fairly frustrating in how slow things load. I do see a few sites that show banners(?) from AdChoices, and I can't find a way to get rid of them. Additionally, Avast has (for quite a while) been reporting bloatware and registry tweaks that I could take care of with something they want me to buy, but I don't want to buy anything.

I'm attaching the files related to diagnosing Virus/Trojan/Spyware in hopes that someone will be able to tell me if something is awry.

Many thanks,
Minderbinder

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.67.2
Run by ppearlman at 19:00:39 on 2014-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3957.2105 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uURLSearchHooks: {a386d4b0-fddb-4e1c-ae61-4f014013cd9b} - <orphaned>
uURLSearchHooks: {40f5f417-32bb-4296-9446-c1e0094e7d82} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [FAStartup] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\24967605F6E646437393931323 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\3547574696F6336303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\36163747E65647475627D27657563747 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\47D6F62696C656 : DHCPNameServer = 66.94.9.120 66.94.25.120
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\7657563747 : DHCPNameServer = 139.130.4.4
TCP: Interfaces\{0AC97434-A0FD-45BE-97B9-968489D004A3}\A496D6F6A6F60284F6473707F6470274342333D233 : DHCPNameServer = 119.148.69.200 203.12.160.35
TCP: Interfaces\{0C115553-6AF3-46D7-B13E-59D08F22F830} : DHCPNameServer = 10.4.182.20 10.4.81.103
TCP: Interfaces\{958977DD-DA99-4932-BB5E-7BB0D7B48A0F} : DHCPNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ppearlman\AppData\Roaming\Mozilla\Firefox\Profiles\yx512sdh.default-1415352081057\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-17 224896]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-30 55280]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-5-16 536984]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-24 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-3-24 427360]
R1 RapportCerberus_80049;RapportCerberus_80049;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [2014-9-3 768184]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-7-31 444184]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-7-31 562136]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-28 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-28 202752]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-5 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-24 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-5 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-25 2368776]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-7-31 1919256]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-30 2320920]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-4-30 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-28 56344]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-8-20 428696]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-28 239616]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-27 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-30 35104]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-28 151936]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-2 29184]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2014-11-6 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2014-11-6 12504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-28 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-28 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2014-11-06 08:34:45 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{820C0A9B-D7E6-471C-8BA1-9BB7904A67A5}\offreg.dll
2014-11-06 08:24:42 3050808 ----a-w- C:\Windows\System32\pwNative.exe
2014-11-06 08:24:41 19152 ------w- C:\Windows\System32\pwdrvio.sys
2014-11-06 08:24:41 12504 ------w- C:\Windows\System32\pwdspio.sys
2014-11-04 23:17:11 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{820C0A9B-D7E6-471C-8BA1-9BB7904A67A5}\mpengine.dll
2014-10-30 01:07:11 -------- d-----w- C:\Users\ppearlman\AppData\Local\{BD9F8023-BAB2-4F70-9503-3F6B51636942}
2014-10-19 03:03:48 -------- d-----w- C:\Users\ppearlman\AppData\Local\etax2014
2014-10-19 03:03:17 -------- d-----w- C:\Program Files (x86)\etax2014
2014-10-17 04:38:23 -------- d-----w- C:\Users\ppearlman\AppData\Local\{DCB240BE-C23D-4832-A461-D64784BC97AB}
2014-10-15 14:24:29 -------- d-----w- C:\Users\ppearlman\AppData\Local\{6CD3E8E5-3977-41F9-8517-2D65970F5CE4}
2014-10-15 03:43:00 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-10-15 03:43:00 48128 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-10-15 03:41:21 842240 ----a-w- C:\Windows\System32\blackbox.dll
2014-10-15 03:40:59 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-15 03:39:12 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-15 03:39:11 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-15 03:39:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 03:38:34 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 03:38:32 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 03:36:59 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 03:35:33 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 03:35:32 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-10 04:22:18 -------- d-----w- C:\Users\ppearlman\AppData\Local\{A190A1A4-EF72-44C6-A8AD-B0E6B34D798A}
2014-10-09 05:08:53 -------- d-----w- C:\Users\ppearlman\AppData\Local\{D48E115C-8690-4E0E-B100-7D739BE788E2}
.
==================== Find3M ====================
.
2014-10-27 22:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-25 00:34:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 00:34:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 19:05:04.71 ===============

Attached Files

attach.zip (7.3 KB)