Trojan affected internet

January 11, 2015, 9:57 pm

≫ Next: Kaspersky install not valid win32 applicaton

≪ Previous: Having very bad Malware and possible Trojan

I have a trojan on a laptop that has affected the internet. It has no connections are available. Here are the results of the scans.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Marc at 23:20:28 on 2015-01-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4246 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRunOnce: [Adobe Speed Launcher] 1420874590
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\2656C6B696E6E2565683 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\2656C6B696E6E2565683E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\D41627363702E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\D41627363702E4564777F627B6E2D656469616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\E45445745414257333 : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2014-2-21 36096]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-3-7 482384]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-10-29 263960]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-5-27 50976]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-12-8 753704]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-9 298080]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2012-7-18 514048]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 969016]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-3-7 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-7 2655768]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-9-23 1820184]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2012-7-18 979456]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-12-3 3386160]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2012-7-3 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2012-7-3 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2012-7-3 84992]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-18 245760]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-2-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-13 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-13 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2013-8-12 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2013-8-12 226696]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-3-7 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-3-7 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-21 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-12 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-12-3 272176]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2013-8-30 356056]
S3 SmbDrvI;SmbDrvI;C:\windows\System32\drivers\Smb_driver_Intel.sys [2014-2-21 34544]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-5-26 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-09 22:35:33 -------- d-----w- C:\RegBackup
2015-01-09 21:29:16 -------- d-sh--w- C:\$RECYCLE.BIN
2015-01-09 21:18:16 98816 ----a-w- C:\windows\sed.exe
2015-01-09 21:18:16 256000 ----a-w- C:\windows\PEV.exe
2015-01-09 21:18:16 208896 ----a-w- C:\windows\MBR.exe
2015-01-08 21:58:17 -------- d-----w- C:\windows\ERUNT
2015-01-08 19:58:29 -------- d-----w- C:\Users\Marc\AppData\Roaming\Zeon
2014-12-29 13:58:22 129752 ----a-w- C:\windows\System32\drivers\5A0B7933.sys
2014-12-28 13:44:39 129752 ----a-w- C:\windows\System32\drivers\1C702092.sys
2014-12-19 16:35:20 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-19 16:35:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
.
==================== Find3M ====================
.
2015-01-11 06:48:36 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-09 19:06:16 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 19:06:16 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-25 17:01:42 129752 ----a-w- C:\windows\System32\drivers\059C5740.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-10-30 22:34:57 0 ----a-w- C:\windows\System32\lzvwyt.dll
2014-10-30 02:35:16 263960 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-10-26 01:49:00 0 ----a-w- C:\windows\System32\grqmzvk.dll
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-24 20:40:35 900 --sha-w- C:\ProgramData\KGyGaAvL.sys
2014-10-23 16:45:42 129752 ----a-w- C:\windows\System32\drivers\3F2C6237.sys
2014-10-20 16:19:30 129752 ----a-w- C:\windows\System32\drivers\0CA653A4.sys
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
.
============= FINISH: 23:20:53.03 ===============

Attached Files

attach.zip (5.1 KB)

↧

Kaspersky install not valid win32 applicaton

January 31, 2015, 2:28 pm

≫ Next: Keys typing by them selves....

≪ Previous: Trojan affected internet

After studying prior issues with this scenario, have run a combo fix and post the copy of its result here. This computer likely malware d based on some McAfee remnants a CNET download drivers scan tool infected onto the H.D.

Removed Kaspersky 2013 Internet Security, in first step to install 2015 Internet Security, and unable to proceed.

Combo fix:

ComboFix 15-01-29.01 - BN-ADMIN 01/31/2015 15:57:44.1.3 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3583.1846 [GMT -6:00]
Running from: c:\users\BN-ADMIN\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BN-ADMIN\Desktop\Internet Explorer.lnk
c:\users\BN-ADMIN\Documents\~WRL3368.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-28 to 2015-01-31 )))))))))))))))))))))))))))))))
.
.
2015-01-31 22:02 . 2015-01-31 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-30 19:42 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D796867-DBA5-43E9-83C6-EFF7C7A7F30E}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-24 21:40 . 2012-06-08 18:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-24 21:40 . 2012-06-08 18:57 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 09:00 . 2010-08-24 20:09 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-06 10:36 . 2012-05-16 21:14 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-11-19 10:31 . 2014-11-19 10:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-06 02:44 . 2014-12-10 08:20 309760 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2014-11-06 02:30 . 2014-12-10 08:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-12 1099608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\\SystemRoot\system32\DRIVERS\ahcix64s.sys;c:\windows\\SystemRoot\system32\DRIVERS\ahcix64s.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [x]
S2 msftesql$SAGAFR50;SQL Server FullText Search (SAGAFR50);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [x]
S2 msftesql$SAGEFR50;SQL Server FullText Search (SAGEFR50);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [x]
S2 MSSQL$SAGAFR50;SQL Server (SAGAFR50);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 MSSQL$SAGEFR50;SQL Server (SAGEFR50);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 04:38 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 21:40]
.
2015-01-31 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3757513443-3412732065-2299017888-1000.job
- c:\users\BN-ADMIN\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-25 13:37]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08 22:50]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-08 22:50]
.
2015-01-30 c:\windows\Tasks\HPCeeScheduleForBN-ADMIN.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-02 7938080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: ppheartland.org\portal
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\BN-ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\f8xjy0bm.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-PracticeOne e-Medsys_is1 - c:\e-medsys\unins000.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$SAGAFR50]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SAGAFR50"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$SAGEFR50]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:SAGEFR50"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-31 16:04:32
ComboFix-quarantined-files.txt 2015-01-31 22:04
.
Pre-Run: 59,484,442,624 bytes free
Post-Run: 60,222,840,832 bytes free
.
- - End Of File - - 1A0B9F350798E8E4A251DFAE87B2C110
A36C5E4F47E84449FF07ED3517B43A31

↧

Keys typing by them selves....

February 5, 2015, 3:20 am

≫ Next: caught trojan, internet working, browsers not.

≪ Previous: Kaspersky install not valid win32 applicaton

Please help! A while ago my computer started randomly typing the same key over and over, as if I was holding it in. I restarted the laptop and it stopped. A few times after that the same problem happened with different keys, making it impossible to do anything until I restarted the laptop. Now it is happening again with the "5" key and nothing, not even restarting has helped. I've tried various virus scans and although I got rid of a few viruses, the problem still stayed. I tried banging the keyboard as well.
Please help! I'm typing this on my iPod!
Thanks in advance!
John

↧

caught trojan, internet working, browsers not.

February 5, 2015, 6:06 pm

≫ Next: "Uniblue Scanner 2015"

≪ Previous: Keys typing by them selves....

Caught some kind of trojan which I deleted with malwarebytes but browser still not working. I was sent here by one of forum members my detailed problems

http://www.techsupportforum.com/foru...rk-955009.html

I don't have access to win install disc nor boot cd.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Domas at 0:59:20 on 2015-02-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6040.4508 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\igfxCUIService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\taskhost.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\windows\system32\igfxEM.exe
C:\windows\system32\igfxHK.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\vssvc.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uSearch Bar = Preserve
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{05FAE178-2AFB-4159-8B71-CD7A809B1253} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0682122A-7DA3-4867-80E1-DE0CF9383217} : NameServer = 192.168.1.254
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D}\242736D6140503 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D}\4554F4D2831343237373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D}\54874756E6465627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D}\E494E4F435027455543545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0AD44C92-ED76-4123-BDC8-9E7948DB794D}\E494E4F435027455543545F5548545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2DE15BC2-DB56-43B3-BAF0-C1EA95D65F9F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2DE15BC2-DB56-43B3-BAF0-C1EA95D65F9F}\4554F4D2446423645373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2DE15BC2-DB56-43B3-BAF0-C1EA95D65F9F}\5576E656 : DHCPNameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{2DE15BC2-DB56-43B3-BAF0-C1EA95D65F9F}\E494E4F435027455543545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2DE15BC2-DB56-43B3-BAF0-C1EA95D65F9F}\E496E6F6F57457563747 : DHCPNameServer = 70.38.38.4 70.38.38.5
TCP: Interfaces\{51746550-A6D7-424E-B3B6-1E6E4E4D3B99} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Domas\AppData\Roaming\Mozilla\Firefox\Profiles\43zj1mnz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF - prefs.js: network.proxy.ftp - 139.0.2.162
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 139.0.2.162
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 139.0.2.162
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 139.0.2.162
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Domas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Domas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-1 16152]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-3-2 28992]
R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2013-10-18 535576]
R1 RapportCerberus_80120;RapportCerberus_80120;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [2015-1-13 845464]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-12-22 445816]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-12-22 558872]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-3-2 13824]
R2 AMPPALR3;Intel? Centrino? Wireless Bluetooth? + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-10 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\windows\System32\igfxCUIService.exe [2014-3-17 319376]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-3-2 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-3-2 161560]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-12-22 1919256]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-3-2 31624]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-3-2 7680]
R2 SWUpdateService;SW Update Service;C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-2 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2013-4-10 164832]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-11-30 94720]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2013-2-10 40432]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2014-3-7 450520]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-1 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-1 786200]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-2 648808]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\windows\System32\drivers\tap0901t.sys [2013-8-21 31232]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2013-4-10 164832]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2013-9-6 24368]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2014-6-13 14448]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2015-1-16 43664]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-9-6 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2015-2-2 129752]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2015-1-15 19456]
S3 Samsung UPD Service2;Samsung UPD Service2;C:\windows\System32\SUPDSvc2.exe [2011-12-2 165456]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-1-19 27584]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-5-10 155824]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 t_mouse.sys;HID-compliand device;C:\windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2015-1-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2015-1-15 30208]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-8-21 759192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-03 16:39:45 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4781E79-8B92-4959-83EA-241E1F5008E1}\mpengine.dll
2015-02-02 18:23:28 -------- d-----w- C:\AdwCleaner
2015-02-02 17:09:34 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-02-02 17:08:49 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-02-02 17:08:49 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-02-02 17:08:49 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-02-02 17:08:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 17:06:42 -------- d-----w- C:\Program Files (x86)\GUMCF6E.tmp
2015-02-02 17:01:49 -------- d-sh--w- C:\$RECYCLE.BIN
2015-02-02 16:17:56 98816 ----a-w- C:\windows\sed.exe
2015-02-02 16:17:56 256000 ----a-w- C:\windows\PEV.exe
2015-02-02 16:17:56 208896 ----a-w- C:\windows\MBR.exe
2015-02-02 16:11:18 -------- d-----w- C:\ProgramData\Licenses
2015-02-02 14:43:20 -------- d-sh--w- C:\Users\Domas\AppData\Local\EmieBrowserModeList
2015-01-19 19:04:56 -------- d-----w- C:\Program Files (x86)\Flawless Widescreen
2015-01-18 01:13:55 87040 ----a-w- C:\windows\System32\TSWbPrxy.exe
2015-01-16 23:13:06 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2015-01-16 14:58:24 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2015-01-16 14:58:23 6584320 ----a-w- C:\windows\System32\mstscax.dll
2015-01-16 14:56:45 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2015-01-16 14:56:45 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2015-01-16 00:54:15 43664 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2015-01-16 00:32:08 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-15 17:42:04 -------- d-----w- C:\Program Files (x86)\AntiLogger
2015-01-15 17:41:46 7039960 ----a-w- C:\windows\SysWow64\ZALSDKCore.dll
2015-01-15 17:41:45 -------- d-----w- C:\Users\Domas\AppData\Local\Zemana
2015-01-15 17:07:06 129752 ----a-w- C:\windows\System32\drivers\08BA39EA.sys
2015-01-15 16:42:14 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-15 16:34:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-15 14:17:08 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys
2015-01-15 14:17:08 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys
2015-01-15 14:16:55 243200 ----a-w- C:\windows\System32\rdpudd.dll
2015-01-15 14:16:55 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll
2015-01-15 14:16:55 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll
2015-01-15 13:10:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-01-14 14:03:00 303616 ----a-w- C:\windows\System32\nlasvc.dll
2015-01-14 14:03:00 210432 ----a-w- C:\windows\System32\profsvc.dll
2015-01-14 14:02:59 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2015-01-14 14:02:59 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2015-01-14 14:02:58 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2015-01-14 14:02:51 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-01-14 14:02:47 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 14:02:44 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-01-14 14:02:39 503808 ----a-w- C:\windows\System32\srcore.dll
2015-01-14 14:02:37 296960 ----a-w- C:\windows\System32\rstrui.exe
2015-01-14 14:02:36 50176 ----a-w- C:\windows\System32\srclient.dll
2015-01-14 14:02:36 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2015-01-13 14:59:15 -------- d-----w- C:\Program Files\CCleaner
2015-01-13 03:57:41 -------- d-----w- C:\Users\Domas\voip
2015-01-13 03:56:27 -------- d-----w- C:\Users\Domas\AppData\Roaming\ICQ-Profile
2015-01-13 03:06:54 -------- d-----w- C:\Users\Domas\AppData\Local\gtk-2.0
2015-01-13 03:00:51 -------- d-----w- C:\Users\Domas\AppData\Local\GNU
2015-01-13 03:00:08 -------- d-----w- C:\Users\Domas\AppData\Roaming\gnupg
2015-01-13 03:00:02 -------- d-----w- C:\ProgramData\GNU
2015-01-09 01:22:08 -------- d-----w- C:\Program Files (x86)\Child of Light
2015-01-08 16:06:46 -------- d-----w- C:\Users\Domas\AppData\Roaming\tor
.
==================== Find3M ====================
.
2015-01-15 14:22:06 451 ----a-w- C:\windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-01-14 17:23:12 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 17:23:12 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-06 04:36:02 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-22 17:52:44 535576 ----a-w- C:\windows\System32\drivers\RapportKE64.sys
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-18 14:56:48 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 1:02:05.94 ===============

Attached Files

attach_1423188051166.zip.zip (7.8 KB)

↧

"Uniblue Scanner 2015"

February 6, 2015, 8:15 am

≫ Next: CTB-Locker

≪ Previous: caught trojan, internet working, browsers not.

Hi,

Windows 7SP1
Samsung notebook

A friend of mine notebook boots up to Driver Scanner 2015 & DriverFigher. The only thing you can do it click Alt + Control + Delete... to get back to a screen that allows you to shut down (the red circle) the computer. What are our options in attempting to removes these "scanners"? Thank you

p.s. I did read the thread "Removing Viruses, Trojans, & Malware." I've download that software to my computer and onto a flash drive, since we are unable to access anything on her computer including the net.

↧

CTB-Locker

February 7, 2015, 8:27 am

≫ Next: Infected?

≪ Previous: "Uniblue Scanner 2015"

Does anyone have a solution for removing CTB-Locker ramsonware?

↧

Infected?

February 8, 2015, 4:34 pm

≫ Next: Invalid Windows, plus other issues

≪ Previous: CTB-Locker

Hi.

For a week now, a new browser has been popping up while I'm surfing the internet. It used to be "Reimage repair Windows 7 PC Repair", or it's Yahoo search engine with searches I've done on google or it's online surveys. I have a feeling my PC is infected although my Norton anti virus tells me everything is fine.

Thanks

_______________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.4.1
Run by Richard at 19:03:29 on 2015-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2312 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LuckyTab\LuckyTab.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [mbot_ca_382] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzYtODk4OTg1NjY0LUZJKzEtRkwxMCsxLUREVCszOTg4LVRVRyszLUxTRCsyLUZPSSsxLUREMTArMS1TVDEwQVBQKzE"&"prod=55"&"ver=10.0.1392
StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGET~1.LNK - C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E60D1614-6248-4FF1-B62E-8B496707006A} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sniyh93v.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-3 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [2015-1-6 1622744]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-3 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07060.00F\ccsetx64.sys [2014-9-1 162392]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150206.001\IDSviA64.sys [2015-2-6 669400]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-3 593112]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe [2014-9-1 130104]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-3 276376]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-11 142640]
S2 cae99edb;SuperOptimizer Stats;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-10 1255736]
.
=============== Created Last 30 ================
.
2015-02-05 01:11:07 -------- d-----w- C:\Program Files (x86)\predm
2015-02-05 01:06:14 -------- d-----w- C:\Users\Richard\AppData\Local\Programs
2015-02-05 01:06:05 -------- d-----w- C:\Program Files (x86)\LuckyTab
2015-02-05 01:06:03 -------- d-----w- C:\Users\Richard\AppData\Roaming\SimpleFiles
2015-02-05 01:05:56 -------- d-----w- C:\Program Files (x86)\SimpleFiles
.
==================== Find3M ====================
.
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
.
============= FINISH: 19:04:02.57 ===============

Attached Files

attach.zip (4.6 KB)

↧

Invalid Windows, plus other issues

February 8, 2015, 7:26 pm

≫ Next: AVG 'blocked due to group policy' issue

≪ Previous: Infected?

This episode started with a pop-up that claimed my copy of Windows is invalid. It came installed on the machine and has been updated regularly for two years. (ACER NETBOOK D260 Win 7 64)

I ran Malwarbytes (free) found some "non-malware", and on the restart after the welcome screen it stopped on solid blue screen for 1-2 minutes, then went on to the desktop.

Neither Firefox, Chrome nor Thunderbird can access any site because "the proxy server is refusing connections" .

Also the "Ctrl Prnt Screen" function does not work.

The machine runs, to play games, but is slower than it should be.

dds and GMER were downloaded on different machine, carried over on amemory stick and the logs carried back.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.60.2
Run by Diana at 16:59:04 on 2015-02-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1035 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\USERS\DIANA\DOWNLOADS\PROCEXP.EXE
C:\Users\Diana\AppData\Local\Temp\PROCEXP64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uProxyServer = hxxp=127.0.0.1:49418;https=127.0.0.1:49418
uProxyOverride = <-loopback>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\Users\Diana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Diana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{1A0DD12D-C6E3-4E55-816E-382188A5E019} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB} : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\25F6467756C6C6D27657563747 : DHCPNameServer = 216.234.161.25 216.194.64.160
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3414D405D2D41494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\3427F677E65605C616A716D27457563747 : DHCPNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{306445AD-D7C7-4F1F-B042-BAD58994CEFB}\C49626271627970275962756C6563737 : DHCPNameServer = 4.2.2.2 4.2.2.3
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\iebmt715.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-10-21 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-8 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-9 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-25 50344]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-27 31080]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-15 76912]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-27 278640]
S3 EUCR;EUCR;C:\Windows\System32\drivers\EUCR6SK.sys [2010-11-15 88912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-11-23 29184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-6 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-14 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-19 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-9-27 52896]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-15 321104]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-18 868896]
S4 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-15 135560]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-15 13336]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-18 2151744]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-14 1871160]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-14 969016]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-6 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-6 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-6 171416]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-15 243232]
.
=============== Created Last 30 ================
.
2015-02-08 15:58:37 -------- d-----w- C:\Windows\SysWow64\Adobe
2015-02-07 01:58:11 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7392F0BC-DC9A-4A50-9F77-2A9B2EC7C02E}\mpengine.dll
2015-01-21 22:58:43 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2015-01-21 18:12:05 -------- d-----w- C:\Users\Diana\Dropbox (Old)
2015-01-21 15:46:07 -------- d-----w- C:\Users\Diana\AppData\Local\Help
2015-01-21 13:18:34 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-21 00:15:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-20 23:00:55 -------- d-----w- C:\ProgramData\TweakBit
2015-01-20 23:00:29 -------- d-----w- C:\Program Files (x86)\TweakBit
2015-01-20 17:39:18 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-20 17:39:15 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-20 17:34:55 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-20 17:34:49 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-20 00:46:18 -------- d-----w- C:\Users\Diana\AppData\Local\LogMeIn Rescue Applet
2015-01-19 21:55:27 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-19 21:55:16 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-01-19 21:55:06 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-19 21:55:06 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-19 21:55:05 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-19 21:54:59 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-01-19 21:54:58 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-01-19 21:54:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-01-19 21:54:58 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2015-01-19 21:54:58 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2015-01-19 21:54:57 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2015-01-19 21:54:57 420864 ----a-w- C:\Windows\System32\wksprt.exe
2015-01-19 21:54:56 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2015-01-19 21:54:56 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2015-01-19 21:54:52 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-01-19 21:54:51 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-01-19 21:51:27 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-19 21:51:13 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-19 21:51:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-19 21:51:10 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-01-19 21:01:33 -------- d-----w- C:\Users\Diana\AppData\Local\HP
2015-01-14 04:41:12 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 04:40:56 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 04:40:55 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 04:40:53 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 04:40:43 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 04:39:57 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 04:39:48 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 04:39:42 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 04:39:37 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 04:39:36 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 04:39:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 04:39:28 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-10 03:32:46 0 ----a-w- C:\Windows\SysWow64\FAP916A.tmp
.
==================== Find3M ====================
.

Attachment 218177

Attachment 218185

Attached Files

	attach.zip (2.7 KB)
	ark.zip (9.1 KB)

↧

AVG 'blocked due to group policy' issue

February 9, 2015, 11:10 am

≫ Next: How do you remove Advanceelite?

≪ Previous: Invalid Windows, plus other issues

Hi guys,

I have a windows 7 machine here with the above issue.

My search for resolutions has bought me to the forum. I am starting a new topic as it seems the help for this topic previously has been user/machine specific.

Please let me know what I need to do and I will report back.

Many thanks to all! :)

↧

How do you remove Advanceelite?

February 9, 2015, 7:33 pm

≫ Next: TbNotifier.exe Issue

≪ Previous: AVG 'blocked due to group policy' issue

Somehow I ended up with Advanceelite on my computer. I did a search for removing it and they refer to going into programs and features and uninstalling it, however it is not shown in my program list. There is a folder in Program Files (x86) however there is no uninstall in that folder either. I went into IE and tools and options and programs and manage add-ons and under toolbars and extension it is listed and I have disabled it in there but it still is present in every IE session and would love to get rid of it as it really takes over IE.

Thank you

↧

TbNotifier.exe Issue

February 10, 2015, 12:57 am

≫ Next: The virus has changed the file extension.

≪ Previous: How do you remove Advanceelite?

I have been having trouble with my computer lately as when I type or do anything, something interrupts and brings me off the page that i was on as if i clicked away. This happened while I was playing a game too and it brought me back to the Desktop.

This is what comes up on the Windows Event Viewer

Log Name: Application
Source: Application Error
Date: 10/02/2015 3:11:00 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Luc-PC
Description:
Faulting application name: TBNotifier.exe, version: 31.15.1.0, time stamp: 0x54c6eea2
Faulting module name: TBNotifier.exe, version: 31.15.1.0, time stamp: 0x54c6eea2
Exception code: 0x40000015
Fault offset: 0x001112d2
Faulting process id: 0x1f34
Faulting application start time: 0x01d045091aa1a60f
Faulting application path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Faulting module path: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Report Id: 587be0f3-b0fc-11e4-ad61-b482fe51bffb
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-10T08:11:00.000000000Z" />
<EventRecordID>84061</EventRecordID>
<Channel>Application</Channel>
<Computer>Luc-PC</Computer>
<Security />
</System>
<EventData>
<Data>TBNotifier.exe</Data>
<Data>31.15.1.0</Data>
<Data>54c6eea2</Data>
<Data>TBNotifier.exe</Data>
<Data>31.15.1.0</Data>
<Data>54c6eea2</Data>
<Data>40000015</Data>
<Data>001112d2</Data>
<Data>1f34</Data>
<Data>01d045091aa1a60f</Data>
<Data>C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe</Data>
<Data>C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe</Data>
<Data>587be0f3-b0fc-11e4-ad61-b482fe51bffb</Data>
</EventData>
</Event>

this happens every 20 - 30 seconds

↧

The virus has changed the file extension.

February 10, 2015, 7:10 am

≫ Next: Error 1068:1068 error dependency service group failed start

≪ Previous: TbNotifier.exe Issue

Hello Friends
My computer recently got a strange virus
Change the extension of all files (Word, Excel, Photoshop, etc.)

File extensions such as:
10.93.DOCX.kbuibxd
amar.XLSX.kbuibxd
khorasan.XLSM.kbuibxd

Note: Only files with uppercase extensions

Please help me because I have lost important files <email address removed>

Even after changing the file extension, the file is corrupted and can not be opened

↧

Error 1068:1068 error dependency service group failed start

February 11, 2015, 2:27 am

≫ Next: not sure where to post...

≪ Previous: The virus has changed the file extension.

My windows sec. service center is not working and I already followed numerous advices from different websites but the error still there and keeps on prompting everytime I tried to enable the windows security service center..Perhaps my laptop was infected by a virus/malware (not sure). I think my brother did something (downloading etc..) and got my laptop infected..Please help...below is my DDS as per the instruction:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 11.31.2
Run by John.Vasquez at 11:41:43 on 2015-02-11
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
uWindow Title = Microsoft Internet Explorer provided by Intertek
uSearch Bar = hxxp://www.google.com
uDefault_Page_URL = hxxps://intranet.intertek.com/
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
mWinlogon: Userinit = userinit.exe
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [BrowserChoice] <no file>
uRunOnce: [Adobe Speed Launcher] 1423628157
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoAutorun = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoOnlinePrintsWizard = dword:1
uPolicies-Explorer: NoPublishingWizard = dword:1
uPolicies-Explorer: NoWebServices = dword:1
uPolicies-Windows\System: ExcludeProfileDirs = My Music;Music;My Videos;Videos;My Received Files;My Skype Received Files
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: legalnoticecaption = *** NOTICE TO USERS ***
mPolicies-System: legalnoticetext = This is an Intertek computer system and is the property of Intertek. It is for authorised use only. Users authorised or unauthorised have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted monitored recorded copied audited inspected and disclosed to authorised personnel of Intertek.
By using this system the user consents to such interception monitoring recording copying auditing inspection and disclosure at the discretion of Intertek.
Unauthorised or improper use of this system may result in administrative disciplinary action and potentially civil and criminal penalties.
By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {36F17E17-AC00-42BC-A6D9-294AD4E7DCD6} - hxxps://ign.intertek.com/Altiris/NS/NSCap/Bin/Win32/x86/AltirisAgentInstBootstrap.cab
TCP: NameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{790E3AD0-DED9-4F88-A76D-1D87F79C536A} : DHCPNameServer = 172.18.183.5 172.18.208.21 172.18.208.20 213.42.20.20
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F} : DHCPNameServer = 172.18.183.5 172.18.208.21
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0527F6C4966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\0727F6C6966656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\34C414942554D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\A6F656C65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\C6561676162716 : DHCPNameServer = 192.168.1.100 192.168.1.100
TCP: Interfaces\{7CBF4766-DFA3-432E-A2A2-26002DA1575F}\D656273696 : DHCPNameServer = 213.42.20.20 195.229.241.222 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=HitachiXHTS725050A7E630_TF0500Y9KJNUYCKJNUYCX&ts=1373013859
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
============= SERVICES / DRIVERS ===============
.
R? AltirisAgentProvider;AltirisAgentProvider
R? amdhub30;AMD USB 3.0 Hub Driver
R? amdxhc;AMD USB 3.0 Host Controller Driver
R? AMPPALP;Intelr Centrinor Wireless Bluetoothr + High Speed Protocol
R? BprotectEx;Baidu ProtectEx
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? htcnprot;HTC NDIS Protocol Driver
R? HtcVCom32;HTC Diagnostic Port
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
R? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
R? PCFApiUtil;PCFApiUtil
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? SyDvCtrl;SyDvCtrl
R? taphss6;Anchorfree HSS VPN Adapter
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? usbrndis6;USB RNDIS6 Adapter
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
S? AeXAgentSrvHost;AeXAgentSrvHost
S? AMPPAL;Intelr Centrinor Wireless Bluetoothr + High Speed Virtual Adapter
S? AMPPALR3;Intelr Centrinor Wireless Bluetoothr + High Speed Service
S? bcbtums;Bluetooth RAM Firmware Download USB Filter
S? BHDrvx64;BHDrvx64
S? BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service
S? btwampfl;btwampfl Bluetooth filter driver
S? BTWDPAN;Bluetooth Personal Area Network
S? btwl2cap;Bluetooth L2CAP Service
S? ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? HP Support Assistant Service;HP Support Assistant Service
S? HPDrvMntSvc.exe;HP Quick Synchronization Service
S? hpHotkeyMonitor;hpHotkeyMonitor
S? hpsrv;HP Service
S? IDSVia64;IDSVia64
S? IntcDAud;Intel(R) Display Audio
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? JMCR;JMCR
S? johci;JMicron 1394 Filter Driver
S? PassThru Service;Internet Pass-Through Service
S? SepMasterService;Symantec Endpoint Protection
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMNETS;Symantec Network Security WFP Driver
S? TeamViewer8;TeamViewer 8
S? UNS;Intel(R) Management and Security Application User Notification Service
S? usbfilter;AMD USB Filter Driver
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2015-02-11 07:37:38 65536 ---hatw- C:\Users\john.vasque\~July 2013.pst.tmp
2015-02-09 11:07:13 -------- d-----w- C:\Users\john.vasque\AppData\Roaming\uTorrent
2015-02-02 04:13:08 -------- d-----w- C:\syslink
2015-01-30 10:44:22 -------- d-----w- C:\Users\john.vasque\AppData\Local\Symantec Power Eraser
2015-01-13 15:17:56 18479800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2015-02-08 04:09:57 767152 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-08 04:09:57 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 10:01:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-17 07:14:34 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 21:59:39 448512 ----a-w- C:\Windows\System32\html.iec
2014-11-24 21:53:14 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-24 21:47:12 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-11-24 21:45:49 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-24 21:44:58 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-24 21:43:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-11-24 20:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2014-11-24 20:40:49 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-19 00:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 11:43:49.60 ===============

Attached Files

Attach.zip (6.2 KB)

↧

not sure where to post...

January 27, 2015, 7:57 am

≫ Next: Lot of pup up's while surfing the web, can't use the computer anymore

≪ Previous: Error 1068:1068 error dependency service group failed start

A few days ago, my McAfee was expiring and I, based on the advice of a friend, chose to purchase a different antivirus- Webroot. Soon after downloading, I began to experience frozen pages and pages becoming unresponsive. I contacted Webroot and asked to be reimbursed and removed it from my computer. Upon another friends advice, I turned on windows defender, which scanned my computer- finding no issues. I currently have this turned on and am still having the same issues. I appreciate any help.'
Thanks, Dawn

↧

Lot of pup up's while surfing the web, can't use the computer anymore

February 15, 2015, 10:49 am

≫ Next: Bad image error SPVloader32.dll

≪ Previous: not sure where to post...

Hi,

It is getting very hard to use internet since any page I open, a lot of pup up's appears.

I regularly use Chrome, I tried with Explorer, but I have the same problem.

It appears to me that the problem started couple of days ago when I installed a software to recognize mac formatted external hard drives, but instead it installed some other program named EZDowloader. I uninstalled it, but the problem persists.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by vmilla at 12:27:48 on 2015-02-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.506.1033.18.7880.5027 [GMT -6:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\ProgramData\Turbonett movil\OnlineUpdate\ouc.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\RtsCM64.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\vmilla\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
C:\Users\vmilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\ProgramData\{e20c2363-79c1-209b-e20c-c236379c8d8d}\Macdrive Pro 9.3.0.5 WORKING!.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.searchtheglobe.info/?pid=22174&r=2015/02/12&hid=4173933537442872263&lg=EN&cc=CR
mStart Page = hxxp://websearch.searchtheglobe.info/?pid=22174&r=2015/02/12&hid=4173933537442872263&lg=EN&cc=CR
mWinlogon: Userinit = userinit.exe
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Spotify Web Helper] "C:\Users\vmilla\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_1BA4CA2790111784FA0089012ADA4728] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRunOnce: [Adobe Speed Launcher] 1424024350
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
StartupFolder: C:\Users\vmilla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\vmilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\vmilla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MACDRI~1.LNK - C:\ProgramData\{e20c2363-79c1-209b-e20c-c236379c8d8d}\Macdrive Pro 9.3.0.5 WORKING!.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\THINKP~1.LNK - C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{1B117F77-352A-4B2E-ADA1-E5E36318D7E4} : DHCPNameServer = 10.14.1.1
TCP: Interfaces\{48CA2C17-CAA3-495A-83B7-FEE58DDF8DE8} : NameServer =
TCP: Interfaces\{6DAD3D68-307C-4721-9EB4-48978AF84830} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{6DAD3D68-307C-4721-9EB4-48978AF84830}\1373D253 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6DAD3D68-307C-4721-9EB4-48978AF84830}\559434E4F54505 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{6DAD3D68-307C-4721-9EB4-48978AF84830}\F627D616 : DHCPNameServer = 10.14.1.1
TCP: Interfaces\{E4BBCA68-4068-489D-BFA6-BAFD5F068106} : NameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtsCM] RTSCM64.EXE
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [Enhanced Performance Keyboard] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [MFACApp] "C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2014-9-4 29512]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-9-4 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-9-4 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-9-4 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-11-7 665768]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-11-7 303464]
R1 OMNISMI;OMNISMI;C:\Windows\SysWOW64\drivers\omnismi.sys [2014-9-4 14776]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-1-13 1198456]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2014-1-13 1710456]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-1-13 1161592]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-11-7 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2014-11-7 1131008]
R2 DACoreService;Dragon Assistant Core;C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [2014-9-4 447376]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-3-31 9954096]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-31 451416]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-9-4 169432]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-9-4 59224]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-9-4 73048]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2014-9-4 197464]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2014-9-4 136288]
R2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [2014-9-4 21552]
R2 McAfeeFramework;Servicio McAfee Framework;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2012-9-5 132712]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2014-11-7 201864]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2012-8-14 210056]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-11-7 170440]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [2014-5-15 230920]
R2 NitroUpdateService;NitroUpdateService;C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-5-15 417800]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-5-15 69640]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2013-10-28 49040]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-5-29 3816176]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-11-7 140600]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-12-11 1419576]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2014-9-4 320560]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-9-4 488216]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-11-7 90112]
R3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-12-10 169680]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-9-4 368624]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-9-4 790000]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-11-11 25528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-11-7 274880]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2014-9-4 1669920]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2014-6-11 316400]
R3 rtsuvc;Integrated Camera;C:\Windows\System32\drivers\rtsuvc.sys [2014-9-4 8874712]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-9-4 31472]
R3 tvtvcamd;Camera Plus (VGA Resolution Maximum);C:\Windows\System32\drivers\tvtvcamd.sys [2014-9-4 27432]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 omaha;Nok Nok Labs Update Service (omaha);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-9-4 148224]
S2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2014-6-11 61936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 Turbonett móvil. RunOuc;Turbonett móvil. OUC;C:\Program Files (x86)\Turbonett movil\UpdateDog\ouc.exe [2014-11-7 655712]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2014-11-7 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2014-11-7 13952]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2014-11-7 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2014-11-7 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2014-11-7 238080]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-11-11 35256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-9-4 450520]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-9-4 533760]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2014-11-7 101200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-5-29 284912]
S3 omaham;Nok Nok Labs Update Service (omaham);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-9-4 148224]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-9-4 1664800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-02-15 18:17:11 -------- d-----w- C:\ProgramData\1e36dd800002ffb
2015-02-15 16:31:45 -------- d-----w- C:\QUARANTINE
2015-02-15 16:06:04 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-15 16:06:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-15 15:51:29 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-15 15:51:28 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-15 15:51:28 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-15 15:51:27 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-13 16:54:42 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E3B6084-932F-419F-86EE-B407BA3F481A}\mpengine.dll
2015-02-12 01:47:25 -------- d-----w- C:\Users\vmilla\AppData\Roaming\EZDownloader
2015-02-12 01:45:00 -------- d-----w- C:\Users\vmilla\AppData\Local\Programs
2015-02-12 01:38:09 -------- d-----w- C:\ProgramData\16573962963018682162
2015-02-12 01:38:09 -------- d-----w- C:\Program Files (x86)\UennIDeealssa
2015-02-12 01:37:53 -------- d-----w- C:\ProgramData\fpopeolnhbfhjmidfffhielcapcnjgjp
2015-02-12 01:37:08 -------- d-----w- C:\ProgramData\{e20c2363-79c1-209b-e20c-c236379c8d8d}
2015-02-11 20:00:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-02-11 19:55:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-11 19:54:38 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-11 19:54:38 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-11 19:54:36 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-02-11 19:54:36 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-02-11 19:54:36 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2015-02-11 19:53:12 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-11 19:53:12 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-11 19:53:01 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-11 19:53:01 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 19:53:01 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 19:53:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-11 19:53:00 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-11 19:52:59 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-11 19:52:59 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-11 18:46:32 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-10 17:29:05 -------- d-----w- C:\Users\vmilla\AppData\Local\ElevatedDiagnostics
2015-02-05 16:09:28 -------- d-----w- C:\Program Files (x86)\iTunes
2015-02-05 16:09:27 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-05 16:09:27 -------- d-----w- C:\Program Files\iTunes
2015-02-05 16:09:27 -------- d-----w- C:\Program Files\iPod
2015-01-30 20:43:06 61136 ----a-w- C:\Windows\System32\drivers\gpt_loader.sys
2015-01-30 20:43:06 42704 ----a-w- C:\Windows\System32\drivers\mounthlp.sys
2015-01-26 15:36:05 -------- d-----w- C:\ProgramData\BluetoothSDK
2015-01-26 15:34:50 -------- d-----w- C:\Users\vmilla\AppData\Local\Garmin
2015-01-26 15:33:23 -------- d-----w- C:\Users\vmilla\AppData\Roaming\Garmin
2015-01-26 15:33:16 -------- d-----w- C:\ProgramData\Garmin
2015-01-26 15:33:13 -------- d-----w- C:\Program Files (x86)\Garmin
2015-01-23 14:04:37 -------- d-----w- C:\Users\vmilla\AppData\Local\Spotify
2015-01-23 14:03:47 -------- d-----w- C:\Users\vmilla\AppData\Roaming\Spotify
2015-01-21 22:26:54 -------- d-----w- C:\Users\vmilla\AppData\Local\CrashDumps
.
==================== Find3M ====================
.
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-26 18:51:54 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-07 03:15:20 104896 ----a-w- C:\Windows\System32\drivers\mup.sys
2015-01-07 03:10:04 782848 ----a-w- C:\Windows\System32\gpsvc.dll
2015-01-07 02:44:14 79872 ----a-w- C:\Windows\SysWow64\gpapi.dll
2015-01-07 01:49:44 310272 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2015-01-07 01:49:32 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-01-07 01:48:48 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-01-07 01:48:38 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-01-07 01:48:10 105984 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2015-01-06 10:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-11-19 10:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
.
============= FINISH: 12:28:01,97 ===============

Attached Files

Attach.zip.zip (229.6 KB)

↧

Bad image error SPVloader32.dll

February 15, 2015, 7:03 pm

≫ Next: continuation of "New Lenovo laptop running slow on browsing and everything else"

≪ Previous: Lot of pup up's while surfing the web, can't use the computer anymore

While trying to use anything on this laptop, I constantly get bombarded with a "bad image error" prompt box. And it always come from this spvcloader32.dll

I ran malware bytes and antivirus. Malwarebytes found a ton of junk that has been removed, but that is what seems to have started the error messages I keep getting. So here's the dds log and the attached files from gmer as well.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 11.31.2
Run by Owner at 20:27:16 on 2015-02-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.110 [GMT -6:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uProxyServer = hxxp=127.0.0.1:8555
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
uURLSearchHooks: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
mURLSearchHooks: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TidyNetwork: {38D31A86-DDBD-3BAD-ED97-2DDBFD79CADE} - C:\Program Files (x86)\TidyNetwork\petn.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: <No Name>: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - LocalServer32 - <no file>
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [TBHostSupport] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
uRun: [APISupport] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\windows\System32\config\systemprofile\AppData\Roaming\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B6898D09-EAC2-4F64-963D-DEBC024282F5} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B6898D09-EAC2-4F64-963D-DEBC024282F5}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B6898D09-EAC2-4F64-963D-DEBC024282F5}\C696E6B6379737 : DHCPNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{B6898D09-EAC2-4F64-963D-DEBC024282F5}\F475E45425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: TidyNetwork: {38D31A86-DDBD-3BAD-ED97-2DDBFD79CADE} - C:\Program Files (x86)\TidyNetwork\petn64.dll
x64-BHO: sAveitkeep.: {4141A777-F573-36C3-1F81-01DA443BC257} - C:\ProgramData\sAveitkeep\Ks.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\68zk8vdm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN38578539301001126&UM=2&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\68zk8vdm.default\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\68zk8vdm.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\68zk8vdm.default\extensions\{c54a4bc4-2966-40ac-9ca4-ad863d6148ee}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\68zk8vdm.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\plugins\np-mswmp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-12-11 482384]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2009-12-11 9216]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2015-2-13 942808]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2015-2-13 1226344]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-1-28 26528]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2015-1-28 815392]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2009-12-11 203264]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-2-18 36392]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2015-2-14 344864]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-1-28 2724128]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;C:\windows\System32\drivers\CHDMI64.sys [2015-2-13 722488]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2015-2-14 23048]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-8 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2015-1-28 129752]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2009-12-11 35008]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2015-2-14 34848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2009-12-11 222208]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-1-10 42184]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-11 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2015-2-14 23016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-3-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-02-16 01:53:43 -------- d-----w- C:\Users\Owner\AppData\Local\{5031B0FD-D36D-4EBF-BC0F-89332EEBC962}
2015-02-14 20:44:05 -------- d-----w- C:\Users\Owner\AppData\Local\{5D938D3B-6FAF-488E-B9A2-BE286616E498}
2015-02-14 18:50:22 55808 ----a-w- C:\windows\System32\rrinstaller.exe
2015-02-14 18:50:22 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2015-02-14 18:50:22 24576 ----a-w- C:\windows\System32\mfpmp.exe
2015-02-14 18:50:22 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2015-02-14 18:50:22 206848 ----a-w- C:\windows\System32\mfps.dll
2015-02-14 18:50:22 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2015-02-14 18:50:22 2048 ----a-w- C:\windows\System32\mferror.dll
2015-02-14 18:50:22 103424 ----a-w- C:\windows\SysWow64\mfps.dll
2015-02-14 18:50:21 4121600 ----a-w- C:\windows\System32\mf.dll
2015-02-14 18:50:21 3209728 ----a-w- C:\windows\SysWow64\mf.dll
2015-02-14 18:43:10 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2015-02-14 18:43:09 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2015-02-14 06:37:30 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2015-02-14 06:37:30 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2015-02-14 06:37:30 171160 ----a-w- C:\windows\System32\infocardapi.dll
2015-02-14 06:37:30 1389208 ----a-w- C:\windows\System32\icardagt.exe
2015-02-14 06:37:29 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2015-02-14 06:37:29 8856 ----a-w- C:\windows\System32\icardres.dll
2015-02-14 06:37:15 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2015-02-14 06:37:15 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2015-02-14 06:24:34 861696 ----a-w- C:\windows\System32\oleaut32.dll
2015-02-14 06:24:34 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2015-02-14 06:23:14 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2015-02-14 06:23:14 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2015-02-14 06:15:26 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-14 06:11:10 -------- d-----w- C:\ProgramData\Oracle
2015-02-14 05:39:11 -------- d-----w- C:\Users\Owner\AppData\Local\{127F96F5-0382-4930-AD18-76B91F10F986}
2015-02-14 05:31:56 2620928 ----a-w- C:\windows\System32\wucltux.dll
2015-02-14 05:31:03 97792 ----a-w- C:\windows\System32\wudriver.dll
2015-02-14 05:31:03 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2015-02-14 05:30:21 36864 ----a-w- C:\windows\System32\wuapp.exe
2015-02-14 05:30:21 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2015-02-14 05:30:21 198600 ----a-w- C:\windows\System32\wuwebv.dll
2015-02-14 05:30:21 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2015-02-14 04:11:42 942808 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2015-02-14 04:11:42 73800 ----a-w- C:\windows\System32\RtNicProp64.dll
2015-02-14 04:11:15 1226344 ----a-w- C:\windows\System32\drivers\rtl8192se.sys
2015-02-14 04:10:24 -------- d-----w- C:\Program Files\CONEXANT
2015-02-14 04:10:22 722488 ----a-w- C:\windows\System32\drivers\CHDMI64.sys
2015-02-14 04:10:22 438840 ----a-w- C:\windows\System32\UCI64H55.dll
2015-01-29 06:01:34 -------- d-----w- C:\IObit
2015-01-29 04:51:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\ProductData
2015-01-29 04:51:20 26528 ----a-w- C:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-01-29 04:49:25 -------- d-----w- C:\ProgramData\ProductData
2015-01-29 04:48:48 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-29 04:48:37 -------- d-----w- C:\ProgramData\IObit
2015-01-29 04:48:37 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2015-01-29 04:48:20 -------- d-----w- C:\Program Files (x86)\IObit
2015-01-29 04:48:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\IObit
2015-01-29 04:29:35 -------- d-----w- C:\Program Files (x86)\SaverAdDon
2015-01-29 04:27:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\Roxio Log Files
2015-01-29 04:26:27 -------- d-----w- C:\Program Files (x86)\realdieaL
2015-01-28 18:23:57 -------- d-----w- C:\Program Files\SaverAdDon
2015-01-28 18:23:51 -------- d-----w- C:\ProgramData\15794066317726514482UL
2015-01-28 18:23:41 -------- d-----w- C:\Program Files\realdieaL
2015-01-28 17:49:15 -------- d-----w- C:\Users\Owner\AppData\Local\{1D994E93-3F2E-4838-96DD-B4F4B386FD7A}
2015-01-28 16:41:14 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-28 16:40:59 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2015-01-28 16:40:59 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2015-01-28 16:40:59 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2015-01-28 16:40:59 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-28 16:40:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-28 16:40:48 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2015-01-28 16:40:26 -------- d-----w- C:\Program Files\CCleaner
2015-01-28 16:19:36 -------- d-----w- C:\Users\Owner\AppData\Local\{24E8519B-5E53-42DA-9983-1ACDC71C2933}
.
==================== Find3M ====================
.
2015-02-14 04:11:42 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2014-11-18 20:56:48 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
.
============= FINISH: 20:30:23.80 ===============

Attached Files

attach.zip (6.5 KB)

↧

continuation of "New Lenovo laptop running slow on browsing and everything else"

January 25, 2015, 3:23 pm

≫ Next: Rundll.32 exe, schost.exe, and ship ton of UDP (17) Traffic inbound using svhost.exe

≪ Previous: Bad image error SPVloader32.dll

hello,

This is a continuation of the thread below as there were further instructions I was given.
http://www.techsupportforum.com/foru...ml#post6000530

# DelFix v10.8 - Logfile created 25/01/2015 at 17:48:15
# Updated 29/07/2014 by Xplode
# Username : user - MANIA
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\user\Desktop\FRST-OlderVersion
Deleted : C:\Users\user\Desktop\Addition.txt
Deleted : C:\Users\user\Desktop\dds.scr
Deleted : C:\Users\user\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\user\Desktop\Fixlog.txt
Deleted : C:\Users\user\Desktop\FRST.txt
Deleted : C:\Users\user\Desktop\FRST64.exe
Deleted : C:\Users\user\Desktop\Shortcut.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #9 [Installed 7-Zip 9.38 (x64 edition) | 01/19/2015 03:47:37]
Deleted : RP #10 [Windows Update | 01/23/2015 02:30:08]
Deleted : RP #12 [Restore Point Created by FRST | 01/24/2015 15:19:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

↧

Rundll.32 exe, schost.exe, and ship ton of UDP (17) Traffic inbound using svhost.exe

January 26, 2015, 10:03 am

≫ Next: Obrona Block Ads/Proxy Virus?

≪ Previous: continuation of "New Lenovo laptop running slow on browsing and everything else"

Hey there.

To set a history how all the crazy things happened, I came by one of those '' naughty '' sites . But boy I messed up.

The moment I visited the site it automatically downloaded some file in my temp folder *without my conscent* Please note I had Norton Premium up to date on updates, and all, so I did not understand how it could allowed it. What happened afterwards was a ton of requests to allow the file to make changes in my windows folder, which I tried to decline again, and again. Problem is that it kept asking for the same request, and no matter if I tried to use task manager, it just would ask for it again making me look at the forced request screen thing.

Well I ended up saying yes, thinking that Norton likely would prevent it downloading the Trojan, or whatever. It did, but it kept trying to download it again, and again. I got warnings again, and again of

25-01-2015 17:03:33

High Risk

An attempt fromHOMEPC have been blocked.

System Infected: Trojan.Ransomlock.G,

"HOMEPC (192.168.0.14, 50420)","109.200.5.91, 443",192.168.0.14 (192.168.0.14),"TCP, Port 50420"

Attack is due to \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\RUNDLL32.EXE.

I knew the file was a windows file, and also the fact it would replace itself if deleted. I did end up getting to that part after Norton Support Center did jack **** to help me, mostly doing things I already knew myself (sfc /scannow, power eraser, msconfig ) and so forth.

In the end I found a nasty little file starting up on boot after looking in msconfig, but still I kept getting UDP (17) traffic, and I still am. So right now I am wondering if I got something on my PC that is getting me traffic sent to me, as Norton/Malwarebytes cannot detect it, I assume so.

Anyway I hope someone can help me, because I do not have a clue why it keeps going on.

Also my Security Center will not start up anymore, so I assume it is thanks to that file.

And to add to that, I got about 12 different svhost.exe processors going at the time, which only adds me to think something is going on.

Here is the UDP (17) wall of spam I am getting in my Norton record.

Categori: Firewall activities

26-01-2015 19:12:58

Rule prevented UDP(17) -traffic with (192.168.0.1 Port ssdp(1900)

Fund, no actions required.

 Rule: Default Block UPnP Discovery Rule action: rejected 

Rule risk: normal Traffic information: Protokol: UDP(17) 

Direction: inbound Lokal vært: Local IP: 239.255.255.250 

Lokal service: Port ssdp(1900) 
Exstern vært: Ekstern IP: 192.168.0.1 
Exstern tjeneste: Port ssdp(1900) 
Exstern MAC: -- Adapter-oversigt: 3 

Procesinformation: Proces-id: 2476 

Processpath: C:\Windows\System32\svchost.exe

↧

Obrona Block Ads/Proxy Virus?

February 16, 2015, 5:54 am

≫ Next: Adware problem

≪ Previous: Rundll.32 exe, schost.exe, and ship ton of UDP (17) Traffic inbound using svhost.exe

I tried to install Jing and the site appeared to be softsonic, and I was moving so fast that I didn't pay much attention. Upon the uninstall of Jing a lot of applications were added to my computer with a message that since I uninstalled I had agreed to them.

I could not access the internet due to it saying my proxy server isn't responding. It stated that I couldn't connect because the main proxy settings did not match the internet proxy settings. I looked around as I do not use a proxy and removed it. I was able to get online and I googled the error. I found a site where many users had the same issues and lots got the issue removed by following their instructions.

I followed these instructions and downloaded those programs as well. (changed to hxxp as suggested)
hxxp://malwaretips.com/blogs/the-proxy-server-isnt-responding-removal/

I no longer have the internet issues but pop ups still persist and on my main screen the darn proxy info is still there. I am including pics of what I speak of. I was able to run gmer once and including pics for the 2 errors I received when running it. I did not save the file correctly and when trying to run it again it gives another error about system being in use (including pic) and then it closes.

Here is the FRST info as I have windows 8.1

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by wonetta (administrator) on TAMIASKY on 16-02-2015 07:09:06
Running from C:\Users\wonetta\Downloads
Loaded Profiles: wonetta (Available profiles: wonetta & Work_Home)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2014-07-16] (Synaptics Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service6] => C:\YouCam6\YouCamService6.exe [500696 2013-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-09-24] (Microsoft Corporation)
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\RunOnce: [Uninstall C:\Users\wonetta\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\wonetta\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\MountPoints2: {53524b8d-8646-11e4-bee2-38eaa7e0c827} - "F:\SETUP.EXE"
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\MountPoints2: {cc9d442d-642c-11e4-bed9-38eaa7e0c827} - "F:\Windows\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\wonetta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wonetta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Work_Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\wonetta\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Work_Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [HKLM] => http=127.0.0.1:9880;https=127.0.0.1:9880
ProxyServer: [HKLM-x32] => http=127.0.0.1:9880;https=127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM-x32 -> {227A31FC-7991-4CD1-8844-ADD61807CE59} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3200443842-1583601999-4041890459-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://portal1.workbooth.com//SNX/CSHELL/extender.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/W...g/ieatgpc1.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\wonetta\AppData\Roaming\Mozilla\Firefox\Profiles\8ko2v3pn.default-1424089289133
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3200443842-1583601999-4041890459-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\wonetta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3200443842-1583601999-4041890459-1002: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\wonetta\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-19]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.att.net/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-23]
CHR Extension: (Google Docs) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Poper Blocker) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-07-30]
CHR Extension: (YouTube) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2014-07-14]
CHR Extension: (Select all Facebook friends) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbcjpjecmkjagmnhgfojblhjhnalbda [2014-07-30]
CHR Extension: (Google Search) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Facebook Select All Friends 2014) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\emcgfadcikgmmidfkhohddnmhbaapgcf [2014-07-30]
CHR Extension: (Google Sheets) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-23]
CHR Extension: (Pin It Button) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-15]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-07-30]
CHR Extension: (Kindle Cloud Reader) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-30]
CHR Extension: (Hangouts) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-02-12]
CHR Extension: (Classic Popup Blocker) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2014-07-30]
CHR Extension: (Onlive Clock) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Gmail) - C:\Users\wonetta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKU\S-1-5-21-3200443842-1583601999-4041890459-1002\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368280 2014-02-19] (Check Point Software Technologies)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-14] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-09] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 UpWork; "C:\ProgramData\Online\updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-06-29] (Emsisoft GmbH)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-06-29] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-16] ()
S3 ISWKLP; C:\Windows\System32\drivers\ISWKLP.sys [43368 2014-09-23] (Check Point Software Technologies)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
R3 VNA; C:\Windows\system32\DRIVERS\vna.sys [161256 2014-02-19] (Check Point Software Technologies)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 vmwvusb; \SystemRoot\System32\Drivers\vmwvusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 07:09 - 2015-02-16 07:09 - 00023886 _____ () C:\Users\wonetta\Downloads\FRST.txt
2015-02-16 07:08 - 2015-02-16 07:09 - 00000000 ____D () C:\FRST
2015-02-16 07:08 - 2015-02-16 07:08 - 02085888 _____ (Farbar) C:\Users\wonetta\Downloads\FRST64.exe
2015-02-16 07:08 - 2015-02-16 07:08 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-02-16 06:57 - 2015-02-16 06:57 - 00370943 _____ () C:\Users\wonetta\Downloads\gmer.zip
2015-02-16 06:56 - 2015-02-16 06:56 - 00688992 _____ (Swearware) C:\Users\wonetta\Downloads\dds.scr
2015-02-16 06:28 - 2015-02-16 07:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-16 06:23 - 2015-02-16 07:01 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-02-16 06:23 - 2015-02-16 06:23 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-16 06:22 - 2015-02-16 06:22 - 00000278 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{76DFA1B0-AA61-4616-A54C-A160F9A45EA2}.job
2015-02-16 06:21 - 2015-02-16 07:05 - 00041103 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 06:21 - 2015-02-16 06:21 - 05040384 _____ (AVAST Software) C:\Users\wonetta\Downloads\avastclear.exe
2015-02-16 06:10 - 2015-02-16 07:00 - 01182950 _____ () C:\WINDOWS\PFRO.log
2015-02-16 06:07 - 2015-02-16 06:07 - 05006864 _____ (AVAST Software) C:\Users\wonetta\Downloads\avast_free_antivirus_setup_online.exe
2015-02-16 05:58 - 2015-02-16 06:31 - 00002342 _____ () C:\Users\wonetta\Desktop\Rkill.txt
2015-02-16 05:42 - 2015-02-16 05:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\wonetta\Desktop\rkill.exe
2015-02-16 05:42 - 2015-02-16 05:42 - 00001205 _____ () C:\Users\wonetta\Desktop\FixNCR.reg
2015-02-16 05:29 - 2015-02-16 05:29 - 00010424 _____ () C:\Users\wonetta\Desktop\HitmanPro_20150216_0529.log
2015-02-16 04:39 - 2015-02-16 04:39 - 00000624 _____ () C:\Users\wonetta\Desktop\JRT.txt
2015-02-16 04:36 - 2015-02-16 04:36 - 01388274 _____ (Thisisu) C:\Users\wonetta\Downloads\JRT (1).exe
2015-02-16 04:11 - 2015-02-16 04:11 - 44409924 _____ () C:\Users\wonetta\Downloads\SpyHunter 4.17.6.4336 (FULL + Patch).zip
2015-02-16 03:53 - 2015-02-16 03:53 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\wonetta\Downloads\SpyHunter-Installer.exe
2015-02-15 11:29 - 2015-02-16 05:29 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-02-14 13:03 - 2015-02-14 13:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-14 13:03 - 2015-02-14 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-14 12:44 - 2015-02-14 12:45 - 00825122 _____ () C:\WINDOWS\system32\errordetails.xml
2015-02-14 12:17 - 2015-02-14 13:03 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-14 12:05 - 2015-02-14 12:06 - 11227888 _____ (SurfRight B.V.) C:\Users\wonetta\Downloads\HitmanPro_x64.exe
2015-02-14 11:48 - 2015-02-14 11:49 - 01388274 _____ (Thisisu) C:\Users\wonetta\Downloads\JRT.exe
2015-02-14 11:47 - 2015-02-16 04:22 - 00066610 _____ () C:\Users\wonetta\Downloads\Result.txt
2015-02-14 11:47 - 2015-02-14 11:47 - 02112512 _____ () C:\Users\wonetta\Downloads\adwcleaner_4.110.exe
2015-02-14 11:35 - 2015-02-14 11:35 - 00065709 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502141135056134.log
2015-02-14 09:47 - 2015-02-14 09:47 - 00000000 ____D () C:\WINDOWS\pss
2015-02-14 02:28 - 2015-02-14 12:35 - 00000000 ____D () C:\ProgramData\a5srv5task
2015-02-14 02:28 - 2015-02-14 02:28 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\et
2015-02-14 02:19 - 2015-02-14 02:19 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{9A44256D-048F-4702-B5B6-0C397E6A6CA4}
2015-02-14 02:19 - 2015-02-14 02:19 - 00003096 _____ () C:\WINDOWS\System32\Tasks\{0EC80589-F5AA-4D1B-AE0F-A7360F050A1D}
2015-02-14 02:11 - 2015-02-14 02:11 - 00001118 _____ () C:\Users\Public\Desktop\mblah.scr.lnk
2015-02-14 02:07 - 2015-02-14 02:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\wonetta\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-14 02:00 - 2015-02-14 02:00 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\33444335-1423879239-4C30-434D-38EAA7E0C827
2015-02-14 01:57 - 2015-02-14 01:58 - 00003078 _____ () C:\WINDOWS\System32\Tasks\RPC
2015-02-14 01:56 - 2015-02-16 03:48 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2015-02-14 01:56 - 2015-02-16 03:48 - 00000000 ____D () C:\Program Files (x86)\dataup
2015-02-14 01:56 - 2015-02-14 12:36 - 00000000 __SHD () C:\Program Files (x86)\RyumDoaos
2015-02-14 01:56 - 2015-02-14 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regprocleaner
2015-02-14 01:56 - 2015-02-14 02:00 - 00000000 ____D () C:\Program Files (x86)\Regprocleaner
2015-02-14 01:56 - 2015-02-14 01:56 - 00000000 ____D () C:\Users\wonetta\AppData\Local\Bypass
2015-02-14 01:56 - 2015-02-14 01:56 - 00000000 ____D () C:\ProgramData\u2c
2015-02-13 03:37 - 2015-02-13 03:37 - 00009127 _____ () C:\Users\wonetta\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-02-11 18:26 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 18:26 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 18:26 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 18:26 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 18:26 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 18:26 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 18:26 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 18:26 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 18:26 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 18:26 - 2014-12-08 17:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:26 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 18:26 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 18:26 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 18:26 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 18:26 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 18:25 - 2015-02-03 17:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 18:25 - 2015-02-03 17:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 18:25 - 2015-02-03 17:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 18:25 - 2015-02-02 17:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 18:25 - 2015-02-02 17:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 18:25 - 2015-02-02 17:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 18:25 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 18:25 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 18:25 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 18:25 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 18:25 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 18:25 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 18:25 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 18:25 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 18:25 - 2015-01-11 20:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 18:25 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 18:25 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 18:25 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 18:25 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 18:25 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 18:25 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 18:25 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 18:25 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 18:25 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 18:25 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 18:25 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 18:25 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 18:25 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 18:25 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 18:25 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 18:25 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 18:25 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 18:25 - 2015-01-11 19:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 18:25 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 18:25 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 18:25 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 18:25 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 18:25 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 18:25 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 18:25 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 18:25 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 18:25 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 18:25 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 18:25 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 18:25 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 18:25 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 18:25 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 18:25 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 18:25 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 18:25 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 18:25 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 18:25 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 18:25 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 18:25 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 18:25 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 18:25 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 18:25 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-08 21:56 - 2015-02-08 21:56 - 00001225 _____ () C:\Users\Public\Desktop\Passport to Paradise.lnk
2015-02-08 21:55 - 2015-02-08 21:56 - 72511352 _____ () C:\Users\wonetta\Downloads\InstallPassportToParadise.exe
2015-02-08 21:55 - 2015-02-08 21:55 - 00001115 _____ () C:\Users\Public\Desktop\Posh Shop.lnk
2015-02-08 21:54 - 2015-02-08 21:54 - 01320019 _____ () C:\Users\wonetta\Downloads\Unconfirmed 517564.crdownload
2015-02-08 21:53 - 2015-02-08 21:54 - 18465632 _____ () C:\Users\wonetta\Downloads\InstallPoshShop.exe
2015-02-08 21:53 - 2015-02-08 21:53 - 00001175 _____ () C:\Users\Public\Desktop\Fashion Forward.lnk
2015-02-08 21:51 - 2015-02-08 21:52 - 40236120 _____ () C:\Users\wonetta\Downloads\InstallFashionSolitaire.exe
2015-02-08 21:48 - 2015-02-08 21:49 - 38173040 _____ () C:\Users\wonetta\Downloads\InstallFashionBoutique.exe
2015-02-08 21:47 - 2015-02-08 21:49 - 109518696 _____ () C:\Users\wonetta\Downloads\InstallFashionForward.exe
2015-02-07 00:02 - 2015-02-07 00:02 - 55981858 _____ () C:\Users\wonetta\Downloads\Best Funny Videos - Babies Eating Lemons for First Time.mp4
2015-02-06 22:12 - 2015-02-06 22:12 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-06 22:11 - 2015-02-06 22:12 - 05325208 _____ (Piriform Ltd) C:\Users\wonetta\Downloads\ccsetup502.exe
2015-02-06 19:09 - 2015-02-06 19:09 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Pi Eye Games
2015-02-06 18:40 - 2015-02-06 18:40 - 00001185 _____ () C:\Users\Public\Desktop\Kitten Sanctuary.lnk
2015-02-06 18:38 - 2015-02-06 18:39 - 38711152 _____ () C:\Users\wonetta\Downloads\InstallKittenSanctuary.exe
2015-02-06 18:38 - 2015-02-06 18:38 - 24815968 _____ () C:\Users\wonetta\Downloads\InstallDiaperDash.exe
2015-02-06 16:31 - 2015-02-13 15:28 - 00000000 ____D () C:\Users\wonetta\Desktop\Eryn
2015-02-05 23:34 - 2015-02-05 23:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\wonetta\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 23:00 - 2015-02-05 23:00 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\UBot Studio
2015-02-05 22:53 - 2015-02-07 16:26 - 00000000 ____D () C:\Program Files (x86)\FB Groups Poster
2015-02-05 22:53 - 2015-02-05 22:53 - 00001154 _____ () C:\Users\Public\Desktop\FB Groups Poster.lnk
2015-02-05 22:53 - 2015-02-05 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FB Groups Poster
2015-02-05 22:15 - 2015-02-05 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 17:37 - 2015-02-05 17:37 - 00033676 _____ () C:\Users\wonetta\Downloads\big-hero-6-english-yify-36523.zip
2015-01-30 02:33 - 2015-02-06 16:29 - 00000000 ____D () C:\Users\wonetta\Desktop\Applications
2015-01-30 02:29 - 2015-01-30 02:33 - 00000000 ____D () C:\Users\wonetta\Desktop\Games
2015-01-28 21:04 - 2015-01-28 21:04 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-28 21:03 - 2015-01-28 21:04 - 00527423 _____ ( ) C:\Users\wonetta\Downloads\Lame_v3.99.3_for_Windows.exe
2015-01-28 20:54 - 2015-01-28 21:42 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Audacity
2015-01-28 20:54 - 2015-01-28 20:54 - 11850480 _____ (Microsoft Corporation) C:\Users\wonetta\Downloads\proofingtools_en-us-x64.exe
2015-01-28 20:54 - 2015-01-28 20:54 - 11590232 _____ (Microsoft Corporation) C:\Users\wonetta\Downloads\proofingtools_en-us-x86.exe
2015-01-28 20:54 - 2015-01-28 20:54 - 00001035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-01-28 20:54 - 2015-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-01-28 20:54 - 2015-01-28 20:54 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-28 20:52 - 2015-01-28 20:53 - 22892794 _____ (Audacity Team ) C:\Users\wonetta\Downloads\audacity-win-2.0.6.exe
2015-01-28 03:56 - 2015-01-28 04:42 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Bitcoin
2015-01-28 03:50 - 2015-01-28 03:50 - 12224864 _____ (Bitcoin Core project) C:\Users\wonetta\Downloads\bitcoin-0.9.3-win64-setup.exe
2015-01-27 05:31 - 2015-01-27 05:32 - 00000000 ____D () C:\Users\wonetta\Desktop\Tor Browser
2015-01-27 05:11 - 2015-01-27 05:11 - 34324222 _____ () C:\Users\wonetta\Downloads\torbrowser-install-4.0.3_en-US.exe
2015-01-24 22:11 - 2015-01-24 22:11 - 00672944 _____ (Adobe Systems Incorporated) C:\Users\wonetta\Downloads\CreativeCloudSet-Up.exe
2015-01-24 22:02 - 2015-02-14 11:34 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-24 22:00 - 2015-01-24 22:01 - 191204480 _____ () C:\Users\wonetta\Downloads\KindlePreviewerInstall.exe
2015-01-24 01:42 - 2015-01-24 01:42 - 00000000 ____D () C:\ProgramData\GameHouse
2015-01-22 03:17 - 2015-01-22 03:44 - 00655360 _____ () C:\Users\wonetta\Documents\Database1.accdb
2015-01-21 17:24 - 2015-01-21 17:24 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\PDF Writer
2015-01-21 17:24 - 2015-01-21 17:24 - 00000000 ____D () C:\Users\wonetta\AppData\Local\PDF Writer
2015-01-20 11:54 - 2015-01-20 11:54 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\RevTrax

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 07:07 - 2014-06-24 13:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3200443842-1583601999-4041890459-1002
2015-02-16 07:03 - 2014-06-27 16:15 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 07:03 - 2014-06-24 13:08 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 07:02 - 2014-10-10 20:16 - 00000000 __RDO () C:\Users\wonetta\OneDrive
2015-02-16 07:01 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 06:01 - 2014-06-25 14:06 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Azureus
2015-02-16 04:30 - 2014-06-30 04:37 - 00000000 ____D () C:\AdwCleaner
2015-02-16 04:30 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 11:34 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 11:31 - 2014-06-24 13:08 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 11:27 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 13:15 - 2014-09-29 09:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-14 12:43 - 2014-06-30 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave.com
2015-02-14 12:43 - 2014-06-30 23:59 - 00000000 ____D () C:\Program Files (x86)\Shockwave.com
2015-02-14 12:35 - 2014-07-12 08:34 - 00001590 _____ () C:\WINDOWS\system32\.crusader
2015-02-14 12:35 - 2014-06-30 03:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-14 11:54 - 2014-09-20 09:36 - 00000000 ____D () C:\Users\wonetta\Desktop\Folders
2015-02-14 11:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-14 11:35 - 2014-10-09 14:35 - 00000000 ____D () C:\ProgramData\AMD
2015-02-14 11:35 - 2014-10-09 14:34 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-14 11:34 - 2014-07-09 04:16 - 00000000 ____D () C:\Users\wonetta\AppData\Local\Amazon
2015-02-14 11:32 - 2014-09-23 23:02 - 00000000 ____D () C:\Program Files (x86)\TeleTech
2015-02-14 11:32 - 2014-07-08 02:10 - 00000000 ____D () C:\ProgramData\VMware
2015-02-14 11:26 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2015-02-14 10:03 - 2014-09-20 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech
2015-02-14 10:02 - 2014-06-24 14:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-14 10:02 - 2014-06-24 12:55 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Adobe
2015-02-14 09:49 - 2014-06-27 16:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 09:48 - 2014-10-09 14:46 - 00000000 ____D () C:\Users\wonetta
2015-02-14 09:46 - 2014-10-10 20:14 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{76DFA1B0-AA61-4616-A54C-A160F9A45EA2}
2015-02-14 02:11 - 2014-06-27 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 14:15 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 09:33 - 2014-06-24 13:13 - 00000000 ____D () C:\Users\wonetta\Desktop\Selling
2015-02-13 08:16 - 2013-08-22 08:44 - 00560512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 04:49 - 2014-07-09 23:05 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForwonetta
2015-02-13 04:49 - 2014-07-09 23:05 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForwonetta.job
2015-02-13 00:45 - 2015-01-05 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-13 00:44 - 2015-01-05 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 15:59 - 2014-06-26 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 15:31 - 2014-06-26 16:57 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 15:25 - 2014-12-10 23:20 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 15:25 - 2014-09-24 03:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 11:20 - 2014-09-24 01:15 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 18:08 - 2014-07-02 13:10 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-08 21:37 - 2014-09-29 09:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 22:12 - 2014-06-27 16:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-06 18:54 - 2014-06-24 13:14 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-02-06 17:32 - 2014-07-04 15:34 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\TeamViewer
2015-02-05 21:17 - 2014-07-06 05:06 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\vlc
2015-02-05 20:26 - 2014-06-24 13:08 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:26 - 2014-06-24 13:08 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 17:47 - 2014-06-24 13:38 - 00000000 ___RD () C:\Users\wonetta\Dropbox
2015-02-05 17:47 - 2014-06-24 13:32 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Dropbox
2015-02-04 19:15 - 2014-09-29 09:14 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:31 - 2014-10-13 15:47 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-10-13 15:47 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 02:50 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\wonetta\Desktop\Credit
2015-01-30 02:35 - 2014-12-26 14:30 - 00000000 ____D () C:\Users\wonetta\Desktop\Fiverr
2015-01-30 02:34 - 2014-12-09 22:02 - 00000000 ____D () C:\Users\wonetta\Desktop\School
2015-01-28 20:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-28 20:52 - 2014-06-24 12:52 - 00000000 ____D () C:\Users\wonetta\AppData\Local\Packages
2015-01-28 18:26 - 2014-06-24 14:09 - 00000000 ____D () C:\Users\wonetta\AppData\Local\Adobe
2015-01-24 22:22 - 2014-06-24 14:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-24 22:18 - 2014-10-09 14:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 02:56 - 2014-11-20 16:03 - 00000000 ____D () C:\Users\wonetta\Desktop\Mystery Shops
2015-01-21 22:06 - 2014-08-14 19:47 - 00000000 ____D () C:\Users\wonetta\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2014-09-23 21:54 - 2014-10-31 10:04 - 0001832 _____ () C:\Users\wonetta\AppData\Local\SLC_wonetta.prx
2014-07-02 13:45 - 2014-10-14 08:50 - 0010155 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\wonetta\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\wonetta\AppData\Local\Temp\Quarantine.exe
C:\Users\wonetta\AppData\Local\Temp\sqlite3.dll
C:\Users\Work_Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpntwujf.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 14:12

==================== End Of Log ============================

Attached Files

Addition.txt (42.5 KB)

↧

Adware problem

February 16, 2015, 3:53 pm

≫ Next: Windows 8.1 laptop needs checkup

≪ Previous: Obrona Block Ads/Proxy Virus?

Hi guys, so my laptop suddenly started showing pop up ads and redirects over the last three days. I suspect some malware or the other.

I am trying to follow the instruction in your "New Instructions" section but DDS did not run and kept giving the message: "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." I have not done anything else.

What should I do?

↧