mickoh10

I dont know why the links to your preventative posts wont work for me, will keep trying though.

It sure looks like it is okay, I dont know how to thank you, but of course your signature tells me how. Thanks so much Mr.C

I just realized that actually, after running the combo fix, everything got cleaned and wiped...even the restore point I had created. Now even the virus seems to be off completely because I have done 3 scans and nothing is showing up....all my programs seem to have reset as well.

I think I was just tired when I did that, I read your instructions twice, and it looked like I had to quarantine them until after I did and rested about 6 hrs then re-read again and realized I had screwed up..let me restore the computer to that point then.

Here are the 2 log files attached TDSSKiller.3.0.0.32_26.04.2014_00.49.36_log.txt log 2.txt

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : IMSEOLab [Admin rights] Mode : Scan -- Date : 04/25/2014 16:00:06 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND [RUN][ROGUE ST] HKCU\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND [RUN][ROGUE ST] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 1 ¤¤¤ [iMSEOLab][ROGUE ST] start.lnk : C:\Users\IMSEOLab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk @C:\Users\IMSEOLab\5RAXZJ~1\26202.vbs [-][-] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (f:\fences\DesktopDock.dll @ 0x63F110C0) [Address] EAT @explorer.exe (BeginBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738909AE) [Address] EAT @explorer.exe (BeginBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738849A1) [Address] EAT @explorer.exe (BeginPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B0731) [Address] EAT @explorer.exe (BufferedPaintClear) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73886395) [Address] EAT @explorer.exe (BufferedPaintInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388940E) [Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738908ED) [Address] EAT @explorer.exe (BufferedPaintSetAlpha) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389E6B3) [Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389D395) [Address] EAT @explorer.exe (BufferedPaintUnInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738894AB) [Address] EAT @explorer.exe (CloseThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73886A18) [Address] EAT @explorer.exe (DrawThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883982) [Address] EAT @explorer.exe (DrawThemeBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389D9DA) [Address] EAT @explorer.exe (DrawThemeEdge) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3B52) [Address] EAT @explorer.exe (DrawThemeIcon) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B35E7) [Address] EAT @explorer.exe (DrawThemeParentBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738853E5) [Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738851BF) [Address] EAT @explorer.exe (DrawThemeText) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73884EA1) [Address] EAT @explorer.exe (DrawThemeTextEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738863E6) [Address] EAT @explorer.exe (EnableThemeDialogTexture) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388FCAF) [Address] EAT @explorer.exe (EnableTheming) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2FEB) [Address] EAT @explorer.exe (EndBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883F9A) [Address] EAT @explorer.exe (EndBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883F9A) [Address] EAT @explorer.exe (EndPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B06CC) [Address] EAT @explorer.exe (GetBufferedPaintBits) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73884BAF) [Address] EAT @explorer.exe (GetBufferedPaintDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738904BC) [Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890473) [Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2E7F) [Address] EAT @explorer.exe (GetCurrentThemeName) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738905DD) [Address] EAT @explorer.exe (GetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890FB1) [Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388CD2E) [Address] EAT @explorer.exe (GetThemeBackgroundExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F8BF) [Address] EAT @explorer.exe (GetThemeBackgroundRegion) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389165D) [Address] EAT @explorer.exe (GetThemeBitmap) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388BF93) [Address] EAT @explorer.exe (GetThemeBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73887C1F) [Address] EAT @explorer.exe (GetThemeColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C) [Address] EAT @explorer.exe (GetThemeDocumentationProperty) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2932) [Address] EAT @explorer.exe (GetThemeEnumValue) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C) [Address] EAT @explorer.exe (GetThemeFilename) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2412) [Address] EAT @explorer.exe (GetThemeFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388FF21) [Address] EAT @explorer.exe (GetThemeInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C) [Address] EAT @explorer.exe (GetThemeIntList) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B23B1) [Address] EAT @explorer.exe (GetThemeMargins) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738886E9) [Address] EAT @explorer.exe (GetThemeMetric) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738906E2) [Address] EAT @explorer.exe (GetThemePartSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388CDB1) [Address] EAT @explorer.exe (GetThemePosition) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2350) [Address] EAT @explorer.exe (GetThemePropertyOrigin) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3FBB) [Address] EAT @explorer.exe (GetThemeRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73893611) [Address] EAT @explorer.exe (GetThemeStream) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738939D9) [Address] EAT @explorer.exe (GetThemeString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B22E4) [Address] EAT @explorer.exe (GetThemeSysBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B3172) [Address] EAT @explorer.exe (GetThemeSysColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3274) [Address] EAT @explorer.exe (GetThemeSysColorBrush) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B301E) [Address] EAT @explorer.exe (GetThemeSysFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B29C4) [Address] EAT @explorer.exe (GetThemeSysInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2BD3) [Address] EAT @explorer.exe (GetThemeSysSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B320B) [Address] EAT @explorer.exe (GetThemeSysString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2B3F) [Address] EAT @explorer.exe (GetThemeTextExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73882D57) [Address] EAT @explorer.exe (GetThemeTextMetrics) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F992) [Address] EAT @explorer.exe (GetThemeTransitionDuration) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73891081) [Address] EAT @explorer.exe (GetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388DF46) [Address] EAT @explorer.exe (HitTestThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73893CE3) [Address] EAT @explorer.exe (IsAppThemed) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F869) [Address] EAT @explorer.exe (IsCompositionActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73882E9A) [Address] EAT @explorer.exe (IsThemeActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F785) [Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738860AB) [Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B312B) [Address] EAT @explorer.exe (IsThemePartDefined) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738885B4) [Address] EAT @explorer.exe (OpenThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738873D2) [Address] EAT @explorer.exe (OpenThemeDataEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3D43) [Address] EAT @explorer.exe (SetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B3296) [Address] EAT @explorer.exe (SetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890134) [Address] EAT @explorer.exe (SetWindowThemeAttribute) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389CFE6) [Address] EAT @explorer.exe (ThemeInitApiHook) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388B176) [Address] EAT @explorer.exe (UpdatePanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B068D) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232A7A384 ATA Device +++++ --- User --- [MBR] 707c8a788074ba88890dc019aad1dbca [bSP] 226c63bd82dbd934a5451924135aa4ef : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 113484 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 234160661 | Size: 87331 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 414793077 | Size: 20659 MB 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 457103920 | Size: 82050 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04252014_160006.txt >>

I am sorry, the first posts were done before I uninstalled utorrent...here is the fresh one Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 2/26/2014 12:03:42 AM System Uptime: 4/25/2014 3:39:26 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 3676 Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 85 GiB total, 14.381 GiB free. E: is FIXED (NTFS) - 111 GiB total, 10.643 GiB free. F: is FIXED (NTFS) - 20 GiB total, 18.917 GiB free. G: is CDROM () K: is CDROM () L: is CDROM () M: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: MpKsl64f3890b Device ID: ROOT\LEGACY_MPKSL64F3890B\0000 Manufacturer: Name: MpKsl64f3890b PNP Device ID: ROOT\LEGACY_MPKSL64F3890B\0000 Service: MpKsl64f3890b . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter . ==== System Restore Points =================== . RP138: 4/25/2014 10:26:35 AM - Removed Camtasia Studio 8 RP139: 4/25/2014 11:05:48 AM - Removed FiverrBot RP140: 4/25/2014 11:07:50 AM - Removed PrPowershot . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe AIR Adobe Flash Player 12 ActiveX & Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player + Authorware Web Player Advanced SystemCare Ultimate 7 AOMEI Backupper Apple Application Support Apple Software Update Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program Ava Find Pro Bluetooth Win7 Suite Box Sync Business Plan Pro 15th Anniversary Edition CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ClickBankGoldminer ClickingAgent Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition Dell Wireless WLAN Card Driver Booster DriverPack Solution Updater ERUNT 1.1j Fences 2 FlipBook Maker Pro 3.6.1 Friend Bomber Google Chrome Google Drive Google Update Helper GSA Captcha Breaker v2.47 GSA Search Engine Ranker v7.85 iCare Data Recovery enterprise license 5.1 IM-Magic Partition Resizer Professional 2013 Income Jacker InstantArticleWizard Intel® Graphics Media Accelerator Driver Intel® Processor ID Utility Internet Download Manager Internet Everywhere IObit Uninstaller iSEEK AnswerWorks English Runtime Java 7 Update 51 Java Auto Updater Java 6 Update 45 K-Lite Codec Pack 8.4.0 (Full) KeywordSnatcher KMSpico 4.1 Lagarith Lossless Codec (1.3.27) LastPass (uninstall only) Logos 4 Prerequisites Logos Bible Software 4 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5.1 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Español Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Word MUI (English) 2013 Mobile Partner Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Outils de vérification linguistique 2013 de Microsoft Office - Français Proxifier version 3.21 Quicken 2014 QuickTime 7 QuickVerse 2010 Realtek High Definition Audio Driver SAM CoDeC Pack Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition SEO PowerSuite Share YouTube Videos version 1 SpeedCommander 15 Surfing Protection TeraCopy 2.3 beta 2 Time Stopper tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TumblingJazz version 1.131 TuneUp Utilities 2014 TuneUp Utilities 2014 (en-US) Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition USB Disk Security Ut Video Codec Suite VirtualCloneDrive VLC media player 1.1.5 VMware Workstation Windows 7 Manager Windows 7 USB/DVD Download Tool WinRAR 5.01 (32-bit) WordWeb Pro x264vfw - H.264/MPEG-4 AVC codec (remove only) Xvid MPEG-4 Video Codec . ==== Event Viewer Messages From Past Week ======== . 4/25/2014 3:48:42 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 4/25/2014 3:39:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc045a790, 0xc0000185, 0x88987860, 0x8b4f29ce). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042514-19578-01. 4/25/2014 2:43:11 PM, Error: Service Control Manager [7034] - The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). 4/25/2014 2:42:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Workstation Server service to connect. 4/25/2014 2:42:14 PM, Error: Service Control Manager [7000] - The VMware Workstation Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/25/2014 2:38:53 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm BIOS CSC DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2014 2:35:36 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 4/25/2014 11:21:03 AM, Error: Service Control Manager [7043] - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control. 4/25/2014 10:56:37 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s). 4/25/2014 10:55:44 AM, Error: Service Control Manager [7034] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). 4/25/2014 1:43:26 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 4/25/2014 1:43:15 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\IMSEOLab\ntuser.dat'. 4/25/2014 1:43:14 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 4/24/2014 6:13:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4. 4/24/2014 11:47:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 4/24/2014 11:35:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 4/24/2014 11:15:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 4/24/2014 11:15:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2014 11:15:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/24/2014 10:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.438.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 4/24/2014 10:37:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/24/2014 10:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/24/2014 10:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/24/2014 10:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BIOS discache ElbyCDIO MpFilter spldr Wanarpv6 4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2014 7:28:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/23/2014 6:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/23/2014 11:38:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 4/23/2014 11:32:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/23/2014 11:24:25 AM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/23/2014 1:57:34 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 4/23/2014 1:39:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/23/2014 1:09:30 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). 4/21/2014 3:23:07 PM, Error: Schannel [36887] - The following fatal alert was received: 40. 4/20/2014 8:57:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 4/20/2014 8:56:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. 4/20/2014 8:56:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 4/19/2014 3:56:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7. 4/19/2014 3:23:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6. 4/19/2014 10:23:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.171.148.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10501.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/18/2014 4:43:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 4/18/2014 10:03:17 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2014 10:03:17 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2014 10:03:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect. . ==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2 Run by IMSEOLab at 15:43:27 on 2014-04-25 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2974.1610 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe F:\Malwarebytes' Anti-Malware\mbamscheduler.exe F:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\KMSpico\Service_KMS.exe C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe C:\Windows\system32\vmnat.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe F:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe F:\USB Disk Security\USBGuard.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Atheros\AWiCMgr.exe C:\Program Files\WordWeb\wweb32.exe F:\USB Disk Security\USBGuard.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Windows\system32\SearchIndexer.exe F:\fences\Fences.exe C:\Program Files\Internet Download Manager\IDMan.exe F:\Proxifier\Proxifier.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe F:\AvaFind Pro\AvaFind.exe C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IObit\Surfing Protection\SPUpdate.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\system32\notepad.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [Adobe Acrobat Registration Service] c:\users\imseolab\appdata\roaming\local\adobe\armhvc.exe uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [Proxifier] "f:\proxifier\proxifier.exe" aut uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate 7\ASCTray.exe" /Auto uRunOnce: [5raxzje9a8] c:\users\imseolab\5raxzje9a8\26202.vbs mRun: [uSB Security] f:\usb disk security\USBGuard.exe mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Fences] "f:\fences\Fences.exe" /startup mRun: [AWiC] "c:\program files\atheros\AWiCMgr.exe" -nogui mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe" StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\fences.lnk - f:\fences\Fences.exe StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\imseolab\5raxzje9a8\26202.vbs StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avafin~1.lnk - f:\avafind pro\AvaFind.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\interneteverywhere\InternetEverywhere_Launcher.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SynchronousMachineGroupPolicy = dword:1 mPolicies-System: SynchronousUserGroupPolicy = dword:1 mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1 IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\PrxerDrv.dll LSP: %windir%\system32\vsocklib.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.2.1 TCP: Interfaces\{6AB15721-CAB7-4D92-BB73-82E21DC8D72F} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{70BB6D26-DA5B-4AEA-A2A3-9D03D46BF2C6} : DHCPNameServer = 192.168.201.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - c:\program files\quickverse 2010\qvprotwrapper.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - f:\fences\FencesMenu.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome IFEO: backupper.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" IFEO: driverbooster.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" IFEO: unins000.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\imseolab\appdata\roaming\mozilla\firefox\profiles\3mgtqajz.default-1396465441559\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll FF - plugin: c:\windows\system32\macromed\authorwa\np32asw.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll . ============= SERVICES / DRIVERS =============== . R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2014-4-17 26424] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960] R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-4-13 61464] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696] R1 MpKsl20b00854;MpKsl20b00854;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys [2014-4-25 39464] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare ultimate 7\ASCService.exe [2014-3-15 886592] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2014-2-26 87968] R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2014-4-17 129720] R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2014-4-17 14392] R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\iobit\advanced systemcare ultimate 7\ASCAvSvc.exe [2014-3-15 647488] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-21 108000] R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\interneteverywhere\InternetEverywhere_Service.exe [2014-3-5 342984] R2 MBAMScheduler;MBAMScheduler;f:\malwarebytes' anti-malware\mbamscheduler.exe [2014-4-22 418376] R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2014-4-22 701512] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264] R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2014-3-16 251096] R2 Service KMSELDI;Service KMSELDI;c:\program files\kmspico\Service_KMS.exe [2014-2-26 37888] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048] R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-11-1 13234176] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-9 24736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-22 22856] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-16 683736] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320] S1 MpKsl64f3890b;MpKsl64f3890b;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl64f3890b.sys [2014-4-25 39464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-26 2153792] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-9 34976] S3 AWiCSrvc;AWiCSrvc;c:\program files\atheros\AWiCSrvc.exe [2014-2-27 49152] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-3-10 27672] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-9 259232] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-9 175776] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-9 49312] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-9 141088] S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-5-9 243872] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2014-3-5 100224] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-25 108032] S3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-2-25 18136] S3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:\windows\system32\drivers\orange_zte_cdc_acm.sys [2014-4-16 66432] S3 orange_zte_cpo;ZTE Orange Install;c:\windows\system32\drivers\orange_zte_cpo.sys [2014-4-16 9984] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-2-26 251496] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-2-26 1343400] S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-9 146592] S4 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-9 76960] S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\aomei backupper\ABService.exe [2014-4-17 29912] . =============== Created Last 30 ================ . 2014-04-25 12:40:29 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\offreg.dll 2014-04-25 10:20:47 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys 2014-04-25 08:16:59 -------- d-s---w- c:\windows\system32\CompatTel 2014-04-25 05:50:06 361984 ----a-w- c:\windows\system32\aepdu.dll 2014-04-25 05:50:06 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-04-25 05:34:54 514560 ----a-w- c:\windows\system32\qdvd.dll 2014-04-24 20:31:20 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\mpengine.dll 2014-04-24 19:18:49 -------- d-----w- C:\TDSSKiller_Quarantine 2014-04-24 09:50:03 -------- d-----w- c:\users\imseolab\appdata\local\AccountsDominator 2014-04-24 08:33:00 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-04-24 08:11:45 -------- d-----w- c:\programdata\HitmanPro 2014-04-24 07:35:42 -------- d-----w- C:\Ark 2014-04-23 20:37:34 -------- d-----w- c:\users\imseolab\appdata\roaming\Affilorama 2014-04-23 17:26:01 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2014-04-22 22:57:36 25400 ----a-w- c:\windows\system32\authuitu.dll 2014-04-22 22:57:31 36152 ----a-w- c:\windows\system32\uxtuneup.dll 2014-04-22 22:57:15 -------- d-----w- c:\users\imseolab\appdata\local\TuneUp Software 2014-04-22 22:49:17 36664 ----a-w- c:\windows\system32\TURegOpt.exe 2014-04-22 22:48:49 -------- d-----w- c:\users\imseolab\appdata\roaming\TuneUp Software 2014-04-22 22:48:06 -------- d-----w- c:\program files\TuneUp Utilities 2014 2014-04-22 22:46:08 -------- d-----w- c:\programdata\TuneUp Software 2014-04-22 22:45:57 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-22 22:45:57 -------- d--h--w- c:\programdata\Common Files 2014-04-22 22:24:20 -------- d-----w- c:\users\imseolab\appdata\roaming\TweetAdder3 2014-04-22 17:17:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-21 21:03:54 -------- d-----w- C:\Hman's Login 2014-04-21 16:52:55 6163104 ----a-w- c:\windows\system32\Flash.ocx 2014-04-21 01:47:59 86016 ----a-w- c:\windows\unvise32.exe 2014-04-21 00:07:58 -------- d-----w- c:\users\imseolab\appdata\roaming\FB2 2014-04-20 23:20:07 -------- d-----w- c:\users\imseolab\appdata\roaming\com.jayvenka.qilio 2014-04-20 00:56:46 -------- d-----w- c:\users\imseolab\appdata\local\AccountStreamYahoo 2014-04-19 14:54:12 -------- d-----w- c:\users\imseolab\appdata\roaming\GSA Captcha Breaker 2014-04-19 14:40:12 -------- d-----w- c:\users\imseolab\appdata\roaming\Proxifier 2014-04-19 14:39:25 91240 ----a-w- c:\windows\system32\ProxifierShellExt.dll 2014-04-19 14:39:25 70248 ----a-w- c:\windows\system32\PrxerDrv.dll 2014-04-19 14:39:25 56424 ----a-w- c:\windows\system32\PrxerNsp.dll 2014-04-19 14:39:25 11264 ----a-w- c:\windows\system32\SPORDER.DLL 2014-04-19 14:36:22 -------- d-----w- c:\users\imseolab\appdata\roaming\GSA Search Engine Ranker 2014-04-19 11:51:20 -------- d-----w- c:\users\imseolab\appdata\roaming\BoostFanPageTraffic 2014-04-19 08:48:50 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adc7bf4b-cd44-4cac-9db3-3476a994dadf}\gapaengine.dll 2014-04-19 08:24:22 6858064 ----a-r- c:\users\imseolab\appdata\roaming\microsoft\installer\{4b523cfd-2b57-403a-973f-920422a0d7f2}\Logos4.exe 2014-04-19 08:20:30 -------- d-----w- c:\users\imseolab\appdata\local\Logos4 2014-04-19 08:19:48 -------- d-----w- c:\program files\Link-AssistantCom 2014-04-19 08:18:49 -------- d-----w- c:\program files\Time Stopper 2014-04-19 08:15:05 -------- d-----w- c:\users\imseolab\appdata\local\TempDIR 2014-04-17 23:51:18 -------- d-----w- c:\users\imseolab\appdata\roaming\SubRepo 2014-04-17 21:13:22 -------- d-----w- c:\users\imseolab\appdata\roaming\PrPowershot 2014-04-17 15:46:00 -------- d-----w- c:\users\imseolab\appdata\local\BlackHatToolz.com 2014-04-17 15:18:24 -------- d-----w- c:\programdata\AomeiBR 2014-04-17 13:42:55 26424 ----a-w- c:\windows\system32\ambakdrv.sys 2014-04-17 13:42:55 14392 ----a-w- c:\windows\system32\amwrtdrv.sys 2014-04-17 13:42:55 129720 ----a-w- c:\windows\system32\ammntdrv.sys 2014-04-17 13:42:47 -------- d-----w- c:\program files\AOMEI Backupper 2014-04-17 13:41:27 86016 ----a-w- c:\windows\system32\atl70.dll 2014-04-17 13:41:27 1355776 ----a-w- c:\windows\system32\msvbvm50.dll 2014-04-17 13:40:31 -------- d-----w- c:\windows\system32\Adobe 2014-04-17 13:38:49 -------- d-----w- c:\program files\SAM CoDeC Pack 2014-04-17 10:36:23 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys 2014-04-17 10:36:22 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2014-04-17 10:36:22 116736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2014-04-17 10:36:22 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2014-04-17 10:24:01 -------- d-----w- c:\users\imseolab\appdata\roaming\AVAST Software 2014-04-17 10:21:46 -------- d-----w- c:\program files\AVAST Software 2014-04-17 10:21:35 403440 ----a-w- c:\windows\system32\drivers\xumwvxrt.sys 2014-04-17 09:04:25 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2014-04-17 09:04:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2014-04-17 09:04:23 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2014-04-17 09:04:23 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2014-04-17 09:04:23 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2014-04-17 09:04:23 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2014-04-17 09:04:22 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2014-04-17 09:04:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2014-04-17 06:48:54 -------- d-----w- c:\program files\SupportAppCB 2014-04-16 14:17:40 9984 ----a-w- c:\windows\system32\drivers\orange_zte_cpo.sys 2014-04-16 14:17:40 66432 ----a-w- c:\windows\system32\drivers\orange_zte_cdc_acm.sys 2014-04-16 14:17:40 1461992 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll 2014-04-16 14:17:40 13312 ----a-w- c:\windows\system32\orange_zte_CPOCoinstaller.dll 2014-04-16 14:17:40 13312 ----a-w- c:\windows\system32\drivers\orange_zte_CPOCoinstaller.dll 2014-04-15 07:16:37 -------- d-----w- c:\users\imseolab\appdata\roaming\Atomic Alarm Clock 6 2014-04-12 22:08:13 -------- d-----w- c:\users\imseolab\appdata\roaming\IDM 2014-04-12 21:43:04 119808 ----a-r- c:\users\imseolab\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe 2014-04-12 21:25:18 -------- d-----w- c:\users\imseolab\appdata\local\VMware 2014-04-12 21:22:22 63128 ----a-w- c:\windows\system32\vsocklib.dll 2014-04-12 21:22:21 61464 ----a-w- c:\windows\system32\drivers\vsock.sys 2014-04-12 21:21:34 357016 ----a-w- c:\windows\system32\vmnetdhcp.exe 2014-04-12 21:21:30 435864 ----a-w- c:\windows\system32\vmnat.exe 2014-04-12 21:21:29 25752 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2014-04-12 21:21:22 779928 ----a-w- c:\windows\system32\vnetlib.dll 2014-04-12 21:21:16 41496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2014-04-12 21:19:23 -------- d-----w- c:\program files\VMware 2014-04-12 21:19:23 -------- d-----w- c:\program files\common files\VMware 2014-04-12 17:00:48 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-12 17:00:48 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-12 17:00:48 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-12 17:00:48 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-12 17:00:39 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-04-12 07:47:55 -------- d-----w- c:\program files\Intel Corporation 2014-04-07 22:25:16 -------- d-----w- c:\users\imseolab\appdata\local\Business Plan Pro Samples 2014-04-07 22:21:19 -------- d-----w- c:\users\imseolab\appdata\local\Palo_Alto_Software 2014-04-07 22:21:18 -------- d-----w- c:\users\imseolab\appdata\roaming\bppenu11 2014-04-07 18:02:11 -------- d-----w- c:\users\imseolab\appdata\local\Geckofx 2014-04-07 18:02:01 -------- d-----w- c:\users\imseolab\appdata\roaming\Clyde Software Unlimited 2014-04-07 17:46:50 -------- d-----w- c:\programdata\KeywordOrganizer 2014-04-07 06:03:16 -------- d-----w- c:\users\imseolab\appdata\local\KeywordOrganizer 2014-04-06 20:30:26 -------- d-----w- c:\windows\system32\Hotspot Shield 2014-04-06 09:54:22 -------- d-----w- c:\users\imseolab\appdata\local\Evergreen_Internet_Market 2014-04-05 21:12:43 -------- d-----w- c:\users\imseolab\appdata\roaming\EndNote 2014-04-05 20:52:59 -------- d-----w- c:\program files\common files\Risxtd 2014-04-05 20:52:49 -------- d-----w- c:\program files\common files\ResearchSoft 2014-04-05 20:51:47 -------- d-----w- c:\program files\EndNote X3 2014-04-05 20:51:13 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers 2014-04-05 20:48:31 -------- d-----w- c:\windows\86B3F2D6AC2B4E888AE1F2F77F781B0C.TMP 2014-04-05 20:48:22 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2014-04-05 14:07:18 50688 ----a-w- c:\windows\system32\admwprox.dll 2014-04-05 14:07:18 154624 ----a-w- c:\windows\system32\iisRtl.dll 2014-04-05 14:07:17 8192 ----a-w- c:\windows\system32\iisrstap.dll 2014-04-05 14:07:17 26624 ----a-w- c:\windows\system32\ahadmin.dll 2014-04-05 14:07:17 15360 ----a-w- c:\windows\system32\iisreset.exe 2014-04-05 14:07:17 10752 ----a-w- c:\windows\system32\wamregps.dll 2014-04-05 12:34:33 -------- d-----w- c:\users\imseolab\appdata\roaming\IBP 2014-04-05 12:18:22 -------- d-----w- c:\users\imseolab\appdata\local\Downloaded Installations 2014-04-05 09:48:56 -------- d-----w- c:\users\imseolab\appdata\roaming\DigiResults 2014-04-05 09:47:31 -------- d-----w- c:\users\imseolab\appdata\local\Deployment 2014-04-05 08:06:49 -------- d-----w- c:\windows\system32\BestPractices 2014-04-05 08:06:48 -------- d-----w- C:\inetpub 2014-04-04 21:50:03 -------- d-----w- c:\users\imseolab\appdata\local\Mibasoft_Ltd 2014-04-03 21:12:02 -------- d-----w- c:\users\imseolab\appdata\local\A 2014-04-03 09:51:53 -------- d-----w- c:\users\imseolab\appdata\roaming\TideSDK 2014-04-02 21:34:03 -------- d-----w- c:\users\imseolab\appdata\local\Apple Computer 2014-04-02 21:33:53 -------- d-----w- c:\users\imseolab\appdata\roaming\Titanium 2014-04-01 06:27:45 -------- d-----w- c:\users\imseolab\.ScreamingFrogSEOSpider 2014-03-30 15:29:50 -------- d-----w- c:\users\imseolab\appdata\local\SENukeX 2014-03-30 15:29:48 -------- d-----w- c:\users\imseolab\appdata\local\SENukeXUpdateConfig 2014-03-30 13:24:43 -------- d-----w- c:\users\imseolab\appdata\roaming\IsolatedStorage 2014-03-30 13:24:43 -------- d-----w- c:\programdata\IsolatedStorage 2014-03-30 13:24:37 -------- d-----w- c:\users\imseolab\appdata\local\TumbleNinja 2014-03-30 13:24:24 -------- d-----w- c:\programdata\Gibraltar 2014-03-30 13:18:39 -------- d-----w- c:\program files\Share YouTube Videos 2014-03-30 13:17:04 -------- d-----w- c:\users\imseolab\appdata\roaming\Tumblifier 2014-03-30 13:17:04 -------- d-----w- c:\users\imseolab\appdata\local\Tumblifier 2014-03-30 13:14:30 -------- d-----w- c:\users\imseolab\appdata\roaming\ScrapeBoard 2014-03-30 13:10:32 -------- d-----w- c:\users\imseolab\appdata\local\Wicked_Article_Creator 2014-03-30 06:18:40 -------- d-----w- c:\users\imseolab\appdata\local\xTumblrBot.com 2014-03-28 17:11:45 -------- d-sh--w- c:\users\imseolab\wc 2014-03-28 17:11:39 -------- d-----w- c:\users\imseolab\appdata\roaming\Molura 2014-03-28 17:11:38 -------- d-sh--w- c:\users\imseolab\appdata\roaming\wyUpdate AU 2014-03-28 17:10:34 -------- d-----w- c:\users\imseolab\appdata\local\Molura 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-03-27 19:33:25 -------- d-----w- c:\users\imseolab\appdata\local\Apple 2014-03-27 19:04:45 -------- d-----w- c:\users\imseolab\appdata\local\TechSmith 2014-03-27 08:31:29 -------- d-----w- c:\users\imseolab\dkJpRtTdKlBxAJxdiPPnOgMInfo 2014-03-27 08:31:28 -------- d-----w- c:\users\imseolab\appdata\roaming\com.trafficspy 2014-03-26 20:51:11 -------- d-----w- C:\Quickfire . ==================== Find3M ==================== . 2014-04-17 13:39:16 715038 ----a-w- c:\windows\unins000.exe 2014-04-16 14:17:26 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2014-04-03 17:37:50 11149312 ----a-w- c:\program files\common files\lpuninstall.exe 2014-03-23 19:05:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-03-19 16:06:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-03-16 19:44:56 76872 ----a-w- c:\windows\system32\RtNicProp32.dll 2014-03-16 19:44:56 683736 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2014-03-16 19:44:56 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2014-03-16 19:41:46 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl 2014-03-16 19:41:45 3012056 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2014-03-16 19:41:44 915160 ----a-w- c:\windows\system32\RtkCoInstII.dll 2014-03-16 19:41:44 782040 ----a-w- c:\windows\system32\RtkApoApi.dll 2014-03-16 19:41:44 2559192 ----a-w- c:\windows\system32\RtkPgExt.dll 2014-03-16 19:41:44 13416 ----a-w- c:\windows\system32\RtkCoLDR.dll 2014-03-16 19:41:43 2464472 ----a-w- c:\windows\system32\RtkAPO.dll 2014-03-16 19:41:40 54936064 ----a-w- c:\windows\system32\RCoRes.dat 2014-03-16 19:41:22 92584 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-03-16 19:41:21 95840 ----a-w- c:\windows\system32\AERTARen.dll 2014-03-16 19:41:21 182472 ----a-w- c:\windows\system32\AERTACap.dll 2014-03-11 06:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-05 10:49:00 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys 2014-02-28 11:09:55 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin 2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll 2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll 2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll 2013-02-07 12:22:00 50330 ----a-w- c:\program files\AntiDust.exe . ============= FINISH: 15:48:43.85 ===============

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2 Run by IMSEOLab at 13:41:56 on 2014-04-25 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2974.1468 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe F:\Malwarebytes' Anti-Malware\mbamscheduler.exe F:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\KMSpico\Service_KMS.exe C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe C:\Windows\system32\vmnat.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\vmnetdhcp.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE F:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe F:\USB Disk Security\USBGuard.exe F:\USB Disk Security\USBGuard.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Atheros\AWiCMgr.exe C:\Program Files\WordWeb\wweb32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Internet Download Manager\IDMan.exe F:\Proxifier\Proxifier.exe C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe F:\AvaFind Pro\AvaFind.exe C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\system32\notepad.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe C:\Windows\system32\ctfmon.exe C:\Windows\System32\WUDFHost.exe F:\Mobile Partner\Mobile Partner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Adobe Acrobat Registration Service] c:\users\imseolab\appdata\roaming\local\adobe\armhvc.exe uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [Proxifier] "f:\proxifier\proxifier.exe" aut uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate 7\ASCTray.exe" /Auto uRunOnce: [5raxzje9a8] c:\users\imseolab\5raxzje9a8\26202.vbs mRun: [uSB Security] f:\usb disk security\USBGuard.exe mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Fences] "f:\fences\Fences.exe" /startup mRun: [AWiC] "c:\program files\atheros\AWiCMgr.exe" -nogui mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\fences.lnk - f:\fences\Fences.exe StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\imseolab\5raxzje9a8\26202.vbs StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avafin~1.lnk - f:\avafind pro\AvaFind.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\interneteverywhere\InternetEverywhere_Launcher.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SynchronousMachineGroupPolicy = dword:1 mPolicies-System: SynchronousUserGroupPolicy = dword:1 mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1 IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll LSP: %SystemRoot%\system32\PrxerDrv.dll LSP: %windir%\system32\vsocklib.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: Interfaces\{6AB15721-CAB7-4D92-BB73-82E21DC8D72F} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{70BB6D26-DA5B-4AEA-A2A3-9D03D46BF2C6} : DHCPNameServer = 192.168.201.1 TCP: Interfaces\{B9B973A7-4108-42CC-B107-D28B935E1E61} : NameServer = 8.8.8.8 41.191.76.70 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - c:\program files\quickverse 2010\qvprotwrapper.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - f:\fences\FencesMenu.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome IFEO: backupper.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" IFEO: driverbooster.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" IFEO: unins000.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\imseolab\appdata\roaming\mozilla\firefox\profiles\3mgtqajz.default-1396465441559\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll FF - plugin: c:\windows\system32\macromed\authorwa\np32asw.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll . ============= SERVICES / DRIVERS =============== . R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2014-4-17 26424] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 178304] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960] R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-4-13 61464] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-4-17 26136] R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-4-17 259928] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 774392] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-17 403440] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696] R1 MpKsl20b00854;MpKsl20b00854;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys [2014-4-25 39464] R1 MpKsld9840670;MpKsld9840670;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsld9840670.sys [2014-4-25 39464] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare ultimate 7\ASCService.exe [2014-3-15 886592] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2014-2-26 87968] R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2014-4-17 129720] R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2014-4-17 14392] R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\iobit\advanced systemcare ultimate 7\ASCAvSvc.exe [2014-3-15 647488] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2014-4-17 35656] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 70384] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-17 50344] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-17 116776] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-21 108000] R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\interneteverywhere\InternetEverywhere_Service.exe [2014-3-5 342984] R2 MBAMScheduler;MBAMScheduler;f:\malwarebytes' anti-malware\mbamscheduler.exe [2014-4-22 418376] R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2014-4-22 701512] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264] R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2014-3-16 251096] R2 Service KMSELDI;Service KMSELDI;c:\program files\kmspico\Service_KMS.exe [2014-2-26 37888] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048] R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-11-1 13234176] R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-9 24736] R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2014-3-5 100224] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-22 22856] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-16 683736] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-26 2153792] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-9 34976] S3 AWiCSrvc;AWiCSrvc;c:\program files\atheros\AWiCSrvc.exe [2014-2-27 49152] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-3-10 27672] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-9 259232] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-9 175776] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-9 49312] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-9 141088] S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-5-9 243872] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-25 108032] S3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-2-25 18136] S3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:\windows\system32\drivers\orange_zte_cdc_acm.sys [2014-4-16 66432] S3 orange_zte_cpo;ZTE Orange Install;c:\windows\system32\drivers\orange_zte_cpo.sys [2014-4-16 9984] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-2-26 251496] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-2-26 1343400] S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-9 146592] S4 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-9 76960] S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\aomei backupper\ABService.exe [2014-4-17 29912] . =============== Created Last 30 ================ . 2014-04-25 10:20:47 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys 2014-04-25 08:19:29 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsld9840670.sys 2014-04-25 08:16:59 -------- d-s---w- c:\windows\system32\CompatTel 2014-04-25 05:50:06 361984 ----a-w- c:\windows\system32\aepdu.dll 2014-04-25 05:50:06 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-04-25 05:34:54 514560 ----a-w- c:\windows\system32\qdvd.dll 2014-04-24 20:31:20 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\mpengine.dll 2014-04-24 19:18:49 -------- d-----w- C:\TDSSKiller_Quarantine 2014-04-24 09:50:03 -------- d-----w- c:\users\imseolab\appdata\local\AccountsDominator 2014-04-24 08:33:00 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-04-24 08:11:45 -------- d-----w- c:\programdata\HitmanPro 2014-04-24 07:35:42 -------- d-----w- C:\Ark 2014-04-23 20:37:34 -------- d-----w- c:\users\imseolab\appdata\roaming\Affilorama 2014-04-23 17:26:01 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2014-04-22 22:57:36 25400 ----a-w- c:\windows\system32\authuitu.dll 2014-04-22 22:57:31 36152 ----a-w- c:\windows\system32\uxtuneup.dll 2014-04-22 22:57:15 -------- d-----w- c:\users\imseolab\appdata\local\TuneUp Software 2014-04-22 22:49:17 36664 ----a-w- c:\windows\system32\TURegOpt.exe 2014-04-22 22:48:49 -------- d-----w- c:\users\imseolab\appdata\roaming\TuneUp Software 2014-04-22 22:48:06 -------- d-----w- c:\program files\TuneUp Utilities 2014 2014-04-22 22:46:08 -------- d-----w- c:\programdata\TuneUp Software 2014-04-22 22:45:57 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-22 22:45:57 -------- d--h--w- c:\programdata\Common Files 2014-04-22 22:24:20 -------- d-----w- c:\users\imseolab\appdata\roaming\TweetAdder3 2014-04-22 17:17:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-04-21 21:03:54 -------- d-----w- C:\Hman's Login 2014-04-21 16:52:55 6163104 ----a-w- c:\windows\system32\Flash.ocx 2014-04-21 01:47:59 86016 ----a-w- c:\windows\unvise32.exe 2014-04-21 00:07:58 -------- d-----w- c:\users\imseolab\appdata\roaming\FB2 2014-04-20 23:20:07 -------- d-----w- c:\users\imseolab\appdata\roaming\com.jayvenka.qilio 2014-04-20 00:56:46 -------- d-----w- c:\users\imseolab\appdata\local\AccountStreamYahoo 2014-04-19 14:54:12 -------- d-----w- c:\users\imseolab\appdata\roaming\GSA Captcha Breaker 2014-04-19 14:40:12 -------- d-----w- c:\users\imseolab\appdata\roaming\Proxifier 2014-04-19 14:39:25 91240 ----a-w- c:\windows\system32\ProxifierShellExt.dll 2014-04-19 14:39:25 70248 ----a-w- c:\windows\system32\PrxerDrv.dll 2014-04-19 14:39:25 56424 ----a-w- c:\windows\system32\PrxerNsp.dll 2014-04-19 14:39:25 11264 ----a-w- c:\windows\system32\SPORDER.DLL 2014-04-19 14:36:22 -------- d-----w- c:\users\imseolab\appdata\roaming\GSA Search Engine Ranker 2014-04-19 11:51:20 -------- d-----w- c:\users\imseolab\appdata\roaming\BoostFanPageTraffic 2014-04-19 08:48:50 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adc7bf4b-cd44-4cac-9db3-3476a994dadf}\gapaengine.dll 2014-04-19 08:24:22 6858064 ----a-r- c:\users\imseolab\appdata\roaming\microsoft\installer\{4b523cfd-2b57-403a-973f-920422a0d7f2}\Logos4.exe 2014-04-19 08:20:30 -------- d-----w- c:\users\imseolab\appdata\local\Logos4 2014-04-19 08:19:48 -------- d-----w- c:\program files\Link-AssistantCom 2014-04-19 08:18:49 -------- d-----w- c:\program files\Time Stopper 2014-04-19 08:15:05 -------- d-----w- c:\users\imseolab\appdata\local\TempDIR 2014-04-17 23:51:18 -------- d-----w- c:\users\imseolab\appdata\roaming\SubRepo 2014-04-17 21:13:22 -------- d-----w- c:\users\imseolab\appdata\roaming\PrPowershot 2014-04-17 15:46:00 -------- d-----w- c:\users\imseolab\appdata\local\BlackHatToolz.com 2014-04-17 15:18:24 -------- d-----w- c:\programdata\AomeiBR 2014-04-17 13:42:55 26424 ----a-w- c:\windows\system32\ambakdrv.sys 2014-04-17 13:42:55 14392 ----a-w- c:\windows\system32\amwrtdrv.sys 2014-04-17 13:42:55 129720 ----a-w- c:\windows\system32\ammntdrv.sys 2014-04-17 13:42:47 -------- d-----w- c:\program files\AOMEI Backupper 2014-04-17 13:41:27 86016 ----a-w- c:\windows\system32\atl70.dll 2014-04-17 13:41:27 1355776 ----a-w- c:\windows\system32\msvbvm50.dll 2014-04-17 13:40:31 -------- d-----w- c:\windows\system32\Adobe 2014-04-17 13:38:49 -------- d-----w- c:\program files\SAM CoDeC Pack 2014-04-17 10:36:23 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys 2014-04-17 10:36:22 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2014-04-17 10:36:22 116736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2014-04-17 10:36:22 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2014-04-17 10:24:01 -------- d-----w- c:\users\imseolab\appdata\roaming\AVAST Software 2014-04-17 10:22:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-04-17 10:22:33 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-04-17 10:22:32 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-04-17 10:22:31 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-04-17 10:22:27 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-04-17 10:22:24 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-04-17 10:22:15 43152 ----a-w- c:\windows\avastSS.scr 2014-04-17 10:22:06 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2014-04-17 10:21:46 -------- d-----w- c:\program files\AVAST Software 2014-04-17 10:21:35 403440 ----a-w- c:\windows\system32\drivers\xumwvxrt.sys 2014-04-17 10:21:12 -------- d-----w- c:\programdata\AVAST Software 2014-04-17 09:04:25 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2014-04-17 09:04:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2014-04-17 09:04:23 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2014-04-17 09:04:23 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2014-04-17 09:04:23 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2014-04-17 09:04:23 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2014-04-17 09:04:22 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2014-04-17 09:04:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2014-04-17 06:48:54 -------- d-----w- c:\program files\SupportAppCB 2014-04-16 14:17:40 9984 ----a-w- c:\windows\system32\drivers\orange_zte_cpo.sys 2014-04-16 14:17:40 66432 ----a-w- c:\windows\system32\drivers\orange_zte_cdc_acm.sys 2014-04-16 14:17:40 1461992 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll 2014-04-16 14:17:40 13312 ----a-w- c:\windows\system32\orange_zte_CPOCoinstaller.dll 2014-04-16 14:17:40 13312 ----a-w- c:\windows\system32\drivers\orange_zte_CPOCoinstaller.dll 2014-04-15 07:16:37 -------- d-----w- c:\users\imseolab\appdata\roaming\Atomic Alarm Clock 6 2014-04-12 22:08:13 -------- d-----w- c:\users\imseolab\appdata\roaming\IDM 2014-04-12 21:43:04 119808 ----a-r- c:\users\imseolab\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe 2014-04-12 21:25:18 -------- d-----w- c:\users\imseolab\appdata\local\VMware 2014-04-12 21:22:22 63128 ----a-w- c:\windows\system32\vsocklib.dll 2014-04-12 21:22:21 61464 ----a-w- c:\windows\system32\drivers\vsock.sys 2014-04-12 21:21:34 357016 ----a-w- c:\windows\system32\vmnetdhcp.exe 2014-04-12 21:21:30 435864 ----a-w- c:\windows\system32\vmnat.exe 2014-04-12 21:21:29 25752 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2014-04-12 21:21:22 779928 ----a-w- c:\windows\system32\vnetlib.dll 2014-04-12 21:21:16 41496 ----a-w- c:\windows\system32\drivers\hcmon.sys 2014-04-12 21:19:23 -------- d-----w- c:\program files\VMware 2014-04-12 21:19:23 -------- d-----w- c:\program files\common files\VMware 2014-04-12 17:00:48 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-12 17:00:48 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-12 17:00:48 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-12 17:00:48 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-12 17:00:39 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-04-12 07:47:55 -------- d-----w- c:\program files\Intel Corporation 2014-04-07 22:25:16 -------- d-----w- c:\users\imseolab\appdata\local\Business Plan Pro Samples 2014-04-07 22:21:19 -------- d-----w- c:\users\imseolab\appdata\local\Palo_Alto_Software 2014-04-07 22:21:18 -------- d-----w- c:\users\imseolab\appdata\roaming\bppenu11 2014-04-07 18:02:11 -------- d-----w- c:\users\imseolab\appdata\local\Geckofx 2014-04-07 18:02:01 -------- d-----w- c:\users\imseolab\appdata\roaming\Clyde Software Unlimited 2014-04-07 17:46:50 -------- d-----w- c:\programdata\KeywordOrganizer 2014-04-07 06:03:16 -------- d-----w- c:\users\imseolab\appdata\local\KeywordOrganizer 2014-04-06 20:30:26 -------- d-----w- c:\windows\system32\Hotspot Shield 2014-04-06 09:54:22 -------- d-----w- c:\users\imseolab\appdata\local\Evergreen_Internet_Market 2014-04-05 21:12:43 -------- d-----w- c:\users\imseolab\appdata\roaming\EndNote 2014-04-05 20:52:59 -------- d-----w- c:\program files\common files\Risxtd 2014-04-05 20:52:49 -------- d-----w- c:\program files\common files\ResearchSoft 2014-04-05 20:51:47 -------- d-----w- c:\program files\EndNote X3 2014-04-05 20:51:13 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers 2014-04-05 20:48:31 -------- d-----w- c:\windows\86B3F2D6AC2B4E888AE1F2F77F781B0C.TMP 2014-04-05 20:48:22 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2014-04-05 14:07:18 50688 ----a-w- c:\windows\system32\admwprox.dll 2014-04-05 14:07:18 154624 ----a-w- c:\windows\system32\iisRtl.dll 2014-04-05 14:07:17 8192 ----a-w- c:\windows\system32\iisrstap.dll 2014-04-05 14:07:17 26624 ----a-w- c:\windows\system32\ahadmin.dll 2014-04-05 14:07:17 15360 ----a-w- c:\windows\system32\iisreset.exe 2014-04-05 14:07:17 10752 ----a-w- c:\windows\system32\wamregps.dll 2014-04-05 12:34:33 -------- d-----w- c:\users\imseolab\appdata\roaming\IBP 2014-04-05 12:18:22 -------- d-----w- c:\users\imseolab\appdata\local\Downloaded Installations 2014-04-05 09:48:56 -------- d-----w- c:\users\imseolab\appdata\roaming\DigiResults 2014-04-05 09:47:31 -------- d-----w- c:\users\imseolab\appdata\local\Deployment 2014-04-05 08:06:49 -------- d-----w- c:\windows\system32\BestPractices 2014-04-05 08:06:48 -------- d-----w- C:\inetpub 2014-04-04 21:50:03 -------- d-----w- c:\users\imseolab\appdata\local\Mibasoft_Ltd 2014-04-03 21:12:02 -------- d-----w- c:\users\imseolab\appdata\local\A 2014-04-03 09:51:53 -------- d-----w- c:\users\imseolab\appdata\roaming\TideSDK 2014-04-02 21:34:03 -------- d-----w- c:\users\imseolab\appdata\local\Apple Computer 2014-04-02 21:33:53 -------- d-----w- c:\users\imseolab\appdata\roaming\Titanium 2014-04-01 06:27:45 -------- d-----w- c:\users\imseolab\.ScreamingFrogSEOSpider 2014-03-30 15:29:50 -------- d-----w- c:\users\imseolab\appdata\local\SENukeX 2014-03-30 15:29:48 -------- d-----w- c:\users\imseolab\appdata\local\SENukeXUpdateConfig 2014-03-30 13:24:43 -------- d-----w- c:\users\imseolab\appdata\roaming\IsolatedStorage 2014-03-30 13:24:43 -------- d-----w- c:\programdata\IsolatedStorage 2014-03-30 13:24:37 -------- d-----w- c:\users\imseolab\appdata\local\TumbleNinja 2014-03-30 13:24:24 -------- d-----w- c:\programdata\Gibraltar 2014-03-30 13:18:39 -------- d-----w- c:\program files\Share YouTube Videos 2014-03-30 13:17:04 -------- d-----w- c:\users\imseolab\appdata\roaming\Tumblifier 2014-03-30 13:17:04 -------- d-----w- c:\users\imseolab\appdata\local\Tumblifier 2014-03-30 13:14:30 -------- d-----w- c:\users\imseolab\appdata\roaming\ScrapeBoard 2014-03-30 13:10:32 -------- d-----w- c:\users\imseolab\appdata\local\Wicked_Article_Creator 2014-03-30 06:18:40 -------- d-----w- c:\users\imseolab\appdata\local\xTumblrBot.com 2014-03-28 17:11:45 -------- d-sh--w- c:\users\imseolab\wc 2014-03-28 17:11:39 -------- d-----w- c:\users\imseolab\appdata\roaming\Molura 2014-03-28 17:11:38 -------- d-sh--w- c:\users\imseolab\appdata\roaming\wyUpdate AU 2014-03-28 17:10:34 -------- d-----w- c:\users\imseolab\appdata\local\Molura 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-03-27 19:35:37 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-03-27 19:33:25 -------- d-----w- c:\users\imseolab\appdata\local\Apple 2014-03-27 19:04:45 -------- d-----w- c:\users\imseolab\appdata\local\TechSmith 2014-03-27 08:31:29 -------- d-----w- c:\users\imseolab\dkJpRtTdKlBxAJxdiPPnOgMInfo 2014-03-27 08:31:28 -------- d-----w- c:\users\imseolab\appdata\roaming\com.trafficspy 2014-03-26 20:51:11 -------- d-----w- C:\Quickfire . ==================== Find3M ==================== . 2014-04-17 13:39:16 715038 ----a-w- c:\windows\unins000.exe 2014-04-16 14:17:26 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2014-04-03 17:37:50 11149312 ----a-w- c:\program files\common files\lpuninstall.exe 2014-03-23 19:05:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-03-19 16:06:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-03-16 19:44:56 76872 ----a-w- c:\windows\system32\RtNicProp32.dll 2014-03-16 19:44:56 683736 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2014-03-16 19:44:56 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2014-03-16 19:41:46 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl 2014-03-16 19:41:45 3012056 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2014-03-16 19:41:44 915160 ----a-w- c:\windows\system32\RtkCoInstII.dll 2014-03-16 19:41:44 782040 ----a-w- c:\windows\system32\RtkApoApi.dll 2014-03-16 19:41:44 2559192 ----a-w- c:\windows\system32\RtkPgExt.dll 2014-03-16 19:41:44 13416 ----a-w- c:\windows\system32\RtkCoLDR.dll 2014-03-16 19:41:43 2464472 ----a-w- c:\windows\system32\RtkAPO.dll 2014-03-16 19:41:40 54936064 ----a-w- c:\windows\system32\RCoRes.dat 2014-03-16 19:41:22 92584 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-03-16 19:41:21 95840 ----a-w- c:\windows\system32\AERTARen.dll 2014-03-16 19:41:21 182472 ----a-w- c:\windows\system32\AERTACap.dll 2014-03-11 06:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-05 10:49:00 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys 2014-02-28 11:09:55 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin 2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll 2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll 2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll 2013-02-07 12:22:00 50330 ----a-w- c:\program files\AntiDust.exe . ============= FINISH: 13:49:44.37 ===============

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 2/26/2014 12:03:42 AM System Uptime: 4/25/2014 1:20:03 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 3676 Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 85 GiB total, 13.78 GiB free. E: is FIXED (NTFS) - 111 GiB total, 10.643 GiB free. F: is FIXED (NTFS) - 20 GiB total, 18.916 GiB free. G: is CDROM () I: is Removable K: is CDROM () L: is CDROM () M: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter . ==== System Restore Points =================== . RP138: 4/25/2014 10:26:35 AM - Removed Camtasia Studio 8 RP139: 4/25/2014 11:05:48 AM - Removed FiverrBot RP140: 4/25/2014 11:07:50 AM - Removed PrPowershot . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe AIR Adobe Flash Player 12 ActiveX & Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player + Authorware Web Player Advanced SystemCare Ultimate 7 AOMEI Backupper Apple Application Support Apple Software Update Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program Ava Find Pro avast! Internet Security Bluetooth Win7 Suite Box Sync Business Plan Pro 15th Anniversary Edition CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module ClickBankGoldminer ClickingAgent Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition Dell Wireless WLAN Card Driver Booster DriverPack Solution Updater ERUNT 1.1j Fences 2 FlipBook Maker Pro 3.6.1 Friend Bomber Google Chrome Google Drive Google Update Helper GSA Captcha Breaker v2.47 GSA Search Engine Ranker v7.85 iCare Data Recovery enterprise license 5.1 IM-Magic Partition Resizer Professional 2013 Income Jacker InstantArticleWizard Intel® Graphics Media Accelerator Driver Intel® Processor ID Utility Internet Download Manager Internet Everywhere IObit Uninstaller iSEEK AnswerWorks English Runtime Java 7 Update 51 Java Auto Updater Java 6 Update 45 K-Lite Codec Pack 8.4.0 (Full) KeywordSnatcher KMSpico 4.1 Lagarith Lossless Codec (1.3.27) LastPass (uninstall only) Logos 4 Prerequisites Logos Bible Software 4 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5.1 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Español Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Word MUI (English) 2013 Mobile Partner Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Outils de vérification linguistique 2013 de Microsoft Office - Français Proxifier version 3.21 Quicken 2014 QuickTime 7 QuickVerse 2010 Realtek High Definition Audio Driver SAM CoDeC Pack Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition SEO PowerSuite Share YouTube Videos version 1 SpeedCommander 15 Surfing Protection TeraCopy 2.3 beta 2 Time Stopper tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TumblingJazz version 1.131 TuneUp Utilities 2014 TuneUp Utilities 2014 (en-US) Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition USB Disk Security Ut Video Codec Suite VirtualCloneDrive VLC media player 1.1.5 VMware Workstation Windows 7 Manager Windows 7 USB/DVD Download Tool WinRAR 5.01 (32-bit) WordWeb Pro x264vfw - H.264/MPEG-4 AVC codec (remove only) Xvid MPEG-4 Video Codec . ==== Event Viewer Messages From Past Week ======== . 4/25/2014 11:21:03 AM, Error: Service Control Manager [7043] - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control. 4/25/2014 10:56:37 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s). 4/25/2014 10:55:44 AM, Error: Service Control Manager [7034] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). 4/25/2014 1:43:26 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 4/25/2014 1:43:15 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\IMSEOLab\ntuser.dat'. 4/25/2014 1:43:14 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 4/25/2014 1:43:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 4/25/2014 1:20:23 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 4/24/2014 6:13:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4. 4/24/2014 11:47:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 4/24/2014 11:35:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 4/24/2014 11:15:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 4/24/2014 11:15:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2014 11:15:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/24/2014 10:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.438.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 4/24/2014 10:37:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/24/2014 10:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/24/2014 10:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/24/2014 10:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BIOS discache ElbyCDIO MpFilter spldr Wanarpv6 4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2014 7:28:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/23/2014 6:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/23/2014 11:38:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 4/23/2014 11:32:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/23/2014 11:24:25 AM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 4/23/2014 11:23:03 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/23/2014 1:57:34 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 4/23/2014 1:39:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.297.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/23/2014 1:09:30 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). 4/21/2014 3:23:07 PM, Error: Schannel [36887] - The following fatal alert was received: 40. 4/20/2014 8:57:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 4/20/2014 8:56:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service. 4/20/2014 8:56:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 4/19/2014 3:56:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7. 4/19/2014 3:23:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6. 4/19/2014 10:23:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.171.148.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10501.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 4/18/2014 4:43:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 4/18/2014 10:03:17 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2014 10:03:17 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/18/2014 10:03:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect. . ==== End Of File ===========================

Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.25.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16521 IMSEOLab :: IMSEOLAB-PC [administrator] Protection: Enabled 4/25/2014 9:15:43 AM mbam-log-2014-04-25 (09-15-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 313246 Time elapsed: 13 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\runonce|5raxzje9a8 (Trojan.Agent.AIVB) -> Data: C:\Users\IMSEOLab\5raxzje9a8\26202.vbs -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I have tried using malwarebytes to remove the Backdoor Win32/Fynloski.A but to no avail, please help