Jump to content

Wofstar

Honorary Members
  • Posts

    100
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, running very smooth. I can restart and the computer starts up in less than a minute, before it was five minutes at least.
  2. Hello, When I initially posted here I was having problems with Avast, Microsoft Office Suite, and Chrome. The programs would lag when trying to load them, and then would go "Not Responding" until I had to manually close them and reopen.
  3. Hey, Everything seems to be running a lot smoother. Things are loading faster, not crashing as much. A lot smoother indeed.
  4. Hey! Sorry for the late reply: # AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 03:21:04 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-683507991-390964918-3418689204-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: AOL - aol.com SearchProvider deleted: Ask - ask.com Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp Startpage deleted: http://mysearch.avg.com?cid={6454E1BD-CB5B-4F34-AADE-FA4F36CEE4CD}&mid=aa3055a9c30a47d2ac34a5cf3cb0e246-03571863136b8f6d805674534637894c58b6da50&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-04-25 23:04:58&v=18.0.5.292&pid=safeguard&sg=&sap=hp ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C5].txt - [1292 B] - [2016/1/29 1:36:24] C:/AdwCleaner/AdwCleaner[S0].txt - [1478 B] - [2014/4/10 1:53:25] C:/AdwCleaner/AdwCleaner[S1].txt - [3925 B] - [2014/6/3 4:59:39] C:/AdwCleaner/AdwCleaner[S2].txt - [1201 B] - [2014/6/11 2:33:14] C:/AdwCleaner/AdwCleaner[S3].txt - [1542 B] - [2015/5/14 22:45:20] C:/AdwCleaner/AdwCleaner[S5].txt - [2855 B] - [2016/1/29 1:32:53] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Malwarebytes3 text report.txt Addition.txt FRST.txt
  5. Hello, @AdvancedSetup Yes! I am indeed still in need of help with this! Cheers, Wof
  6. Hello, I let my sister use my laptop for several months, and apparently she used utorrents to download a lot of stuff (like A LOT). Since I've had the laptop back I've done several scans, deleted everything they found, uninstalled a lot of extra programs that she had installed, deleted all her downloads, etc. Well ever since I got the laptop back its been running extremely slow. MWB is now finding nothing, and neither is Avast. I'm hoping their isn't anything in the background that's making it run so slow. If it's not a malware/adware problem, and a tech problem instead I will gladly take my thread over to the tech help section. Can someone please take a look for me. Thanks, Wof FRST.txt Addition.txt
  7. Howdy, It is running fine. I haven't had anymore problems other than that one instance. Cheers, Wofstar
  8. Howdy, Sorry for the long delay in reply! Here is the scan you asked for. I also do not have the paid version of MWB so I had to skip step 1. # AdwCleaner v3.015 - Report created 14/12/2013 at 21:03:26 # Updated 10/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : AngelsBaby - ANGELSBABY-LT # Running from : C:\Users\AngelsBaby\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\vren65jd.default\user.js Folder Found C:\Users\AngelsBaby\AppData\Local\PackageAware Folder Found C:\Users\AngelsBaby\AppData\Roaming\iWin ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\PIP Key Found : HKLM\Software\Viewpoint Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\vren65jd.default\prefs.js ] Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); ************************* AdwCleaner[R0].txt - [3668 octets] - [14/12/2013 21:03:26] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3728 octets] ########## # AdwCleaner v3.015 - Report created 14/12/2013 at 21:05:46 # Updated 10/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : AngelsBaby - ANGELSBABY-LT # Running from : C:\Users\AngelsBaby\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\AngelsBaby\AppData\Local\PackageAware Folder Deleted : C:\Users\AngelsBaby\AppData\Roaming\iWin File Deleted : C:\END File Deleted : C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\vren65jd.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\Viewpoint Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\vren65jd.default\prefs.js ] Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); ************************* AdwCleaner[R0].txt - [3828 octets] - [14/12/2013 21:03:26] AdwCleaner[s0].txt - [3684 octets] - [14/12/2013 21:05:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3744 octets] ##########
  9. I turned my laptop on to upload work for the week and avast blocked a trojan, then my email was hacked shortly there after. I ran MWB once I realized there was a problem, and it found 6 PUP infections. ionsDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.40.2 Run by AngelsBaby at 4:36:10 on 2013-12-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2419 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\taskhost.exe C:\Windows\system32\HPSIsvc.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\RAVCpl64.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\HP\QuickPlay\QPService.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local>;*.local BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [Facebook Update] "C:\Users\AngelsBaby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [spotify Web Helper] "C:\Users\AngelsBaby\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRunOnce: [uninstall C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" uRunOnce: [uninstall C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" uRunOnce: [uninstall C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\AngelsBaby\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRunOnce: [20131030] C:\Program Files\AVAST Software\Avast\setup\emupdate\24c6ce03-9114-4c26-9471-0d6653fcb5e9.exe /check mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 10.0.0.1 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75} : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\14E67656C637241626972E08993702960586F6E656 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\14E67656C637241626972E08993702960586F6E656 : DHCPNameServer = 198.224.156.135 198.224.157.135 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\2456C6B696E6E233638303 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\24573797C496F6E6D27657563747 : DHCPNameServer = 67.142.162.12 67.142.162.13 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\65562796A7F6E6D2839303C4D273343473 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\65562796A7F6E6D2839303C4D273343473 : DHCPNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\A41636B637F6E60213 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\A41636B637F6E60213 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\E4F4450295F4552502E4544575F425B4 : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{ACAE1D61-EC75-4842-8462-AC6187609F75}\E4F4450295F4552502E4544575F425B4 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F8733702-2991-4A82-A09A-5C9627727867} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RtHDVCpl] RAVCpl64.exe x64-Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\AngelsBaby\AppData\Roaming\Mozilla\Firefox\Profiles\vren65jd.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL FF - plugin: C:\Users\AngelsBaby\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2011-08-17 02:39; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-9 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-9 204880] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-16 56208] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-16 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-16 378944] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-16 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-16 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-22 46808] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296] R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-10-14 127800] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-9 1907896] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-15 1038088] S3 HP1210FAX;HP1210MFP FAX;C:\Windows\System32\drivers\HPM1210FAX.sys [2011-10-14 16384] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-10-14 20480] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528] S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-26 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-26 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-12-09 03:19:38 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll 2013-12-09 03:19:14 -------- d-----w- C:\Program Files (x86)\FOXIT SOFTWARE 2013-12-02 21:14:47 -------- d-----w- C:\Users\AngelsBaby\AppData\Local\{5A4C4F33-0DD3-4B37-A5BC-FC163CF5D30C} . ==================== Find3M ==================== . 2013-10-13 18:49:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-13 18:49:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-01 17:48:35 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-01 17:48:32 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-10-01 17:48:32 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 4:37:20.69 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/13/2010 12:58:39 AM System Uptime: 12/1/2013 12:48:12 AM (196 hours ago) . Motherboard: Quanta | | 30CC Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 71.651 GiB free. D: is FIXED (NTFS) - 13 GiB total, 2.486 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: HP LaserJet Professional M1212nf MFP Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Name: HP LaserJet Professional M1212nf MFP PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 6700 Device ID: ROOT\MULTIFUNCTION\0002 Manufacturer: HP Name: Officejet 6700 PNP Device ID: ROOT\MULTIFUNCTION\0002 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart D110 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP301: 10/27/2013 3:02:13 PM - Scheduled Checkpoint RP302: 11/4/2013 2:51:35 AM - Scheduled Checkpoint RP303: 12/9/2013 2:03:57 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.5 - CPSID_83708 Adobe AIR Adobe Anchor Service CS4 Adobe Anchor Service x64 CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CMaps x64 CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Creative Suite 4 Design Premium Adobe CSI CS4 Adobe CSI CS4 x64 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Download Assistant Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Drive CS4 x64 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Fonts All x64 Adobe Help Manager Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe InDesign CS4 Icon Handler x64 Adobe Linguistics CS4 Adobe Linguistics CS4 x64 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe PDF Library Files x64 CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 (64 Bit) Adobe Photoshop CS4 Support Adobe Reader X (10.1.8) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Type Support CS4 Adobe Type Support x64 CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin x64 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Amazon Kindle Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus bl Bonjour BufferChm CameraHelperMsi Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Connect CloudReading Compatibility Pack for the 2007 Office system Connect CyberLink YouCam D110 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DivX Setup erLT Facebook Video Calling 1.2.0.287 Foxit Reader Google Earth Plug-in Google Update Helper GPBaseService2 Hauppauge MCE XP/Vista Software Encoder (2.0.25149) Hewlett-Packard ACLM.NET v1.1.0.0 Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check HP Active Support Library HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Deskjet 1000 J110 series Basic Device Software HP Deskjet 1000 J110 series Help HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Imaging Device Functions 14.0 HP LaserJet Professional M1130-M1210 MFP Series HP LaserJet Professional M1210 MFP Series Fax Installer HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Photosmart Essential 2.5 HP Product Detection HP Quick Launch Buttons 6.30 E1 HP QuickPlay 3.6 HP QuickTouch 1.00 C3 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HP User Guides 0087 HP Wireless Assistant HPAppStudio HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabel_Tattoo HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookHolidayPack1 HPPhotoSmartPhotobookModernPack1 HPPhotoSmartPhotobookPlayfulPack1 HPPhotoSmartPhotobookScrapbookPack1 HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply iCloud Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager iTunes Java 7 Update 40 Java Auto Updater Junk Mail filter update kuler LabelPrint LightScribe System Software 1.10.13.1 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magic Online Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Mesh Runtime Messenger Companion Messenger Plus! Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 365 Home Premium - en-us Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Project MUI (English) 2010 Microsoft Office Project Professional 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Project Professional 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 MobileMe Control Panel Motorola SM56 Speakerphone Modem Mozilla Firefox 25.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.1 MyDefrag v4.3.1 Network64 NTREGOPT 1.1j Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component PDF Settings CS4 ph Photoshop Camera Raw Photoshop Camera Raw_x64 Pixel Bender Toolkit PPAC Data Entry System PS_AIO_07_D110_SW_Min PSSWCORE QuickTime QuickTransfer Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek High Definition Audio Driver Revo Uninstaller 1.94 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Scan Scan To Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shop for HP Supplies Sid Meier's Civilization V Sierra Utilities SmartWebPrinting SolutionCenter SPBBC 64bit Spotify Status Steam Suite Shared Configuration CS4 Synaptics Pointing Device Driver Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 VideoToolkit01 VitalSource Bookshelf WeatherBug Gadget WebReg Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WordPerfect Office X6 WordPerfect Office X6 - Common Files WordPerfect Office X6 - Common Files English WordPerfect Office X6 - IPM WordPerfect Office X6 - Lightning Files WordPerfect Office X6 - Lightning Files English WordPerfect Office X6 - Oxford WordPerfect Office X6 - Presentations Files WordPerfect Office X6 - Presentations Files English WordPerfect Office X6 - Quattro Pro Files WordPerfect Office X6 - Quattro Pro Files English WordPerfect Office X6 - Setup Files WordPerfect Office X6 - System Files WordPerfect Office X6 - WordPerfect Files WordPerfect Office X6 - WordPerfect Files English WordPerfect Office X6 - WT . ==== End Of File ===========================
  10. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Benjamin at 2013-10-20 02:49:48 Run:1 Running from C:\Users\Benjamin\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\Work\...\Run: [searchProtect] - C:\Users\Work\AppData\Roaming\SearchProtect\bin\cltmng.exe HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch SearchScopes: HKLM - DefaultScope {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://us.yhs4.searc...yhs-acer_001&p={searchTerms} SearchScopes: HKLM - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://us.yhs4.searc...yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://us.yhs4.searc...yhs-acer_001&p={searchTerms} SearchScopes: HKCU - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab FF Extension: firefox - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\Extensions\firefox@weblayers.co.xpi C:\Users\Benjamin\AppData\Local\temp\Quarantine.exe C:\Users\Work\AppData\Roaming\SearchProtect Task: {81B1D37E-D032-4967-8D6B-3DD6C6B44C28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.) Task: {901D21AC-2000-405D-9A73-2C2EA6B2FC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ***************** HKU\Work\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key deleted successfully. HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key deleted successfully. HKCR\CLSID\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key deleted successfully. HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key deleted successfully. HKCR\CLSID\{EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\Extensions\firefox@weblayers.co.xpi => Moved successfully. C:\Users\Benjamin\AppData\Local\temp\Quarantine.exe => Moved successfully. "C:\Users\Work\AppData\Roaming\SearchProtect" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81B1D37E-D032-4967-8D6B-3DD6C6B44C28} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81B1D37E-D032-4967-8D6B-3DD6C6B44C28} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{901D21AC-2000-405D-9A73-2C2EA6B2FC6C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{901D21AC-2000-405D-9A73-2C2EA6B2FC6C} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. ==== End of Fixlog ====
  11. ESET: No infections found, no log created. FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Benjamin (administrator) on DREDGER on 18-10-2013 21:25:40 Running from C:\Users\Benjamin\Desktop Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Web Layers) C:\Program Files (x86)\Web Layers\updateWebLayers.exe (Web Layers) C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe () C:\Program Files (x86)\Gateway\Live Updater\updater.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-18] (Dritek System Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKU\Work\...\Run: [searchProtect] - C:\Users\Work\AppData\Roaming\SearchProtect\bin\cltmng.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS SearchScopes: HKCU - DefaultScope {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKCU - {EE8CBDB2-1B89-4C0D-A652-9226883BCBAF} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: firefox - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\Extensions\firefox@weblayers.co.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF ==================== Services (Whitelisted) ================= R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-18] (Dritek System INC.) R2 Update Web Layers; C:\Program Files (x86)\Web Layers\updateWebLayers.exe [65312 2013-10-07] (Web Layers) R2 Util Web Layers; C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe [65312 2013-10-07] (Web Layers) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-04-18] (Broadcom Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-01] (Symantec Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-01] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-07] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-07] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-10-17] (Symantec Corporation) S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131018.018\ENG64.SYS [126040 2013-10-17] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-10-17] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20131018.018\EX64.SYS [2099288 2013-10-17] (Symantec Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-18] (Dritek System Inc.) S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-07-31] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-18 21:25 - 2013-10-18 21:25 - 00000000 ____D C:\FRST 2013-10-18 20:21 - 2013-10-18 20:21 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-18 20:21 - 2013-10-18 20:21 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-18 20:14 - 2013-10-18 20:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2013-10-18 20:13 - 2013-10-18 20:13 - 00003103 _____ C:\Users\Benjamin\Desktop\AdwCleaner[s0].txt 2013-10-18 20:09 - 2013-10-18 20:09 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-10-18 20:04 - 2013-10-18 20:07 - 00000000 ____D C:\AdwCleaner 2013-10-18 17:54 - 2013-10-18 17:54 - 00006664 _____ C:\Users\Benjamin\Desktop\JRT.txt 2013-10-18 17:49 - 2013-10-18 17:49 - 00000000 ____D C:\Windows\ERUNT 2013-10-18 17:35 - 2013-10-18 17:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-18 17:34 - 2013-10-18 17:44 - 00000000 ____D C:\Users\Benjamin\Desktop\mbar 2013-10-18 17:34 - 2013-10-18 17:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-10-18 17:33 - 2013-10-18 17:33 - 01954124 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe 2013-10-18 17:32 - 2013-10-18 17:32 - 01050644 _____ C:\Users\Benjamin\Desktop\AdwCleaner.exe 2013-10-18 17:32 - 2013-10-18 17:32 - 01033335 _____ (Thisisu) C:\Users\Benjamin\Desktop\JRT.exe 2013-10-18 17:30 - 2013-10-18 17:31 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Benjamin\Desktop\mbar-1.07.0.1007.exe 2013-10-18 12:39 - 2013-10-18 12:39 - 00020715 _____ C:\ComboFix.txt 2013-10-18 12:30 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-18 12:30 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-18 12:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-18 12:30 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-18 12:28 - 2013-10-18 12:39 - 00000000 ____D C:\Qoobox 2013-10-18 12:27 - 2013-10-18 12:38 - 00000000 ____D C:\Windows\erdnt 2013-10-18 12:22 - 2013-10-18 12:22 - 05134711 ____R (Swearware) C:\Users\Benjamin\Desktop\ComboFix.exe 2013-10-18 11:13 - 2013-10-18 11:13 - 01070944 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\install_flashplayer11x32_mssa_aaa_aih(1).exe 2013-10-18 11:07 - 2013-10-18 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-10-08 18:37 - 2013-10-08 18:37 - 00002178 _____ C:\Users\Public\Desktop\Magic Online.lnk 2013-10-08 16:18 - 2013-10-08 18:30 - 00000000 ____D C:\Users\Benjamin\Downloads\mygo 2013-10-08 16:17 - 2013-10-08 16:17 - 00995992 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\MTGOIII_Helper.exe 2013-10-08 14:43 - 2013-10-08 14:43 - 00688992 ____R (Swearware) C:\Users\Benjamin\Downloads\dds.scr 2013-10-08 14:43 - 2013-10-08 14:43 - 00018034 _____ C:\Users\Benjamin\Desktop\dds.txt 2013-10-08 14:43 - 2013-10-08 14:43 - 00005691 _____ C:\Users\Benjamin\Desktop\attach.txt 2013-10-08 14:41 - 2013-10-08 14:41 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-08 14:32 - 2013-10-08 14:19 - 00281640 _____ (Mozilla) C:\Users\Benjamin\Desktop\Firefox Setup Stub 24.0.exe 2013-10-08 13:13 - 2013-10-08 13:13 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Malwarebytes 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-08 13:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-07 16:54 - 2013-10-07 16:54 - 00000000 ____D C:\Program Files (x86)\Cisco Systems 2013-10-07 16:38 - 2013-10-07 16:38 - 00000000 ____D C:\ProgramData\Cisco Systems 2013-09-26 08:19 - 2013-09-26 08:19 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP 2013-09-25 16:18 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2013-09-25 08:05 - 2013-09-25 08:06 - 00281088 _____ C:\Windows\system32\FNTCACHE.DAT ==================== One Month Modified Files and Folders ======= 2013-10-18 21:25 - 2013-10-18 21:25 - 00000000 ____D C:\FRST 2013-10-18 21:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru 2013-10-18 20:29 - 2013-08-22 16:18 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-18 20:23 - 2013-07-27 12:45 - 01185070 _____ C:\Windows\WindowsUpdate.log 2013-10-18 20:21 - 2013-10-18 20:21 - 00000000 ___HD C:\Windows\AxInstSV 2013-10-18 20:21 - 2013-10-18 20:21 - 00000000 ____D C:\Program Files (x86)\ESET 2013-10-18 20:16 - 2013-07-27 12:54 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2627676250-2711720130-604547672-1001 2013-10-18 20:16 - 2012-07-26 02:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-18 20:14 - 2013-10-18 20:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2013-10-18 20:13 - 2013-10-18 20:13 - 00003103 _____ C:\Users\Benjamin\Desktop\AdwCleaner[s0].txt 2013-10-18 20:10 - 2013-08-22 16:18 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-18 20:09 - 2013-10-18 20:09 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-10-18 20:09 - 2013-09-08 08:34 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-10-18 20:09 - 2013-09-08 08:34 - 00002326 _____ C:\Users\Public\Desktop\Norton 360.lnk 2013-10-18 20:09 - 2013-09-08 08:32 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2013-10-18 20:09 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2013-10-18 20:09 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-18 20:09 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2013-10-18 20:08 - 2013-03-29 03:14 - 01499346 _____ C:\Windows\PFRO.log 2013-10-18 20:08 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2013-10-18 20:07 - 2013-10-18 20:04 - 00000000 ____D C:\AdwCleaner 2013-10-18 18:09 - 2013-08-29 07:49 - 00000000 ____D C:\Program Files (x86)\Web Layers 2013-10-18 17:54 - 2013-10-18 17:54 - 00006664 _____ C:\Users\Benjamin\Desktop\JRT.txt 2013-10-18 17:49 - 2013-10-18 17:49 - 00000000 ____D C:\Windows\ERUNT 2013-10-18 17:44 - 2013-10-18 17:34 - 00000000 ____D C:\Users\Benjamin\Desktop\mbar 2013-10-18 17:36 - 2013-10-18 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-18 17:34 - 2013-10-18 17:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-10-18 17:33 - 2013-10-18 17:33 - 01954124 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe 2013-10-18 17:32 - 2013-10-18 17:32 - 01050644 _____ C:\Users\Benjamin\Desktop\AdwCleaner.exe 2013-10-18 17:32 - 2013-10-18 17:32 - 01033335 _____ (Thisisu) C:\Users\Benjamin\Desktop\JRT.exe 2013-10-18 17:31 - 2013-10-18 17:30 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Benjamin\Desktop\mbar-1.07.0.1007.exe 2013-10-18 12:39 - 2013-10-18 12:39 - 00020715 _____ C:\ComboFix.txt 2013-10-18 12:39 - 2013-10-18 12:28 - 00000000 ____D C:\Qoobox 2013-10-18 12:39 - 2012-07-26 00:37 - 00000000 __RHD C:\Users\Default 2013-10-18 12:38 - 2013-10-18 12:27 - 00000000 ____D C:\Windows\erdnt 2013-10-18 12:37 - 2012-07-26 00:26 - 00000215 _____ C:\Windows\system.ini 2013-10-18 12:22 - 2013-10-18 12:22 - 05134711 ____R (Swearware) C:\Users\Benjamin\Desktop\ComboFix.exe 2013-10-18 11:13 - 2013-10-18 11:13 - 01070944 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\install_flashplayer11x32_mssa_aaa_aih(1).exe 2013-10-18 11:07 - 2013-10-18 11:07 - 01070944 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-10-17 19:24 - 2013-08-22 16:18 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-17 19:24 - 2013-08-22 16:18 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-08 18:37 - 2013-10-08 18:37 - 00002178 _____ C:\Users\Public\Desktop\Magic Online.lnk 2013-10-08 18:36 - 2013-08-03 19:45 - 00113425 _____ C:\Windows\DirectX.log 2013-10-08 18:32 - 2013-03-29 04:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-08 18:30 - 2013-10-08 16:18 - 00000000 ____D C:\Users\Benjamin\Downloads\mygo 2013-10-08 16:17 - 2013-10-08 16:17 - 00995992 _____ (Solid State Networks) C:\Users\Benjamin\Downloads\MTGOIII_Helper.exe 2013-10-08 16:09 - 2013-07-31 14:21 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Deployment 2013-10-08 14:43 - 2013-10-08 14:43 - 00688992 ____R (Swearware) C:\Users\Benjamin\Downloads\dds.scr 2013-10-08 14:43 - 2013-10-08 14:43 - 00018034 _____ C:\Users\Benjamin\Desktop\dds.txt 2013-10-08 14:43 - 2013-10-08 14:43 - 00005691 _____ C:\Users\Benjamin\Desktop\attach.txt 2013-10-08 14:41 - 2013-10-08 14:41 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\ProgramData\Mozilla 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-08 14:41 - 2013-10-08 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-08 14:31 - 2012-07-26 02:21 - 00038075 _____ C:\Windows\setupact.log 2013-10-08 14:19 - 2013-10-08 14:32 - 00281640 _____ (Mozilla) C:\Users\Benjamin\Desktop\Firefox Setup Stub 24.0.exe 2013-10-08 13:13 - 2013-10-08 13:13 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Malwarebytes 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-08 13:13 - 2013-10-08 13:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-07 16:54 - 2013-10-07 16:54 - 00000000 ____D C:\Program Files (x86)\Cisco Systems 2013-10-07 16:38 - 2013-10-07 16:38 - 00000000 ____D C:\ProgramData\Cisco Systems 2013-10-07 01:10 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-09-30 08:52 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF 2013-09-27 11:53 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache 2013-09-26 12:25 - 2013-08-13 12:50 - 00000000 ____D C:\Users\Benjamin\AppData\Local\CrashDumps 2013-09-26 08:19 - 2013-09-26 08:19 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP 2013-09-25 08:35 - 2013-07-27 12:46 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Packages 2013-09-25 08:06 - 2013-09-25 08:05 - 00281088 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-18 18:26 - 2013-09-17 08:04 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-18 18:26 - 2013-09-17 08:04 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Benjamin\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-18 18:06 ==================== End Of Log ============================ FRST Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by Benjamin at 2013-10-18 21:26:19 Running from C:\Users\Benjamin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Bejeweled 3 (x32 Version: 2.2.0.98) Broadcom 802.11 Network Adapter (Version: 6.30.59.96) Broadcom Card Reader Driver Installer (Version: 15.4.7.1) Cisco Connect (x32 Version: 1.3.11006.1) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3729_45993) CyberLink PowerDVD 12 (x32 Version: 12.0.2531.57) DownloadTerms (HKCU Version: 1.0) Dritek Radio Controller (x32 Version: 2.02.2001.0803) eBay Worldwide (x32 Version: 2.4.0105) ESET Online Scanner v3 (x32) ETDWare PS/2-X64 11.6.16.003_WHQL (Version: 11.6.16.003) Flash Player Pro V5.4 (x32) Gateway Device Fast-lane (Version: 1.00.3011) Gateway Power Management (Version: 7.01.3001) Gateway Recovery Management (Version: 6.00.3016) Google Update Helper (x32 Version: 1.3.21.165) Identity Card (x32 Version: 2.00.3005) Intel® Management Engine Components (x32 Version: 8.1.0.1252) Intel® Processor Graphics (x32 Version: 9.17.10.2867) Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001) Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Jewel Match 3 (x32 Version: 2.2.0.98) Launch Manager (x32 Version: 7.0.10) Live Updater (x32 Version: 2.00.3008) Magic Online (x32 Version: 3.00.0000) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Office (x32 Version: 15.0.4454.1510) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) Nero BackItUp (x32 Version: 12.5.5000) Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00500) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000) Nero ControlCenter (x32 Version: 11.0.15600) Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000) Nero Core Components (x32 Version: 11.0.20200) Nero Launcher (x32 Version: 12.2.7000) Nero RescueAgent (x32 Version: 12.0.3001) Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000) Nero Update (x32 Version: 11.0.11800.31.0) Norton 360 (x32 Version: 21.1.0.18) Norton Online Backup (x32 Version: 2.2.3.51r2) Norton Online Backup ARA (x32 Version: 4.1.0.14) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) Prerequisite installer (x32 Version: 12.0.0003) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657) Spotify (x32 Version: 0.8.4.99.ga249b5f1) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32) Update Installer for WildTangent Games App (x32) Web Layers 3.0.0 (Version: 3.0.0) WildTangent Games (x32 Version: 1.0.4.0) WildTangent Games App (x32 Version: 4.0.10.5) ==================== Restore Points ========================= 26-09-2013 14:27:42 Windows Update 08-10-2013 19:58:32 Scheduled Checkpoint 18-10-2013 17:30:28 ComboFix created restore point ==================== Hosts content: ========================== 2012-07-26 00:26 - 2013-10-18 12:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {403AD005-F845-4677-BE85-86E9F7FE5C6F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {40799402-08F2-4DA0-9045-90DE5F9083B8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-07] (CyberLink) Task: {474A20F2-5891-44E5-B6C0-39BD5CD6C739} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {81B1D37E-D032-4967-8D6B-3DD6C6B44C28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.) Task: {8CFCDC1C-DE87-4717-AD37-6C83BA27424A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {901D21AC-2000-405D-9A73-2C2EA6B2FC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.) Task: {9E4B696A-EA86-4B58-A8BA-97FD90CF4DB2} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-02-21] () Task: {BACC18DF-98BD-470E-B9AC-66EF62A0261D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation) Task: {C2525F88-3399-4481-A342-FAA4CCA31F0E} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated) Task: {F6A09E90-909D-408B-92D7-C3A866FC40A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-29 04:09 - 2012-10-23 13:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-18 05:02 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-10-08 14:41 - 2013-09-10 21:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2013 08:21:47 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. System errors: ============= Microsoft Office Sessions: ========================= Error: (10/18/2013 08:21:47 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Benjamin\AppData\Local\temp\IDC2.tmp\ESETSmartInstaller.exe CodeIntegrity Errors: =================================== Date: 2013-10-18 12:37:03.572 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3909.27 MB Available physical RAM: 2177.16 MB Total Pagefile: 4741.27 MB Available Pagefile: 3078.45 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:449.19 GB) (Free:410.02 GB) NTFS Drive d: (PRIEST_2011) (CDROM) (Total:6.81 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: E0B230AD) Partition: GPT Partition Type ==================== End Of Log ============================
  12. AdwCleaner: # AdwCleaner v3.008 - Report created 18/10/2013 at 20:07:33 # Updated 17/10/2013 by Xplode # Operating System : Windows 8 (64 bits) # Username : Benjamin - DREDGER # Running from : C:\Users\Benjamin\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [#] Folder Deleted : C:\ProgramData\BitGuard Folder Deleted : C:\ProgramData\boost_interprocess [#] Folder Deleted : C:\ProgramData\Browser Manager [#] Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\Users\Work\AppData\Roaming\Searchprotect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{818F6C5F-023C-4A20-B83B-7ADC6ED00B55} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{450DEEC7-3C83-4FC7-B4F0-A64FAAC09370} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\AppDataLow\Software\ilividmoviestoolbardla Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1 Key Deleted : HKLM\Software\Fast Free Converter Key Deleted : HKLM\Software\InternetHelper3.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16688 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3638 octets] - [18/10/2013 20:04:47] AdwCleaner[s0].txt - [2939 octets] - [18/10/2013 20:07:33] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2999 octets] ########## MWB: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.18.11 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Benjamin :: DREDGER [administrator] Protection: Enabled 10/18/2013 8:16:08 PM mbam-log-2013-10-18 (20-16-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225185 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. Howdy, Here are all the reports from the various scans. MWB-ROOT: Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.18.11 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Benjamin :: DREDGER [administrator] 10/18/2013 5:35:50 PM mbar-log-2013-10-18 (17-35-50).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 238813 Time elapsed: 8 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 8 x64 Ran by Benjamin on Fri 10/18/2013 at 17:49:17.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2627676250-2711720130-604547672-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web layers Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web layers Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4C8973D-785E-46A3-A019-5208D6A11273} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} ~~~ Files Successfully deleted: [File] "C:\Users\Benjamin\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk" ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\wincert" Successfully deleted: [Folder] "C:\Users\Benjamin\AppData\Roaming\searchprotect" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\cre" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\downloadterms" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\ilivid" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\ilividmoviestoolbardla" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\fast free converter" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\ilividmoviestoolbardla" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\internethelper3.1" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Benjamin\appdata\locallow\searchresultstb" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper" Successfully deleted: [Folder] "C:\Program Files (x86)\internethelper3.1" Successfully deleted: [Folder] "C:\Program Files (x86)\movies toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect" Failed to delete: [Folder] "C:\Program Files (x86)\web layers" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 10/18/2013 at 17:54:58.58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. Howdy, Sorry for the delay in replying, and I appriciate you reopening the topic! Here is the scan you asked for. ComboFix 13-10-16.02 - Benjamin 10/18/2013 12:32:20.1.2 - x64 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.2545 [GMT -5:00] Running from: c:\users\Benjamin\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END . . ((((((((((((((((((((((((( Files Created from 2013-09-18 to 2013-10-18 ))))))))))))))))))))))))))))))) . . 2013-10-18 04:08 . 2013-10-18 04:09 -------- d-----w- c:\windows\system32\drivers\N360x64\1501000.012 2013-10-08 23:36 . 2013-10-08 23:36 -------- d-----w- C:\Temp 2013-10-08 19:41 . 2013-10-08 19:41 -------- d-----w- c:\users\Benjamin\AppData\Local\Mozilla 2013-10-08 19:41 . 2013-10-08 19:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-10-08 18:13 . 2013-10-08 18:13 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Malwarebytes 2013-10-08 18:13 . 2013-10-08 18:13 -------- d-----w- c:\programdata\Malwarebytes 2013-10-08 18:13 . 2013-10-08 18:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-08 18:13 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-07 21:54 . 2013-10-07 21:54 -------- d-----w- c:\program files (x86)\Cisco Systems 2013-10-07 21:38 . 2013-10-07 21:38 -------- d-----w- c:\programdata\Cisco Systems 2013-10-04 12:11 . 2013-10-04 12:11 290480 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10219.bin 2013-09-27 15:55 . 2013-09-27 15:55 -------- d-----w- c:\programdata\BrowserProtect 2013-09-27 15:55 . 2013-09-27 15:55 -------- d-----w- c:\programdata\BitGuard 2013-09-27 15:54 . 2013-09-27 15:54 -------- d-----w- c:\programdata\Browser Manager 2013-09-26 13:19 . 2013-09-26 13:19 -------- d-----w- c:\windows\SysWow64\N360_BACKUP 2013-09-25 21:18 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-18 23:26 . 2013-09-17 13:04 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-18 23:26 . 2013-09-17 13:04 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-17 12:55 . 2013-08-01 16:51 79143768 ----a-w- c:\windows\system32\MRT.exe 2013-09-13 00:46 . 2013-07-28 17:30 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-09-08 13:34 . 2013-09-08 13:34 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-08-21 04:12 . 2013-09-15 12:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-08-21 04:12 . 2013-09-15 12:53 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-08-21 04:11 . 2013-09-15 12:53 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-08-21 04:11 . 2013-09-15 12:53 915968 ----a-w- c:\windows\system32\uxtheme.dll 2013-08-21 04:11 . 2013-09-15 12:53 53760 ----a-w- c:\windows\system32\UXInit.dll 2013-08-21 04:11 . 2013-09-15 12:53 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-08-21 04:11 . 2013-09-15 12:53 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-08-21 04:11 . 2013-09-15 12:53 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-08-21 04:11 . 2013-09-15 12:53 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-08-21 04:11 . 2013-09-15 12:53 855552 ----a-w- c:\windows\system32\jscript.dll 2013-08-21 04:11 . 2013-09-15 12:53 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-08-21 04:11 . 2013-09-15 12:53 2647040 ----a-w- c:\windows\system32\iertutil.dll 2013-08-21 04:11 . 2013-09-15 12:53 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-08-21 04:11 . 2013-09-15 12:53 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-08-21 04:11 . 2013-09-15 12:53 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-08-21 02:34 . 2013-09-15 12:53 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-08-21 02:06 . 2013-09-15 12:53 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-08-21 02:06 . 2013-09-15 12:53 44032 ----a-w- c:\windows\SysWow64\UXInit.dll 2013-08-21 02:05 . 2013-09-15 12:53 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-08-21 02:05 . 2013-09-15 12:53 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-08-21 02:05 . 2013-09-15 12:53 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-08-21 01:43 . 2013-09-15 12:53 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-08-20 23:52 . 2013-09-15 12:53 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll 2013-08-16 05:41 . 2013-09-15 12:54 58200 ----a-w- c:\windows\system32\drivers\dam.sys 2013-08-16 05:39 . 2013-09-15 12:54 2371728 ----a-w- c:\windows\system32\WSService.dll 2013-08-16 05:39 . 2013-09-15 12:54 59416 ----a-w- c:\windows\system32\wuauclt.exe 2013-08-16 05:32 . 2013-09-15 12:54 209200 ----a-w- c:\windows\system32\NotificationUI.exe 2013-08-16 05:22 . 2013-09-15 12:54 40448 ----a-w- c:\windows\system32\wuapp.exe 2013-08-16 05:22 . 2013-09-15 12:54 4917760 ----a-w- c:\windows\system32\sppsvc.exe 2013-08-16 05:21 . 2013-09-15 12:54 3275776 ----a-w- c:\windows\system32\wuaueng.dll 2013-08-16 05:21 . 2013-09-15 12:54 99328 ----a-w- c:\windows\system32\wudriver.dll 2013-08-16 05:21 . 2013-09-15 12:54 49664 ----a-w- c:\windows\system32\wups.dll 2013-08-16 05:21 . 2013-09-15 12:54 49152 ----a-w- c:\windows\system32\wups2.dll 2013-08-16 05:21 . 2013-09-15 12:54 252416 ----a-w- c:\windows\system32\WUSettingsProvider.dll 2013-08-16 05:21 . 2013-09-15 12:54 1621504 ----a-w- c:\windows\system32\wucltux.dll 2013-08-16 05:21 . 2013-09-15 12:54 142848 ----a-w- c:\windows\system32\wuwebv.dll 2013-08-16 05:21 . 2013-09-15 12:54 773120 ----a-w- c:\windows\system32\wuapi.dll 2013-08-16 05:21 . 2013-09-15 12:54 688640 ----a-w- c:\windows\system32\WSShared.dll 2013-08-16 05:21 . 2013-09-15 12:54 183808 ----a-w- c:\windows\system32\WSSync.dll 2013-08-16 05:21 . 2013-09-15 12:54 204800 ----a-w- c:\windows\system32\WSClient.dll 2013-08-16 05:21 . 2013-09-15 12:54 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll 2013-08-16 05:21 . 2013-09-15 12:54 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-16 05:21 . 2013-09-15 12:54 174592 ----a-w- c:\windows\system32\storewuauth.dll 2013-08-16 05:21 . 2013-09-15 12:54 1164288 ----a-w- c:\windows\system32\sppobjs.dll 2013-08-16 05:21 . 2013-09-15 12:54 368640 ----a-w- c:\windows\system32\sppwinob.dll 2013-08-16 05:21 . 2013-09-15 12:54 81408 ----a-w- c:\windows\system32\setupcln.dll 2013-08-16 05:21 . 2013-09-15 12:54 120320 ----a-w- c:\windows\system32\sppc.dll 2013-08-16 05:20 . 2013-09-15 12:54 105984 ----a-w- c:\windows\system32\WinSetupUI.dll 2013-08-15 22:43 . 2013-09-15 12:54 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2013-08-15 22:43 . 2013-09-15 12:54 628736 ----a-w- c:\windows\SysWow64\wuapi.dll 2013-08-15 22:43 . 2013-09-15 12:54 84992 ----a-w- c:\windows\SysWow64\wudriver.dll 2013-08-15 22:43 . 2013-09-15 12:54 20992 ----a-w- c:\windows\SysWow64\wups.dll 2013-08-15 22:43 . 2013-09-15 12:54 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll 2013-08-15 22:43 . 2013-09-15 12:54 562688 ----a-w- c:\windows\SysWow64\WSShared.dll 2013-08-15 22:43 . 2013-09-15 12:54 159232 ----a-w- c:\windows\SysWow64\WSSync.dll 2013-08-15 22:43 . 2013-09-15 12:54 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll 2013-08-15 22:43 . 2013-09-15 12:54 167424 ----a-w- c:\windows\SysWow64\WSClient.dll 2013-08-15 22:43 . 2013-09-15 12:54 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll 2013-08-15 22:43 . 2013-09-15 12:54 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-08-15 22:42 . 2013-09-15 12:54 76800 ----a-w- c:\windows\SysWow64\setupcln.dll 2013-08-15 22:42 . 2013-09-15 12:54 91648 ----a-w- c:\windows\SysWow64\sppc.dll 2013-08-05 01:33 . 2013-09-08 13:33 1147480 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\SymEFA64.sys 2013-08-03 04:30 . 2013-09-15 12:53 4038144 ----a-w- c:\windows\system32\win32k.sys 2013-08-01 03:20 . 2013-09-08 13:33 23568 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\SymELAM.sys 2013-08-01 03:19 . 2013-09-08 13:33 493656 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\SymDS64.sys 2013-07-31 04:45 . 2013-09-08 13:33 590424 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\symnets.sys 2013-07-31 04:13 . 2013-09-08 13:33 264280 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\Ironx64.sys 2013-07-31 03:44 . 2013-09-08 13:33 854616 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\srtsp64.sys 2013-07-31 03:44 . 2013-09-08 13:33 36952 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\srtspx64.sys 2013-07-30 01:24 . 2013-09-08 13:33 150104 ----a-r- c:\windows\system32\drivers\N360x64\1500010.003\ccSetx64.sys 2013-07-28 17:30 . 2013-07-28 17:30 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-07-27 17:45 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{07cbf788-1359-421b-a4e3-5a8d041b90a3}"= "c:\program files (x86)\InternetHelper3.1\prxtbInte.dll" [2013-07-17 226592] . [HKEY_CLASSES_ROOT\clsid\{07cbf788-1359-421b-a4e3-5a8d041b90a3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}] 2013-07-17 08:53 226592 ----a-w- c:\program files (x86)\InternetHelper3.1\prxtbInte.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}] 2013-03-20 10:13 830312 ----a-w- c:\users\Benjamin\AppData\Local\DownloadTerms\temp.dat . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{07cbf788-1359-421b-a4e3-5a8d041b90a3}"= "c:\program files (x86)\InternetHelper3.1\prxtbInte.dll" [2013-07-17 226592] . [HKEY_CLASSES_ROOT\clsid\{07cbf788-1359-421b-a4e3-5a8d041b90a3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-04-18 111216] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\N360x64\1501000.012\SymELAM.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SymELAM.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x] S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20131017.002\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20131017.002\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x] S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 Update Web Layers;Update Web Layers;c:\program files (x86)\Web Layers\updateWebLayers.exe;c:\program files (x86)\Web Layers\updateWebLayers.exe [x] S2 Util Web Layers;Util Web Layers;c:\program files (x86)\Web Layers\bin\utilWebLayers.exe;c:\program files (x86)\Web Layers\bin\utilWebLayers.exe [x] S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x] S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x] S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x] S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x] S3 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1500010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1500010.003\SYMNETS.SYS [x] . . Contents of the 'Scheduled Tasks' folder . 2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 21:18] . 2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-22 21:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\ FF - ExtSQL: 2013-10-07 16:30; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF FF - ExtSQL: 2013-10-08 14:09; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF - ExtSQL: 2013-10-08 18:52; firefox@weblayers.co; c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tjqt58s7.default\extensions\firefox@weblayers.co.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-LManager - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{07CBF788-1359-421B-A4E3-5A8D041B90A3} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Dealply - c:\users\Benjamin\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\system32\drivers\N360x64\1500010.003\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.0.1.3;c:\program files (x86)\Norton 360\Engine64\21.0.1.3" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2013-10-18 12:39:46 ComboFix-quarantined-files.txt 2013-10-18 17:39 . Pre-Run: 441,343,692,800 bytes free Post-Run: 441,205,276,672 bytes free . - - End Of File - - 88A05A71435B9872E5FE915C511778B8
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.