Jump to content

snickers99

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything still seems fine. Thanks again for your help and thanks for the links to the articles.
  2. Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 13.0.0.182 Adobe Reader XI Mozilla Firefox (28.0) Mozilla Thunderbird (24.4.0) Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. Wanted to do some normal Internetting before responding. No issues last night or today! Awesome. Thank you so much!! Looks like I'm good!
  4. 4/14/14: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Update, 4/14/2014 7:05:10 PM, SYSTEM, UPSTAIRSHP, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 4/14/2014 7:05:14 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.3.4.9, 2014.4.10.7, Protection, 4/14/2014 7:05:14 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49509, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49509, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49518, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Update, 4/14/2014 8:05:18 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.4.10.7, 2014.4.14.9, Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, (end) ========================================================================================================== 4/15/14: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 4/15/2014 4:53:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/15/2014 4:53:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/15/2014 4:53:11 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/15/2014 4:55:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Update, 4/15/2014 5:16:03 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.14.9, 2014.4.15.11, Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49498, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49498, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49517, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Detection, 4/15/2014 6:01:14 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49585, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe, (end) ======================================================================================== 4/16/14: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/16/2014 4:53:28 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Update, 4/16/2014 5:48:08 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.15.11, 2014.4.16.10, Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/16/2014 5:48:30 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/16/2014 5:48:30 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/16/2014 5:48:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/16/2014 6:12:02 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Update, 4/16/2014 7:48:13 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.16.10, 2014.4.16.11, Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/16/2014 7:49:11 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/16/2014 7:49:11 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/16/2014 7:49:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, (end) ================================================ 4/17/14: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/17/2014 5:17:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/17/2014 6:03:58 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Protection, 4/17/2014 7:49:02 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/17/2014 7:49:03 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/17/2014 7:49:03 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/17/2014 7:49:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Update, 4/17/2014 8:00:46 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.16.11, 2014.4.17.7, Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, (end) =========================================================================================== 4/18/14: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting, Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started, Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/18/2014 3:02:50 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, Update, 4/18/2014 3:09:13 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.4.17.7, 2014.4.18.7, Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting, Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping, Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped, Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success, Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting, Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started, (end)
  5. JavaRa Log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Apr 17 17:31:52 2014 Found and removed: C:\Program Files (x86)\Java\jre6 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. --------------------------------------------------------------------------------------------------------------------- ComboFix log attached. Thanks! ComboFix.txt
  6. Thought I would post each log from each step in a different post but I guess I can't post multiple posts in a short period so.... Junkware Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Mike on Wed 04/16/2014 at 17:46:28.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\fast free converter" Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\minibar" Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper" Successfully deleted: [Folder] "C:\Program Files (x86)\minibar" Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo" Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0803187B-568C-4E9F-8EC3-ECFCDEB0828C} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0BE4BEAE-293E-4ABD-9D08-823DF9BCFD35} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{149144A5-E39C-43A0-A291-CF5746BD3B0F} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{1535FE0A-FF4D-4341-931E-9B9F6458E467} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{16714065-45C6-4A58-BC4A-D8658BF16793} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{20A3637C-9070-4053-A153-3EACB2DD719C} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{245328C4-4DE9-4481-90BD-FEAE918A4520} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{271239FB-54D9-4745-9918-C51BEDF2EA6D} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{2E33C56E-7C44-446A-9ED8-FD8F3E444BB8} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{36646D18-D730-4C59-84BB-573B1926CA57} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{48B070C8-88DB-4834-80B0-2D882F5D0BC0} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{4EB61855-90EC-4C45-BD62-58DA9F147CF5} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{6D869931-9B7D-45F0-95E4-3796F1EDEEDF} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{71B4A051-4969-476A-A8BE-D0764A8799D6} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{7B8D99B7-EDAB-47FE-ADDC-A24D1C5EA26E} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{80CC93DD-51AF-4AE6-9953-B51BE7A166B0} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{814A6F59-3A0A-443B-BFA6-246E3064D954} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{82138770-9FA6-43CF-9570-3F6564EA0BBE} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{8652877F-142D-4366-A988-6AE19CE16E15} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{873CDA94-025E-4456-963A-8DFAB2052D4B} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{92ED3265-B6B1-4595-B3AE-EB39812A40CA} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{A9E8954A-69F9-4DA2-9D8F-22956EF49196} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{B2AB214E-E8A7-464F-99DB-D076C1A3F7C2} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C5E861BF-9D25-40BF-BE28-F681CEE60CCE} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C6084ACF-DC3E-4791-ADE3-1C2AC4C06C81} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C615BF77-8F81-4F0C-BE99-2997756F8E71} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{CEE34C73-54DE-4170-B4A4-687F437A3E53} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{DEED33D2-580C-4386-A711-44392D1FB0D9} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{DFF3C826-DBC0-4501-93E5-4C6C8E3C8717} Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{FE1819B4-0533-49E4-AB2C-A620F8B0C616} ~~~ FireFox Successfully deleted: [File] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\user.js Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\extensions\{97a78363-b868-4b48-ac91-a783a31215af} Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\prefs.js user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Video Download Toolbar\",\"description\":\"Video Download Toolbar\",\"button\":{\"tooltip\":\"Download Video\ user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEDElEQVQ4jX3QfVDSdxwH8N9W3bZ/2h9rV9dtzWtddsmJ Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\minidumps [113 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 04/16/2014 at 17:52:30.43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------------------------------------------------------- Adwcleaner: # AdwCleaner v3.023 - Report created 16/04/2014 at 18:08:00 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mike - UPSTAIRSHP # Running from : C:\Users\Mike\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Mike\AppData\Local\Minibar Folder Deleted : C:\Users\Mike\AppData\Local\TempDir Folder Deleted : C:\Users\Mike\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Mike\AppData\Local\Temp\OpenCandy Folder Deleted : C:\Users\postgres\AppData\LocalLow\Fast Free Converter File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\plugin@yontoo.com.xpi ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Key Deleted : HKCU\Software\Minibar Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16866 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\prefs.js ] Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEDElEQVQ4jX3QfVDSdxwH8N9W3bZ/2h9rV9dtzWtddsmJKTUZIpiSEUoG4hBQ8QkMcSgTM[...] Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader"); Line Deleted : user_pref("extentions.y2layers.installId", "c1b7c02d-2d16-4b76-aa1d-ef2bf34fed06"); -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3198 octets] - [16/04/2014 18:00:10] AdwCleaner[s0].txt - [3112 octets] - [16/04/2014 18:08:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3172 octets] ########## ----------------------------------------------------------------------------------------------------------------------------------------------------------- ESET Log: C:\Users\Mike\AppData\Local\Temp\7932D96.tmp multiple threats C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe a variant of Win32/InstallCore.AG potentially unwanted application C:\Users\Mike\AppData\Local\Temp\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe Win32/Somoto.O potentially unwanted application C:\Users\Mike\AppData\Local\Temp\ICReinstall\cnet2_MediaCoder-0_8_13_5266_zip.exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\Mike\AppData\Local\Temp\is357113909\FunmoodsLatest.exe a variant of Win32/Toolbar.Funmoods potentially unwanted application C:\Users\Mike\AppData\Local\Temp\is357113909\GiantSavings_US.exe Win32/Toolbar.CrossRider.B potentially unwanted application C:\Users\Mike\Downloads\MediaCoder-0.8.23.5530.exe Win32/OpenCandy potentially unsafe application C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application -------------------------------------------------------------------------------------------------------------------------------------------------------------------- FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 Ran by Mike (administrator) on UPSTAIRSHP on 16-04-2014 20:11:03 Running from C:\Users\Mike\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2636680476-179157487-1729060321-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF Extension: DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: Youtube To MP3 PRO converter - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2013-12-21] FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19] FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26] CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 20:11 - 2014-04-16 20:11 - 00009452 _____ () C:\Users\Mike\Desktop\FRST.txt 2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\Malware Stuff 2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion 2014-04-16 20:08 - 2014-04-16 20:08 - 02158592 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2014-04-16 18:16 - 2014-04-16 18:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-16 18:15 - 2014-04-16 18:15 - 02347384 _____ (ESET) C:\Users\Mike\Downloads\esetsmartinstaller_enu.exe 2014-04-16 18:00 - 2014-04-16 18:08 - 00000000 ____D () C:\AdwCleaner 2014-04-16 17:59 - 2014-04-16 17:59 - 01426178 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe 2014-04-16 17:52 - 2014-04-16 17:52 - 00008191 _____ () C:\Users\Mike\Desktop\JRT.txt 2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 17:44 - 2014-04-16 17:45 - 01016261 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2014-04-16 17:08 - 2014-04-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-04-16 17:07 - 2014-04-16 17:44 - 00000000 ____D () C:\Users\Mike\Desktop\mbar 2014-04-16 17:06 - 2014-04-16 17:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Mike\Desktop\mbar-1.07.0.1009.exe 2014-04-15 18:01 - 2014-04-15 18:01 - 00002969 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_04152014_180112.txt 2014-04-15 17:58 - 2014-04-15 18:03 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine 2014-04-15 17:57 - 2014-04-15 17:57 - 04527616 _____ () C:\Users\Mike\Desktop\RogueKillerX64.exe 2014-04-15 17:51 - 2014-04-15 17:51 - 00000000 ____D () C:\Windows\ERDNT 2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\postgres\Desktop\NTREGOPT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\postgres\Desktop\ERUNT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\Mike\Desktop\ERUNT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-15 17:48 - 2014-04-15 17:48 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Desktop\erunt-setup.exe 2014-04-15 17:43 - 2014-04-15 17:47 - 00002040 _____ () C:\Users\Mike\Desktop\Rkill.txt 2014-04-15 17:43 - 2014-04-15 17:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mike\Desktop\rkill.exe 2014-04-14 20:04 - 2014-04-14 20:03 - 00000346 _____ () C:\Users\Mike\Desktop\buffet.txt 2014-04-14 19:05 - 2014-04-16 19:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-14 19:04 - 2014-04-16 17:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-14 19:04 - 2014-04-14 19:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-14 19:04 - 2014-04-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-14 19:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-11 20:39 - 2014-04-16 20:11 - 00000000 ____D () C:\FRST 2014-04-11 20:38 - 2014-04-16 20:10 - 02158592 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe 2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-09 19:28 - 2014-03-13 02:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 19:28 - 2014-03-13 02:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 19:28 - 2014-03-13 02:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-09 19:28 - 2014-03-13 02:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-09 19:28 - 2014-03-13 01:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 19:28 - 2014-03-13 01:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-09 19:28 - 2014-03-13 00:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 19:28 - 2014-03-13 00:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 19:28 - 2014-03-12 23:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-09 19:28 - 2014-03-12 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-09 19:28 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 19:28 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 19:28 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 19:28 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 19:28 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 19:28 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 19:28 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 19:28 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 19:28 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 19:28 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 19:28 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 19:28 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 19:27 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt 2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt 2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle 2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-22 18:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-22 18:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-22 18:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-22 18:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe 2014-03-22 18:32 - 2014-03-22 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-04-16 20:11 - 2014-04-16 20:11 - 00009452 _____ () C:\Users\Mike\Desktop\FRST.txt 2014-04-16 20:11 - 2014-04-11 20:39 - 00000000 ____D () C:\FRST 2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\Malware Stuff 2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion 2014-04-16 20:10 - 2014-04-11 20:38 - 02158592 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe 2014-04-16 20:08 - 2014-04-16 20:08 - 02158592 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe 2014-04-16 19:48 - 2014-04-14 19:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 19:23 - 2013-07-26 21:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 19:02 - 2010-02-20 06:10 - 01219414 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 18:17 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 18:17 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 18:16 - 2014-04-16 18:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-16 18:15 - 2014-04-16 18:15 - 02347384 _____ (ESET) C:\Users\Mike\Downloads\esetsmartinstaller_enu.exe 2014-04-16 18:09 - 2013-07-26 21:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 18:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 18:09 - 2009-07-14 00:51 - 00097441 _____ () C:\Windows\setupact.log 2014-04-16 18:08 - 2014-04-16 18:00 - 00000000 ____D () C:\AdwCleaner 2014-04-16 17:59 - 2014-04-16 17:59 - 01426178 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe 2014-04-16 17:52 - 2014-04-16 17:52 - 00008191 _____ () C:\Users\Mike\Desktop\JRT.txt 2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 17:45 - 2014-04-16 17:44 - 01016261 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2014-04-16 17:44 - 2014-04-16 17:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-04-16 17:44 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Mike\Desktop\mbar 2014-04-16 17:07 - 2014-04-14 19:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 17:06 - 2014-04-16 17:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Mike\Desktop\mbar-1.07.0.1009.exe 2014-04-15 20:15 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Word 2014-04-15 18:25 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Excel 2014-04-15 18:25 - 2010-03-21 21:47 - 00000000 ____D () C:\Unzipped 2014-04-15 18:18 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Big Heart Pet 2014-04-15 18:17 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 18:03 - 2014-04-15 17:58 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine 2014-04-15 18:01 - 2014-04-15 18:01 - 00002969 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_04152014_180112.txt 2014-04-15 17:57 - 2014-04-15 17:57 - 04527616 _____ () C:\Users\Mike\Desktop\RogueKillerX64.exe 2014-04-15 17:51 - 2014-04-15 17:51 - 00000000 ____D () C:\Windows\ERDNT 2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\postgres\Desktop\NTREGOPT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\postgres\Desktop\ERUNT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\Mike\Desktop\ERUNT.lnk 2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-04-15 17:48 - 2014-04-15 17:48 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Desktop\erunt-setup.exe 2014-04-15 17:47 - 2014-04-15 17:43 - 00002040 _____ () C:\Users\Mike\Desktop\Rkill.txt 2014-04-15 17:43 - 2014-04-15 17:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mike\Desktop\rkill.exe 2014-04-15 17:36 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Travel 2014-04-15 17:25 - 2013-07-07 08:41 - 00027648 ___SH () C:\Users\Mike\Documents\Thumbs.db 2014-04-14 20:03 - 2014-04-14 20:04 - 00000346 _____ () C:\Users\Mike\Desktop\buffet.txt 2014-04-14 19:04 - 2014-04-14 19:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-14 19:04 - 2014-04-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-14 19:04 - 2012-07-21 12:06 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes 2014-04-14 19:04 - 2012-07-21 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-12 19:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 12:21 - 2012-06-13 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-12 12:21 - 2011-07-22 18:15 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job 2014-04-11 20:59 - 2011-10-29 08:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-11 20:59 - 2011-07-22 18:15 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike 2014-04-11 20:59 - 2010-04-05 19:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-11 20:57 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate 2014-04-11 20:57 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant 2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-10 19:58 - 2010-03-21 17:41 - 00416770 _____ () C:\Windows\PFRO.log 2014-04-10 19:31 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Banking 2014-04-10 18:54 - 2010-03-23 21:45 - 00000000 ____D () C:\Users\postgres 2014-04-09 21:10 - 2010-03-22 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 21:09 - 2013-08-14 21:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 21:07 - 2010-03-22 19:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 19:41 - 2012-11-27 20:34 - 00000000 ____D () C:\Users\Mike\dwhelper 2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt 2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt 2014-04-06 21:49 - 2010-03-23 20:01 - 00000000 ___RD () C:\Del Monte 2014-04-06 08:41 - 2010-03-27 08:39 - 00000687 _____ () C:\Windows\ULead32.ini 2014-04-05 18:07 - 2010-03-21 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FileZilla 2014-04-05 17:25 - 2010-03-24 18:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\PrimoPDF 2014-04-04 22:17 - 2010-03-21 22:01 - 00000000 ____D () C:\Users\Mike\Documents\House 2014-04-03 15:18 - 2013-07-26 21:09 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 15:18 - 2013-07-26 21:09 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 09:51 - 2014-04-14 19:04 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2012-07-21 12:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 03:01 - 2012-04-30 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-03 03:01 - 2011-01-26 21:17 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-03 03:01 - 2011-01-26 21:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-29 18:56 - 2010-03-23 21:51 - 00000000 ____D () C:\Poker 2014-03-29 10:13 - 2010-03-21 17:17 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-29 10:13 - 2010-03-21 17:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle 2014-03-22 18:38 - 2013-12-21 00:29 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-22 18:37 - 2010-03-22 21:27 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe 2014-03-22 18:33 - 2014-03-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-21 16:26 - 2010-03-21 21:41 - 00000000 ____D () C:\Users\Mike\Documents\Quicken Some content of TEMP: ==================== C:\Users\Mike\AppData\Local\Temp\aacenc3.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.0.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe C:\Users\Mike\AppData\Local\Temp\ffmpeg13.exe C:\Users\Mike\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Mike\AppData\Local\Temp\helper.exe C:\Users\Mike\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe C:\Users\Mike\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe C:\Users\Mike\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe C:\Users\Mike\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\lowproc.exe C:\Users\Mike\AppData\Local\Temp\npp.5.9.6.2.Installer.exe C:\Users\Mike\AppData\Local\Temp\ntdll_dump.dll C:\Users\Mike\AppData\Local\Temp\ose00000.exe C:\Users\Mike\AppData\Local\Temp\Quarantine.exe C:\Users\Mike\AppData\Local\Temp\Relay.dll C:\Users\Mike\AppData\Local\Temp\RelayL.dll C:\Users\Mike\AppData\Local\Temp\Resource.exe C:\Users\Mike\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\Mike\AppData\Local\Temp\sp44614.exe C:\Users\Mike\AppData\Local\Temp\sp46257.exe C:\Users\Mike\AppData\Local\Temp\sp49905.exe.exe C:\Users\Mike\AppData\Local\Temp\sp53904.exe C:\Users\Mike\AppData\Local\Temp\sp58915.exe C:\Users\Mike\AppData\Local\Temp\sqlite3.exe C:\Users\Mike\AppData\Local\Temp\stubhelper.dll C:\Users\Mike\AppData\Local\Temp\uninst.exe C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Mike\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe C:\Users\Mike\AppData\Local\Temp\vqnmbu23.dll C:\Users\Mike\AppData\Local\Temp\xmlUpdater.exe C:\Users\Mike\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 20:17 ==================== End Of Log ============================
  7. Did the steps above. Logs from Anti-Rootkit: ------------------------------------------------ MBAR-LOG: Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.04.10.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16866 Mike :: UPSTAIRSHP [administrator] 4/16/2014 5:08:23 PM mbar-log-2014-04-16 (17-08-23).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 321175 Time elapsed: 35 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ------------------------------------------------------------- System Log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16866 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.926000 GHz Memory total: 6298877952, free: 3709337600 Downloaded database version: v2014.04.10.07 Downloaded database version: v2014.03.27.01 ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1549F232 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1930711040 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1930917888 Numsec = 22603776 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  8. Thanks for your help in this...really appreciated it. Ran through the steps...didn't have any problems. Except am I right in assuming "Quick Scan" is now called "Hyper Scan"? There wasn't an option for Quick Scan anymore...at least I couldn't find one. The Hyper Scan found nothing, BTW. Below is the log from RogueKiller: RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Mike [Admin rights] Mode : Scan -- Date : 04/15/2014 18:01:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 2 ¤¤¤ [FF][PUP] jawq4ln3.default : Yontoo [FF][PUP] jawq4ln3.default : Video Download Toolbar ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65M2B0 +++++ --- User --- [MBR] d74fcb39b74548fdd4e2cfb03561cf6f [bSP] dea94089843d8b9c54e6828526a6923a : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942730 MB 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930917888 | Size: 11037 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_04152014_180112.txt >>
  9. Hi...keep getting the same popup: Successfully blocked access to a potentially malicious website: 162.210.192.22 Type: outgoing Port: 51610, process: firefox.exe Started last night and I ran a 'quick scan' and removed everything it found. Hoped that would do it but tonight it's back. Sometimes the website ends in 26 instead of 22. Also, often when I click on any link on a page, a new tab will open and grand poker's facebook login appears. Not sure if that's related but that also just started happening last night and continues today. Here's FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2014 Ran by Mike (administrator) on UPSTAIRSHP on 11-04-2014 20:40:01 Running from C:\Users\Mike\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.) HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [CPN Notifier] - C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2636680476-179157487-1729060321-1003\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF Extension: Video Download Toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-04-08] FF Extension: DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: Youtube To MP3 PRO converter - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2013-12-21] FF Extension: Yontoo - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\plugin@yontoo.com.xpi [2013-02-19] FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19] FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26] CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-11 20:40 - 2014-04-11 20:40 - 00020537 _____ () C:\Users\Mike\Desktop\FRST.txt 2014-04-11 20:39 - 2014-04-11 20:40 - 00000000 ____D () C:\FRST 2014-04-11 20:38 - 2014-04-11 20:38 - 02157056 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe 2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-09 19:28 - 2014-03-13 02:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 19:28 - 2014-03-13 02:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 19:28 - 2014-03-13 02:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-09 19:28 - 2014-03-13 02:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-09 19:28 - 2014-03-13 02:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-09 19:28 - 2014-03-13 02:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-09 19:28 - 2014-03-13 01:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 19:28 - 2014-03-13 01:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 19:28 - 2014-03-13 01:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-09 19:28 - 2014-03-13 00:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 19:28 - 2014-03-13 00:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 19:28 - 2014-03-12 23:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-09 19:28 - 2014-03-12 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-09 19:28 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 19:28 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 19:28 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 19:28 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 19:28 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 19:28 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 19:28 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 19:28 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 19:28 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 19:28 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 19:28 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 19:28 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 19:28 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 19:27 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt 2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt 2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle 2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-22 18:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-22 18:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-22 18:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-22 18:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe 2014-03-22 18:32 - 2014-03-22 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-12 18:43 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 18:43 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 18:43 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 18:43 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 18:43 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 18:43 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 18:43 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 18:43 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll ==================== One Month Modified Files and Folders ======= 2014-04-11 20:40 - 2014-04-11 20:40 - 00020537 _____ () C:\Users\Mike\Desktop\FRST.txt 2014-04-11 20:40 - 2014-04-11 20:39 - 00000000 ____D () C:\FRST 2014-04-11 20:38 - 2014-04-11 20:38 - 02157056 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe 2014-04-11 20:37 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Word 2014-04-11 20:23 - 2013-07-26 21:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-11 20:09 - 2012-06-13 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-11 20:02 - 2010-02-20 06:10 - 01063656 _____ () C:\Windows\WindowsUpdate.log 2014-04-11 19:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-11 19:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-11 19:52 - 2013-07-26 21:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-11 19:52 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-11 19:51 - 2009-07-14 00:51 - 00097161 _____ () C:\Windows\setupact.log 2014-04-10 19:58 - 2010-03-21 17:41 - 00416770 _____ () C:\Windows\PFRO.log 2014-04-10 19:56 - 2013-04-08 20:47 - 00000000 ____D () C:\Program Files (x86)\Minibar 2014-04-10 19:31 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Banking 2014-04-10 19:02 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 18:54 - 2010-03-23 21:45 - 00000000 ____D () C:\Users\postgres 2014-04-09 21:10 - 2010-03-22 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 21:09 - 2013-08-14 21:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 21:07 - 2010-03-22 19:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 20:44 - 2011-07-22 18:15 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike 2014-04-09 20:44 - 2011-07-22 18:15 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job 2014-04-09 19:43 - 2010-03-21 21:47 - 00000000 ____D () C:\Unzipped 2014-04-09 19:41 - 2012-11-27 20:34 - 00000000 ____D () C:\Users\Mike\dwhelper 2014-04-08 19:27 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Travel 2014-04-08 19:27 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Excel 2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt 2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt 2014-04-06 21:49 - 2010-03-23 20:01 - 00000000 ___RD () C:\Del Monte 2014-04-06 08:41 - 2010-03-27 08:39 - 00000687 _____ () C:\Windows\ULead32.ini 2014-04-05 18:07 - 2010-03-21 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FileZilla 2014-04-05 17:25 - 2010-03-24 18:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\PrimoPDF 2014-04-04 22:17 - 2010-03-21 22:01 - 00000000 ____D () C:\Users\Mike\Documents\House 2014-04-04 20:43 - 2011-10-29 08:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-04 20:43 - 2010-04-05 19:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-04 20:42 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate 2014-04-04 20:42 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant 2014-04-03 15:18 - 2013-07-26 21:09 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 15:18 - 2013-07-26 21:09 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 03:01 - 2012-04-30 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-03 03:01 - 2011-01-26 21:17 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-03 03:01 - 2011-01-26 21:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-30 11:52 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Big Heart Pet 2014-03-29 18:56 - 2010-03-23 21:51 - 00000000 ____D () C:\Poker 2014-03-29 10:13 - 2010-03-21 17:17 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-03-29 10:13 - 2010-03-21 17:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle 2014-03-22 18:38 - 2013-12-21 00:29 - 00000000 ____D () C:\ProgramData\Oracle 2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-22 18:37 - 2010-03-22 21:27 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe 2014-03-22 18:33 - 2014-03-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-21 16:26 - 2010-03-21 21:41 - 00000000 ____D () C:\Users\Mike\Documents\Quicken 2014-03-13 19:45 - 2009-07-14 00:45 - 00451976 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 19:43 - 2013-01-20 14:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 19:43 - 2013-01-20 14:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 02:33 - 2014-04-09 19:28 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 02:33 - 2014-04-09 19:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 02:33 - 2014-04-09 19:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 02:32 - 2014-04-09 19:28 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 02:32 - 2014-04-09 19:28 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 02:32 - 2014-04-09 19:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 02:32 - 2014-04-09 19:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 02:32 - 2014-04-09 19:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 02:32 - 2014-04-09 19:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 02:31 - 2014-04-09 19:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 01:10 - 2014-04-09 19:28 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 01:10 - 2014-04-09 19:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 01:09 - 2014-04-09 19:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 00:57 - 2014-04-09 19:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 00:47 - 2014-04-09 19:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 23:59 - 2014-04-09 19:28 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-03-12 23:51 - 2014-04-09 19:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe Some content of TEMP: ==================== C:\Users\Mike\AppData\Local\Temp\aacenc3.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.0.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe C:\Users\Mike\AppData\Local\Temp\ffmpeg13.exe C:\Users\Mike\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Mike\AppData\Local\Temp\helper.exe C:\Users\Mike\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe C:\Users\Mike\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe C:\Users\Mike\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe C:\Users\Mike\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Mike\AppData\Local\Temp\lowproc.exe C:\Users\Mike\AppData\Local\Temp\npp.5.9.6.2.Installer.exe C:\Users\Mike\AppData\Local\Temp\ose00000.exe C:\Users\Mike\AppData\Local\Temp\Relay.dll C:\Users\Mike\AppData\Local\Temp\RelayL.dll C:\Users\Mike\AppData\Local\Temp\Resource.exe C:\Users\Mike\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\Mike\AppData\Local\Temp\sp44614.exe C:\Users\Mike\AppData\Local\Temp\sp46257.exe C:\Users\Mike\AppData\Local\Temp\sp49905.exe.exe C:\Users\Mike\AppData\Local\Temp\sp53904.exe C:\Users\Mike\AppData\Local\Temp\sp58915.exe C:\Users\Mike\AppData\Local\Temp\sqlite3.exe C:\Users\Mike\AppData\Local\Temp\stubhelper.dll C:\Users\Mike\AppData\Local\Temp\uninst.exe C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Mike\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe C:\Users\Mike\AppData\Local\Temp\vqnmbu23.dll C:\Users\Mike\AppData\Local\Temp\xmlUpdater.exe C:\Users\Mike\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 20:17 ==================== End Of Log ============================ And here's additional.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2014 Ran by Mike at 2014-04-11 20:40:37 Running from C:\Users\Mike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 4Free Video Converter 2 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version: - 4Free Studio) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version: - ) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) Any Video Converter 3.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Attachmate myEXTRA! Enterprise 7.11 (HKLM-x32\...\{ACA93BC6-A0E1-4032-BFD5-50D42BF64570}) (Version: 2002.0.0.0002 - Attachmate) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) Cake Poker 2.0 (HKLM-x32\...\Cake Poker 2.0) (Version: 2.0.1.2856 - Cake Poker N.V.) Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation) Cisco AnyConnect VPN Client (HKLM-x32\...\{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}) (Version: 2.5.1025 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software) ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse) Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.63.10.WIN.FullTilt.COM - ) GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech) honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Juicy Stakes 2.0 (HKLM-x32\...\Juicy Stakes 2.0) (Version: 2.0.1.6793 - Juicy Stakes) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MediaCoder 0.8.23.5530 (HKLM-x32\...\MediaCoder) (Version: 0.8.23.5530 - Broad Intelligence) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mihov Image Resizer 1.2 (remove only) (HKLM-x32\...\Mihov Image Resizer) (Version: - ) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - ) Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PokerDIY Tourney Manager (HKCU\...\3974447472.www.pokerdiy.com) (Version: - www.pokerdiy.com) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - ) PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version: - ) PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software) Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.4.14 - Intuit) Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden Replace! 5.01 (HKLM-x32\...\Replace!) (Version: 5.01 - Andrea Novero) Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.5 - SourceTec Software Co., LTD) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan) Universal Replayer (HKCU\...\Universal Replayer) (Version: - Universal Replayer) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech) Video Download Button (HKLM-x32\...\Video Download Button) (Version: - ) Video Download Toolbar 3.0.0.0 (HKLM-x32\...\Video Download Toolbar_is1) (Version: - Sakysoft s.r.l. uninominale) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION ==================== Restore Points ========================= 29-03-2014 12:49:54 Windows Update 02-04-2014 22:31:22 Windows Update 03-04-2014 07:00:26 Windows Update 06-04-2014 12:20:11 Windows Update 09-04-2014 23:28:59 Windows Update 10-04-2014 01:06:20 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {027DFDBB-975B-4B0B-A76D-23A428A7B368} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-03-25] (Hewlett-Packard) Task: {1FD9F65A-525D-4C77-89C7-A4C32D18E676} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {2266A9B0-1B75-4980-A4D1-B4CF28DDF9EB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {28F78A8E-DFA2-4B74-8D84-5A69FAA4C0BA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink) Task: {3923B924-06D4-4BDE-8683-57E15A015C6C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {3EF2FB85-616F-4D76-9169-A7BEFB9EECE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {4443BD2B-650A-402E-8DDB-28A36091E991} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {519A1AF4-7190-4BC4-A7FE-ABF3388155FE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {5DF6D90D-C3BD-4D09-ADED-854F1AD21DAF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation) Task: {60DF3353-0F6C-4A63-8CB1-A0EA9899C0D1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {99A6EB2B-3FEB-4BC2-B1EC-13144C02B24F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {A2F14AA8-B33B-4CC4-9716-8241CC32F2E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {A78CEEC4-52BE-4049-9675-FBF86F24939C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.) Task: {C5F3608B-8497-4954-B484-D58965A3CCDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D41C9172-7EB7-42DF-98DD-F2F5B97CB56C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard) Task: {E18AEDC4-14A8-4390-815B-8D5A138120F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.) Task: {E46B3B8D-FC6A-4431-BCE5-B2ED0111B7E7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {EBC04249-E796-407C-B92B-9A0EE1971557} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {F82BBBD8-8220-40D6-8364-D9D634CFB5FE} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.) Task: {FDAD03C8-DA14-4728-8E6E-7FA337E705B3} - System32\Tasks\HPCeeScheduleForMike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForMike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-24 18:42 - 2009-07-30 21:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2009-09-14 20:17 - 2009-09-14 20:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2008-09-19 03:03 - 2008-09-19 03:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll 2010-01-15 18:16 - 2009-10-02 17:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2006-11-06 18:18 - 2006-11-06 18:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll 2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll 2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll 2014-03-22 18:33 - 2014-03-22 18:33 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-03-22 18:33 - 2014-03-22 18:33 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-03-22 18:33 - 2014-03-22 18:33 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll 2014-04-11 20:06 - 2014-04-11 20:06 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID AlternateDataStreams: C:\ProgramData\Temp:2D6E5D55 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/11/2014 08:37:40 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/10/2014 07:54:52 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/09/2014 08:22:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/09/2014 08:20:59 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/09/2014 08:02:28 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/08/2014 07:32:49 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/07/2014 06:28:15 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/07/2014 06:26:28 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/07/2014 05:45:17 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/06/2014 03:46:46 PM) (Source: Application Hang) (User: ) Description: The program PDR.exe version 7.0.100.3503 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d68 Start Time: 01cf51d00ef56582 Termination Time: 13 Application Path: c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe Report Id: System errors: ============= Error: (04/03/2014 03:17:32 PM) (Source: Service Control Manager) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%1053 Error: (04/03/2014 03:17:32 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (03/10/2014 04:58:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.1579.0). Error: (03/10/2014 04:58:26 PM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1493.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (03/10/2014 06:40:11 AM) (Source: Microsoft Antimalware) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1493.0 Update Source: %NT AUTHORITY59 Update Stage: 4.4.0304.00 Source Path: 4.4.0304.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/05/2014 10:49:36 PM) (Source: Service Control Manager) (User: ) Description: The Windows Update service hung on starting. Error: (01/21/2014 07:28:28 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: ) Description: The CrystalSysInfo service failed to start due to the following error: %%2 Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: ) Description: The CrystalSysInfo service failed to start due to the following error: %%2 Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: ) Description: The CrystalSysInfo service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (04/11/2014 08:37:40 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/10/2014 07:54:52 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/09/2014 08:22:54 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8 Error: (04/09/2014 08:20:59 PM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/09/2014 08:02:28 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/08/2014 07:32:49 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/07/2014 06:28:15 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8 Error: (04/07/2014 06:26:28 PM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (04/07/2014 05:45:17 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (04/06/2014 03:46:46 PM) (Source: Application Hang)(User: ) Description: PDR.exe7.0.100.3503d6801cf51d00ef5658213c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 6007.08 MB Available physical RAM: 3300.67 MB Total Pagefile: 12012.34 MB Available Pagefile: 9069.91 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:920.63 GB) (Free:672.62 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.78 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=921 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=11 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks for any help! I have Malwarebytes Pro, if you need further information. Let me know if you need something else. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.