Jump to content

LyricXeeker BHO that won't go away


Recommended Posts

BHO: LyricXeeker: {17E58097-6CA5-448B-830F-2A19678248FB}

 

Hijackthis can't remove it      it sees it but the fix dosent remove it

 

I tried manually to remove it but Windows 7 dosent give me the option to disabe or delete   (Add on Manager)

 

I stopped it from placing adds and redirecting pages by........ Disabling 3rd party extensions in internet options

 

Malwarebytes took part of it out but not all    its still in explorer and chrome

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2
Run by Mitch Tiffin at 17:41:31 on 2013-07-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16382.14440 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: LyricXeeker: {17E58097-6CA5-448B-830F-2A19678248FB} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe




TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : NameServer = 68.94.156.1,68.94.157.1
TCP: Interfaces\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Firefox\Profiles\6kx2u9vk.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-2-22 22408]
R3 PaeFireStudio;PreSonus FireStudio;C:\Windows\System32\drivers\PaeFireStudio.sys [2011-1-24 214776]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\System32\drivers\PaeFireStudioAudio.sys [2011-1-24 39032]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\System32\drivers\PaeFireStudioMidi.sys [2011-1-24 42616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-2-22 16008]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-17 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-17 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-25 1255736]
S4 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-7-7 78336]
S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
.
=============== Created Last 30 ================
.
2013-07-29 21:17:37    388096    ----a-r-    C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-29 21:17:36    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-07-29 17:44:13    --------    d-----w-    C:\Program Files (x86)\fuLyriXeeker
2013-07-29 14:15:00    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C94DE392-5775-4998-893E-19766B32E463}\mpengine.dll
2013-07-28 07:20:24    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-18 22:26:04    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FBABFBF-68F4-44DF-9EE7-98B655B55482}\gapaengine.dll
2013-07-18 21:40:43    --------    d-----w-    C:\Program Files\iTunes
2013-07-18 21:40:43    --------    d-----w-    C:\Program Files\iPod
2013-07-18 21:40:43    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-07-18 21:39:09    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-12 03:10:59    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-12 03:10:58    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-12 03:10:58    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-12 03:10:54    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-12 03:10:54    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-11 12:53:55    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-07-23 21:44:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 21:44:42    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-27 22:34:56    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 22:34:52    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-06-27 22:34:52    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-22 20:11:30    5555190    ----a-w-    C:\tweaking.com_windows_repair_aio_setup.exe
2013-06-22 20:07:42    3858143    ----a-w-    C:\tweaking.com_registry_backup_setup.exe
2013-06-19 02:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-05-29 05:43:16    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-29 05:34:14    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 08:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 17:41:54.03 ===============
 

 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2011 9:38:29 AM
System Uptime: 7/29/2013 5:22:46 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A78T-E
Processor: AMD Phenom II X6 1090T Processor | AM3 | 3211/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 428.829 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 905.944 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1354.4 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_1043836C&REV_1000\4&29529F32&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_1043836C&REV_1000\4&29529F32&0&0001
Service: HdAudAddService
.
==== System Restore Points ===================
.
RP371: 7/18/2013 5:24:49 PM - Windows Update
RP372: 7/21/2013 6:30:27 PM - Windows Update
RP373: 7/21/2013 8:40:25 PM - Windows Update
RP374: 7/21/2013 8:50:59 PM - Removed Microsoft Silverlight
RP375: 7/25/2013 10:42:05 AM - Windows Update
RP376: 7/27/2013 8:12:27 PM - Removed Microsoft Silverlight
RP377: 7/27/2013 8:13:20 PM - Removed Microsoft Silverlight
RP378: 7/29/2013 9:14:13 AM - Windows Update
RP379: 7/29/2013 4:17:08 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
112dB Redline Monitor v1.0.4
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avid Studio
Avid Studio Bonus Content
Avid Studio Plugins
Belarc Advisor 8.1
Bonjour
BurnAware Free 4.1
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CD Click i-Studio
DraftSight
Dragon NaturallySpeaking 11
EPSON Artisan 830 Series Printer Uninstall
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
ERUNT 1.1j
EZdrummer
EZDrummer 64-bit
EZkeys Grand Piano 64
EZkeys Player 64-bit
EZXCocktail
FlipShare
FreeRIP v3.6
Futuremark SystemInfo
GEAR driver installer for x86 and x64
Google Chrome
Google Earth
Google Update Helper
HiJackThis
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
iTunes
Java 7 Update 25
Java Auto Updater
Knoll Light Factory EZ Studio
Logitech Gaming Software 7.00
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English
Magic Bullet Looks Studio
MAGIX Xtreme Print Studio 5.0.0.7399 (US)
Malwarebytes Anti-Malware version 1.75.0.1300
MasterWriter 2.0
Melodyne Runtime 4.1 (x64)
Melodyne singletrack
Memeo Instant Backup
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MixMeister BPM Analyzer 1.0
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Abbey Road 60s Drums Vintage
Native Instruments Guitar Rig 3
Native Instruments Guitar Rig 4
Native Instruments Komplete Elements
Native Instruments Kontakt 4
Native Instruments Kontakt Elements Selection R2
Native Instruments Reaktor 5
Native Instruments Reaktor Elements Selection
Native Instruments Reaktor Spark R2
Native Instruments Service Center
NVIDIA 3D Vision Controller Driver 307.83
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
On-Screen Takeoff
OpenOffice.org 3.4.1
PDF reDirect (remove only)
PDFill PDF Editor with FREE Writer and FREE Tools
Pinnacle Creative Pack Volume 1
Pinnacle Video Driver
PreSonus FaderPort
PreSonus Studio One 2 x64
PreSonus Studio One x64
PreSonus Universal Control 3.5.2.8028
PVSonyDll
QuickTime
Red Giant ToonIt Studio
Room EQ Wizard V5
SAMSUNG USB Driver for Mobile Phones
ScoreFitter Volume 1
ScoreFitter Volume 2
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio 8.0
Speccy
SpeedFan (remove only)
Superior Drummer 64-bit
Superior Drummer Installer
SureThing Express Labeler
swMSM
Toontrack solo
Toontrack solo 64 bit
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon V CAST Media Manager
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
VLC media player 2.0.5
.
==== Event Viewer Messages From Past Week ========
.
7/29/2013 5:28:42 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/29/2013 5:28:42 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/29/2013 5:28:42 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
7/29/2013 5:28:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/29/2013 5:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/29/2013 5:27:42 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-Resource-Exhaustion-Detector/Operational.
7/29/2013 5:26:36 PM, Error: Service Control Manager [7000]  - The PMEM service failed to start due to the following error:  This driver has been blocked from loading
7/29/2013 5:26:36 PM, Error: Application Popup [1060]  - \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2013 5:25:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-GroupPolicy/Operational.
7/23/2013 8:50:00 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
7/23/2013 8:50:00 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================


 

Link to post
Share on other sites

  • Root Admin

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 10.25.2

Run by Mitch Tiffin at 17:41:31 on 2013-07-29

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16382.14440 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


BHO: LyricXeeker: {17E58097-6CA5-448B-830F-2A19678248FB} - 

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe





TCP: NameServer = 192.168.1.254

TCP: Interfaces\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : NameServer = 68.94.156.1,68.94.157.1

TCP: Interfaces\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : DHCPNameServer = 192.168.1.254

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Firefox\Profiles\6kx2u9vk.default\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-2-22 22408]

R3 PaeFireStudio;PreSonus FireStudio;C:\Windows\System32\drivers\PaeFireStudio.sys [2011-1-24 214776]

R3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\System32\drivers\PaeFireStudioAudio.sys [2011-1-24 39032]

R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\System32\drivers\PaeFireStudioMidi.sys [2011-1-24 42616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-2-22 16008]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-17 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-17 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-25 1255736]

S4 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-7-7 78336]

S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]

S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

S4 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]

S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

.

=============== Created Last 30 ================

.

2013-07-29 21:17:37 388096 ----a-r- C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-29 21:17:36 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-29 17:44:13 -------- d-----w- C:\Program Files (x86)\fuLyriXeeker

2013-07-29 14:15:00 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C94DE392-5775-4998-893E-19766B32E463}\mpengine.dll

2013-07-28 07:20:24 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-18 22:26:04 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FBABFBF-68F4-44DF-9EE7-98B655B55482}\gapaengine.dll

2013-07-18 21:40:43 -------- d-----w- C:\Program Files\iTunes

2013-07-18 21:40:43 -------- d-----w- C:\Program Files\iPod

2013-07-18 21:40:43 -------- d-----w- C:\Program Files (x86)\iTunes

2013-07-18 21:39:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-07-12 03:10:59 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-12 03:10:58 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-12 03:10:58 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-12 03:10:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-12 03:10:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-07-11 12:53:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

.

==================== Find3M  ====================

.

2013-07-23 21:44:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-23 21:44:42 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-27 22:34:56 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-27 22:34:52 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-06-27 22:34:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-22 20:11:30 5555190 ----a-w- C:\tweaking.com_windows_repair_aio_setup.exe

2013-06-22 20:07:42 3858143 ----a-w- C:\tweaking.com_registry_backup_setup.exe

2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-01 08:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2013-05-01 08:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 17:41:54.03 ===============
Link to post
Share on other sites

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 1/22/2011 9:38:29 AM

System Uptime: 7/29/2013 5:22:46 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | M4A78T-E

Processor: AMD Phenom II X6 1090T Processor | AM3 | 3211/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 428.829 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 905.944 GiB free.

F: is FIXED (NTFS) - 1863 GiB total, 1354.4 GiB free.

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: High Definition Audio Device

Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_1043836C&REV_1000\4&29529F32&0&0001

Manufacturer: Microsoft

Name: High Definition Audio Device

PNP Device ID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_1043836C&REV_1000\4&29529F32&0&0001

Service: HdAudAddService

.

==== System Restore Points ===================

.

RP371: 7/18/2013 5:24:49 PM - Windows Update

RP372: 7/21/2013 6:30:27 PM - Windows Update

RP373: 7/21/2013 8:40:25 PM - Windows Update

RP374: 7/21/2013 8:50:59 PM - Removed Microsoft Silverlight

RP375: 7/25/2013 10:42:05 AM - Windows Update

RP376: 7/27/2013 8:12:27 PM - Removed Microsoft Silverlight

RP377: 7/27/2013 8:13:20 PM - Removed Microsoft Silverlight

RP378: 7/29/2013 9:14:13 AM - Windows Update

RP379: 7/29/2013 4:17:08 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

112dB Redline Monitor v1.0.4

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avid Studio

Avid Studio Bonus Content

Avid Studio Plugins

Belarc Advisor 8.1

Bonjour

BurnAware Free 4.1

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC 8

Canon Utilities MyCamera

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CD Click i-Studio

DraftSight

Dragon NaturallySpeaking 11

EPSON Artisan 830 Series Printer Uninstall

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

Epson Print CD

EPSON Scan

EpsonNet Print

EpsonNet Setup 3.3

ERUNT 1.1j

EZdrummer

EZDrummer 64-bit

EZkeys Grand Piano 64

EZkeys Player 64-bit

EZXCocktail

FlipShare

FreeRIP v3.6

Futuremark SystemInfo

GEAR driver installer for x86 and x64

Google Chrome

Google Earth

Google Update Helper

HiJackThis

ImageMixer 3 SE Ver.6 Transfer Utility

ImageMixer 3 SE Ver.6 Video Tools

iTunes

Java 7 Update 25

Java Auto Updater

Knoll Light Factory EZ Studio

Logitech Gaming Software 7.00

Lotus NotesSQL 3.01 driver

Lotus SmartSuite - English

Magic Bullet Looks Studio

MAGIX Xtreme Print Studio 5.0.0.7399 (US)

Malwarebytes Anti-Malware version 1.75.0.1300

MasterWriter 2.0

Melodyne Runtime 4.1 (x64)

Melodyne singletrack

Memeo Instant Backup

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MixMeister BPM Analyzer 1.0

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Native Instruments Abbey Road 60s Drums Vintage

Native Instruments Guitar Rig 3

Native Instruments Guitar Rig 4

Native Instruments Komplete Elements

Native Instruments Kontakt 4

Native Instruments Kontakt Elements Selection R2

Native Instruments Reaktor 5

Native Instruments Reaktor Elements Selection

Native Instruments Reaktor Spark R2

Native Instruments Service Center

NVIDIA 3D Vision Controller Driver 307.83

NVIDIA Control Panel 307.83

NVIDIA Display Control Panel

NVIDIA Graphics Driver 307.83

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

On-Screen Takeoff

OpenOffice.org 3.4.1

PDF reDirect (remove only)

PDFill PDF Editor with FREE Writer and FREE Tools

Pinnacle Creative Pack Volume 1

Pinnacle Video Driver

PreSonus FaderPort

PreSonus Studio One 2 x64

PreSonus Studio One x64

PreSonus Universal Control 3.5.2.8028

PVSonyDll

QuickTime

Red Giant ToonIt Studio

Room EQ Wizard V5

SAMSUNG USB Driver for Mobile Phones

ScoreFitter Volume 1

ScoreFitter Volume 2

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 

Sony DVD Architect Studio 4.5

Sony Vegas Movie Studio 8.0

Speccy

SpeedFan (remove only)

Superior Drummer 64-bit

Superior Drummer Installer

SureThing Express Labeler

swMSM

Toontrack solo

Toontrack solo 64 bit

Trapcode 3DStroke Studio

Trapcode Particular Studio

Trapcode Shine Studio

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

Tweaking.com - Windows Repair (All in One)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Verizon V CAST Media Manager

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

VLC media player 2.0.5

.

==== Event Viewer Messages From Past Week ========

.

7/29/2013 5:28:42 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/29/2013 5:28:42 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

7/29/2013 5:28:42 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

7/29/2013 5:28:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

7/29/2013 5:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

7/29/2013 5:27:42 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-Resource-Exhaustion-Detector/Operational.

7/29/2013 5:26:36 PM, Error: Service Control Manager [7000]  - The PMEM service failed to start due to the following error:  This driver has been blocked from loading

7/29/2013 5:26:36 PM, Error: Application Popup [1060]  - \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/29/2013 5:25:17 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-GroupPolicy/Operational.

7/23/2013 8:50:00 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.

7/23/2013 8:50:00 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

 

Link to post
Share on other sites

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Mitch Tiffin [Admin rights]

Mode : Scan -- Date : 08/01/2013 16:51:18

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[DNS] HKLM\[...]\CCSet\[...]\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : NameServer (68.94.156.1,68.94.157.1) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : NameServer (68.94.156.1,68.94.157.1) -> FOUND

[DNS] HKLM\[...]\CS002\[...]\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2} : NameServer (68.94.156.1,68.94.157.1) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\m tiffin\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++

--- User ---

[MBR] f788b7543368b372fbce54d71f4866da

[bSP] 3bc7fae69c5613d12ec2d6546920ba80 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++

--- User ---

[MBR] 0ac91f515b3549d7e81ddc40f5f48404

[bSP] 31c0fe7176466ccf32fa109f73be949d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive2: ST31000528AS ATA Device +++++

--- User ---

[MBR] 61b1e40b46ea59eb5c1e96fc38bfb77d

[bSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_08012013_165118.txt >>
Link to post
Share on other sites


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.9 (07.30.2013:1)

OS: Windows 7 Professional x64

Ran by Mitch Tiffin on Thu 08/01/2013 at 17:46:49.44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Mitch Tiffin\AppData\Roaming\mozilla\firefox\profiles\6kx2u9vk.default\minidumps [259 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 08/01/2013 at 17:49:49.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013

Ran by Mitch Tiffin (administrator) on 01-08-2013 22:05:36

Running from C:\Users\Mitch Tiffin\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [104008 2010-11-16] (Logitech Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\MasterWriter 2.0\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab


DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{CD3FA0B9-0756-415F-A362-3FA1224F3BF2}: [NameServer]68.94.156.1,68.94.157.1

 

FireFox:

========

FF ProfilePath: C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Firefox\Profiles\6kx2u9vk.default


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

FF Extension: No Name - C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: TinEye Reverse Image Search - C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Firefox\Profiles\6kx2u9vk.default\Extensions\tineye@ideeinc.com

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

 

Chrome: 

=======



CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

CHR Extension: (Google Docs) - C:\Users\MITCHT~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

S4 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-07-07] (Dassault Systèmes)

S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()

S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R3 PaeFireStudio; C:\Windows\System32\Drivers\PaeFireStudio.sys [214776 2010-10-14] (PreSonus Audio Electronics)

R3 PaeFireStudioAudio; C:\Windows\System32\drivers\PaeFireStudioAudio.sys [39032 2010-10-14] (PreSonus Audio Electronics)

R3 PaeFireStudioMidi; C:\Windows\System32\drivers\PaeFireStudioMidi.sys [42616 2010-10-14] (PreSonus Audio Electronics)

S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation)

S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)

R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-01 18:10 - 2013-08-01 18:10 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-01 17:55 - 2013-08-01 17:55 - 00001214 _____ C:\AdwCleaner[s5].txt

2013-08-01 17:54 - 2013-08-01 17:54 - 00001154 _____ C:\AdwCleaner[R19].txt

2013-08-01 17:49 - 2013-08-01 17:49 - 00001255 _____ C:\Users\Mitch Tiffin\Desktop\JRT.txt

2013-08-01 17:46 - 2013-08-01 17:46 - 00000000 ____D C:\Windows\ERUNT

2013-08-01 17:45 - 2013-08-01 17:45 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Mitch Tiffin\Downloads\JRT.exe

2013-08-01 17:45 - 2013-08-01 17:45 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Mitch Tiffin\Desktop\JRT.exe

2013-08-01 17:10 - 2013-08-01 22:02 - 00000000 ____D C:\computer work

2013-08-01 16:51 - 2013-08-01 17:07 - 00003289 _____ C:\Users\Mitch Tiffin\Desktop\RKreport[0]_S_08012013_165118.txt

2013-08-01 16:32 - 2013-08-01 16:32 - 03782656 _____ C:\Users\Mitch Tiffin\Desktop\RogueKillerX64.exe

2013-08-01 13:05 - 2013-08-01 13:05 - 00000000 ____D C:\Windows\system32\MRT

2013-07-29 17:42 - 2013-07-29 17:42 - 00014349 _____ C:\Users\Mitch Tiffin\Desktop\attach.txt

2013-07-29 17:42 - 2013-07-29 17:41 - 00014762 _____ C:\Users\Mitch Tiffin\Desktop\dds.txt

2013-07-29 16:17 - 2013-07-29 16:21 - 00000000 ____D C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2013-07-29 16:17 - 2013-07-29 16:17 - 00003007 _____ C:\Users\Mitch Tiffin\Desktop\HiJackThisShort cut.lnk

2013-07-29 16:17 - 2013-07-29 16:17 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-07-29 16:15 - 2013-07-29 16:15 - 01402880 _____ C:\Users\Mitch Tiffin\Downloads\HiJackThis.msi

2013-07-29 15:36 - 2013-07-29 15:36 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Mitch Tiffin\Downloads\rkill.exe

2013-07-29 15:20 - 2013-07-29 15:20 - 00001093 _____ C:\AdwCleaner[R18].txt

2013-07-29 12:46 - 2013-07-29 12:46 - 00001178 _____ C:\AdwCleaner[s4].txt

2013-07-29 12:45 - 2013-07-29 12:46 - 00001010 _____ C:\AdwCleaner[R17].txt

2013-07-29 12:44 - 2013-08-01 18:00 - 00000402 _____ C:\Windows\Tasks\LyricXeeker Update.job

2013-07-29 12:44 - 2013-07-29 12:44 - 00003064 _____ C:\Windows\System32\Tasks\LyricXeeker Update

2013-07-29 12:44 - 2013-07-29 12:44 - 00000000 ____D C:\Program Files (x86)\fuLyriXeeker

2013-07-29 12:38 - 2013-07-29 12:38 - 00640864 _____ C:\Users\Mitch Tiffin\Downloads\FreeYouTubeDownloaderInstallerIC.exe

2013-07-27 18:43 - 2013-07-27 18:43 - 00892040 _____ (CNET Download.com) C:\Users\Mitch Tiffin\Downloads\cbsidlm-cbsi127-Free_Youtube_Downloader_Converter-SEO-75891114.exe

2013-07-26 10:24 - 2013-07-26 10:24 - 00000898 _____ C:\Users\Mitch Tiffin\Desktop\123w - Shortcut.lnk

2013-07-24 07:03 - 2013-07-24 07:03 - 05373340 _____ C:\Users\Mitch Tiffin\Downloads\tweaking.com_windows_repair_aio_setup.exe

2013-07-21 11:05 - 2013-07-21 11:05 - 00001714 _____ C:\Users\Mitch Tiffin\Desktop\CMA Songwriters Series _ _There Goes My Life_ - YouTube - Shortcut.lnk

2013-07-21 11:05 - 2013-07-21 11:05 - 00000925 _____ C:\Users\Mitch Tiffin\Desktop\There Goes My Life - Shortcut.lnk

2013-07-21 10:56 - 2013-07-21 10:56 - 00000940 _____ C:\Users\Mitch Tiffin\Desktop\Paint me a Birmingham - Shortcut.lnk

2013-07-21 10:16 - 2013-07-21 10:16 - 00666633 _____ C:\Users\Mitch Tiffin\Desktop\adwcleaner.exe

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files\iTunes

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files\iPod

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-07-18 16:39 - 2013-07-18 16:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-07-11 22:23 - 2013-05-29 01:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-11 22:23 - 2013-05-29 00:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-11 22:23 - 2013-05-29 00:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-11 22:23 - 2013-05-29 00:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-11 22:23 - 2013-05-29 00:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-11 22:23 - 2013-05-29 00:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-11 22:23 - 2013-05-29 00:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-11 22:23 - 2013-05-29 00:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-11 22:23 - 2013-05-29 00:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-11 22:23 - 2013-05-29 00:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-11 22:23 - 2013-05-29 00:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-11 22:23 - 2013-05-29 00:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-11 22:23 - 2013-05-29 00:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-11 22:23 - 2013-05-29 00:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-11 22:23 - 2013-05-29 00:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-11 22:23 - 2013-05-29 00:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-11 22:23 - 2013-05-28 20:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-11 22:23 - 2013-05-28 20:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-11 22:23 - 2013-05-28 20:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-11 22:23 - 2013-05-28 20:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-07-11 22:23 - 2013-05-28 20:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-11 22:23 - 2013-05-28 20:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-11 22:23 - 2013-05-28 20:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-07-11 22:23 - 2013-05-28 20:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 22:23 - 2013-05-28 20:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-07-11 22:23 - 2013-05-28 20:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-07-11 22:23 - 2013-05-28 20:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-11 22:23 - 2013-05-28 20:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 22:23 - 2013-05-28 20:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-11 22:23 - 2013-05-28 20:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-11 22:23 - 2013-05-28 20:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-07-11 22:23 - 2013-05-28 20:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-11 22:11 - 2013-05-08 01:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-11 22:11 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-11 22:11 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-11 22:11 - 2013-04-12 09:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2013-07-11 22:11 - 2013-04-10 01:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-07-11 22:11 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2013-07-11 22:11 - 2013-03-19 00:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-11 22:11 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2013-07-11 22:11 - 2013-02-27 01:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2013-07-11 22:11 - 2013-02-27 00:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-07-11 22:11 - 2013-02-27 00:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-07-11 22:11 - 2013-02-27 00:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-07-11 22:11 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2013-07-11 22:11 - 2013-02-26 23:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-07-11 22:11 - 2013-02-26 23:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-07-11 22:11 - 2013-02-26 23:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-07-11 22:11 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-07-11 22:10 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-11 22:10 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-11 22:10 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-11 22:10 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-11 22:10 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-11 07:53 - 2013-07-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-07-06 19:48 - 2013-07-06 19:48 - 14595178 _____ C:\Users\Mitch Tiffin\Downloads\Rascal Flatts _ Cascada - What Hurts The Most (Boyce Avenue acoustic cover) on iTunes‬ & Spotify - YouTube.mp4

2013-07-06 14:11 - 2013-07-06 14:02 - 462661632 _____ C:\Users\Mitch Tiffin\Downloads\00001.MTS

2013-07-06 09:46 - 2013-07-06 09:48 - 55433469 _____ C:\Users\Mitch Tiffin\Downloads\Guitar Lesson- Eric Clapton Acoustic Blues - YouTube.mp4

2013-07-05 18:44 - 2012-01-01 00:10 - 439514184 _____ C:\Users\Mitch Tiffin\Downloads\ZOOM0001.MOV

107

 

==================== One Month Modified Files and Folders =======

 

2013-08-01 22:04 - 2013-08-01 22:04 - 01781485 _____ (Farbar) C:\Users\Mitch Tiffin\Desktop\FRST64.exe

2013-08-01 22:02 - 2013-08-01 17:10 - 00000000 ____D C:\computer work

2013-08-01 21:36 - 2013-05-27 21:11 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-01 18:11 - 2011-01-22 10:37 - 01212303 _____ C:\Windows\WindowsUpdate.log

2013-08-01 18:10 - 2013-08-01 18:10 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-01 18:08 - 2009-07-13 23:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-01 18:08 - 2009-07-13 23:45 - 00015376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-01 18:01 - 2013-05-27 21:11 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-01 18:00 - 2013-07-29 12:44 - 00000402 _____ C:\Windows\Tasks\LyricXeeker Update.job

2013-08-01 17:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-01 17:58 - 2009-07-13 23:51 - 00116158 _____ C:\Windows\setupact.log

2013-08-01 17:55 - 2013-08-01 17:55 - 00001214 _____ C:\AdwCleaner[s5].txt

2013-08-01 17:54 - 2013-08-01 17:54 - 00001154 _____ C:\AdwCleaner[R19].txt

2013-08-01 17:49 - 2013-08-01 17:49 - 00001255 _____ C:\Users\Mitch Tiffin\Desktop\JRT.txt

2013-08-01 17:46 - 2013-08-01 17:46 - 00000000 ____D C:\Windows\ERUNT

2013-08-01 17:45 - 2013-08-01 17:45 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Mitch Tiffin\Downloads\JRT.exe

2013-08-01 17:45 - 2013-08-01 17:45 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Mitch Tiffin\Desktop\JRT.exe

2013-08-01 17:43 - 2013-06-09 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-01 17:07 - 2013-08-01 16:51 - 00003289 _____ C:\Users\Mitch Tiffin\Desktop\RKreport[0]_S_08012013_165118.txt

2013-08-01 16:44 - 2013-05-29 20:39 - 00000000 ____D C:\Users\Mitch Tiffin\Desktop\RK_Quarantine

2013-08-01 16:32 - 2013-08-01 16:32 - 03782656 _____ C:\Users\Mitch Tiffin\Desktop\RogueKillerX64.exe

2013-08-01 16:29 - 2013-05-29 06:04 - 00000000 ____D C:\Windows\ERDNT

2013-08-01 13:08 - 2013-08-01 13:05 - 00000000 ____D C:\Windows\system32\MRT

2013-08-01 06:10 - 2011-12-23 17:56 - 00000000 ____D C:\Users\Mitch Tiffin\AppData\Roaming\Celemony Software GmbH

2013-07-31 22:38 - 2013-05-27 21:13 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-07-29 18:08 - 2013-06-12 06:20 - 00007603 _____ C:\Users\MITCHT~1\AppData\Local\resmon.resmoncfg

2013-07-29 17:42 - 2013-07-29 17:42 - 00014349 _____ C:\Users\Mitch Tiffin\Desktop\attach.txt

2013-07-29 17:41 - 2013-07-29 17:42 - 00014762 _____ C:\Users\Mitch Tiffin\Desktop\dds.txt

2013-07-29 17:22 - 2011-01-25 08:56 - 00022986 _____ C:\Windows\PFRO.log

2013-07-29 16:21 - 2013-07-29 16:17 - 00000000 ____D C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2013-07-29 16:17 - 2013-07-29 16:17 - 00003007 _____ C:\Users\Mitch Tiffin\Desktop\HiJackThisShort cut.lnk

2013-07-29 16:17 - 2013-07-29 16:17 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-07-29 16:15 - 2013-07-29 16:15 - 01402880 _____ C:\Users\Mitch Tiffin\Downloads\HiJackThis.msi

2013-07-29 15:36 - 2013-07-29 15:36 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Mitch Tiffin\Downloads\rkill.exe

2013-07-29 15:20 - 2013-07-29 15:20 - 00001093 _____ C:\AdwCleaner[R18].txt

2013-07-29 12:46 - 2013-07-29 12:46 - 00001178 _____ C:\AdwCleaner[s4].txt

2013-07-29 12:46 - 2013-07-29 12:45 - 00001010 _____ C:\AdwCleaner[R17].txt

2013-07-29 12:44 - 2013-07-29 12:44 - 00003064 _____ C:\Windows\System32\Tasks\LyricXeeker Update

2013-07-29 12:44 - 2013-07-29 12:44 - 00000000 ____D C:\Program Files (x86)\fuLyriXeeker

2013-07-29 12:38 - 2013-07-29 12:38 - 00640864 _____ C:\Users\Mitch Tiffin\Downloads\FreeYouTubeDownloaderInstallerIC.exe

2013-07-29 10:10 - 2009-07-14 00:13 - 00730512 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-28 20:02 - 2011-01-31 20:08 - 00000000 ____D C:\Windows\pss

2013-07-27 18:43 - 2013-07-27 18:43 - 00892040 _____ (CNET Download.com) C:\Users\Mitch Tiffin\Downloads\cbsidlm-cbsi127-Free_Youtube_Downloader_Converter-SEO-75891114.exe

2013-07-27 17:10 - 2011-02-04 19:20 - 00000000 ____D C:\Users\Mitch Tiffin\Documents\NSAI

2013-07-26 10:24 - 2013-07-26 10:24 - 00000898 _____ C:\Users\Mitch Tiffin\Desktop\123w - Shortcut.lnk

2013-07-25 11:01 - 2011-01-22 10:38 - 00000000 ____D C:\Users\Mitch Tiffin

2013-07-24 07:04 - 2013-06-22 18:21 - 00002163 _____ C:\Users\Mitch Tiffin\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2013-07-24 07:03 - 2013-07-24 07:03 - 05373340 _____ C:\Users\Mitch Tiffin\Downloads\tweaking.com_windows_repair_aio_setup.exe

2013-07-23 16:44 - 2012-04-05 09:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-07-23 16:44 - 2011-05-17 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-07-23 16:44 - 2011-01-24 19:47 - 00000000 ____D C:\Users\MITCHT~1\AppData\Local\Adobe

2013-07-23 16:00 - 2012-04-26 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-21 20:46 - 2012-08-09 21:09 - 00001945 _____ C:\Windows\epplauncher.mif

2013-07-21 20:46 - 2012-08-09 21:09 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-07-21 20:45 - 2012-08-09 21:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-07-21 14:15 - 2011-09-26 20:53 - 00000000 ____D C:\Program Files (x86)\MasterWriter 2.0

2013-07-21 11:05 - 2013-07-21 11:05 - 00001714 _____ C:\Users\Mitch Tiffin\Desktop\CMA Songwriters Series _ _There Goes My Life_ - YouTube - Shortcut.lnk

2013-07-21 11:05 - 2013-07-21 11:05 - 00000925 _____ C:\Users\Mitch Tiffin\Desktop\There Goes My Life - Shortcut.lnk

2013-07-21 10:56 - 2013-07-21 10:56 - 00000940 _____ C:\Users\Mitch Tiffin\Desktop\Paint me a Birmingham - Shortcut.lnk

2013-07-21 10:16 - 2013-07-21 10:16 - 00666633 _____ C:\Users\Mitch Tiffin\Desktop\adwcleaner.exe

2013-07-21 08:33 - 2011-11-10 19:14 - 00001001 _____ C:\Users\Public\Desktop\Studio One 2 x64.lnk

2013-07-19 21:50 - 2012-12-11 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-19 09:41 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files\iTunes

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files\iPod

2013-07-18 16:40 - 2013-07-18 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-07-18 16:40 - 2013-07-18 16:39 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-07-18 16:40 - 2011-03-06 11:57 - 00000000 ____D C:\ProgramData\Apple Computer

2013-07-12 09:31 - 2013-05-27 21:11 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-07-12 09:31 - 2013-05-27 21:11 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-07-12 08:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-07-12 07:19 - 2011-01-22 10:38 - 00000000 ___RD C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-07-12 07:19 - 2011-01-22 10:38 - 00000000 ___RD C:\Users\Mitch Tiffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-07-12 07:18 - 2009-07-13 23:45 - 00545872 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-12 07:12 - 2009-07-14 02:47 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-12 07:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-12 07:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-11 22:24 - 2011-01-24 22:40 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-11 07:53 - 2013-07-11 07:53 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-07-11 07:53 - 2012-11-15 09:31 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2013-07-09 18:11 - 2011-01-24 20:01 - 00000000 ____D C:\Users\Mitch Tiffin\Documents\Studio One

2013-07-08 07:28 - 2012-11-03 15:35 - 00000000 ____D C:\Scans

2013-07-07 12:54 - 2011-03-28 23:58 - 00000000 ____D C:\Users\Mitch Tiffin\AppData\Roaming\vlc

2013-07-06 19:52 - 2012-01-01 16:02 - 00005620 _____ C:\Users\Mitch Tiffin\AppData\Roaming\MITCHTIFFIN-PC.MTBF.txt

2013-07-06 19:52 - 2012-01-01 16:02 - 00000000 ____D C:\Users\MITCHT~1\AppData\Local\Avid

2013-07-06 19:52 - 2012-01-01 15:53 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI

2013-07-06 19:48 - 2013-07-06 19:48 - 14595178 _____ C:\Users\Mitch Tiffin\Downloads\Rascal Flatts _ Cascada - What Hurts The Most (Boyce Avenue acoustic cover) on iTunes‬ & Spotify - YouTube.mp4

2013-07-06 14:29 - 2011-01-29 16:11 - 00000000 ____D C:\Users\Mitch Tiffin\Documents\Alarmtechs

2013-07-06 14:02 - 2013-07-06 14:11 - 462661632 _____ C:\Users\Mitch Tiffin\Downloads\00001.MTS

2013-07-06 09:48 - 2013-07-06 09:46 - 55433469 _____ C:\Users\Mitch Tiffin\Downloads\Guitar Lesson- Eric Clapton Acoustic Blues - YouTube.mp4

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-07-23 00:52

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013

Ran by Mitch Tiffin at 2013-08-01 22:06:05

Running from C:\Users\Mitch Tiffin\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

   

 Update for Microsoft Office 2007 (KB2508958) (x32)

112dB Redline Monitor v1.0.4 (x32 Version: 1.0)

64 Bit HP CIO Components Installer (Version: 8.2.1)

Adobe AIR (x32 Version: 2.5.1.17730)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)

Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Avid Studio (x32 Version: 1.1.0.2887)

Avid Studio Bonus Content (x32 Version: 1.0.0.325)

Avid Studio Plugins (x32 Version: 1.0.0.2804)

Belarc Advisor 8.1 (x32)

Bonjour (Version: 3.0.0.10)

BurnAware Free 4.1 (x32)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)

Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)

Canon Utilities CameraWindow (x32 Version: 7.4.0.7)

Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11)

Canon Utilities MyCamera (x32 Version: 7.3.0.5)

Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)

Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)

CD Click i-Studio (HKCU Version: 2.2.1.100)

DraftSight (x32 Version: 9.1.173)

Dragon NaturallySpeaking 11 (x32 Version: 11.50.100)

Epson CreativeZone (x32)

Epson Easy Photo Print 2 (x32 Version: 2.2.3.1)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (x32)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000)

Epson Event Manager (x32 Version: 2.40.0001)

Epson FAX Utility (x32 Version: 1.10.00)

Epson PC-FAX Driver (x32)

Epson Print CD (x32 Version: 2.00.00)

EPSON Scan (x32)

EpsonNet Print (x32 Version: 2.4j)

EpsonNet Setup 3.3 (x32 Version: 3.3b)

ERUNT 1.1j (x32)

ESET Online Scanner v3 (x32)

EZdrummer (x32 Version: 1.3.1)

EZDrummer 64-bit (Version: 1.3.2)

EZkeys Grand Piano 64 (Version: 1.0.2)

EZkeys Player 64-bit (Version: 1.1.0)

EZXCocktail (x32 Version: 1.2.4)

FlipShare (x32 Version: 5.12.3.0)

FreeRIP v3.6 (x32 Version: 3.6)

Futuremark SystemInfo (x32 Version: 3.21.2.1)

GEAR driver installer for x86 and x64 (x32 Version: 4.016.2)

Google Chrome (x32 Version: 28.0.1500.95)

Google Earth (x32 Version: 6.2.2.6613)

Google Update Helper (x32 Version: 1.3.21.153)

HiJackThis (x32 Version: 1.0.0)

ImageMixer 3 SE Ver.6 Transfer Utility (x32 Version: 6.00.018)

ImageMixer 3 SE Ver.6 Video Tools (x32 Version: 6.00.019)

iTunes (Version: 11.0.2.25)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Knoll Light Factory EZ Studio (x32)

Logitech Gaming Software 7.00 (Version: 7.00.291)

Lotus NotesSQL 3.01 driver (x32)

Lotus SmartSuite - English (x32 Version: 9.8.0)

Magic Bullet Looks Studio (x32)

MAGIX Xtreme Print Studio 5.0.0.7399 (US) (x32 Version: 5.0.0.7399)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MasterWriter 2.0 (x32)

Melodyne Runtime 4.1 (x64) (Version: 1.0.0)

Melodyne Runtime 4.1 (x64) (Version: 1.0.1)

Melodyne singletrack (x32 Version: 2.01.0045)

Memeo Instant Backup (x32 Version: 4.60.0.7876)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.3.0215.0)

Microsoft Security Essentials (Version: 4.3.215.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

MixMeister BPM Analyzer 1.0 (x32)

Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Native Instruments Abbey Road 60s Drums Vintage (Version: 1.0.0.001)

Native Instruments Abbey Road 60s Drums Vintage (x32)

Native Instruments Guitar Rig 3 (Version: 3.2.1.004)

Native Instruments Guitar Rig 3 (x32)

Native Instruments Guitar Rig 4 (Version: 4.1.0.1751)

Native Instruments Guitar Rig 4 (x32)

Native Instruments Komplete Elements (Version: 7.0.0.001)

Native Instruments Komplete Elements (x32)

Native Instruments Kontakt 4 (Version: 4.1.0.3681)

Native Instruments Kontakt 4 (x32)

Native Instruments Kontakt Elements Selection R2 (Version: 1.0.0.002)

Native Instruments Kontakt Elements Selection R2 (x32)

Native Instruments Reaktor 5 (Version: 5.5.0.10484)

Native Instruments Reaktor 5 (x32)

Native Instruments Reaktor Elements Selection (Version: 1.0.0.002)

Native Instruments Reaktor Elements Selection (x32)

Native Instruments Reaktor Spark R2 (Version: 1.0.0.001)

Native Instruments Reaktor Spark R2 (x32)

Native Instruments Service Center (Version: 2.2.5.596)

Native Instruments Service Center (x32)

NVIDIA 3D Vision Controller Driver 307.83 (Version: 307.83)

NVIDIA Control Panel 307.83 (Version: 307.83)

NVIDIA Display Control Panel (Version: 6.14.12.5896)

NVIDIA Graphics Driver 307.83 (Version: 307.83)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA PhysX (x32 Version: 9.12.0604)

NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

ON Artisan 830 Series Printer Uninstall

On-Screen Takeoff (x32 Version: 3.8.1.36)

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)

PDF reDirect (remove only) (x32 Version: v2.5.2)

PDFill PDF Editor with FREE Writer and FREE Tools (Version: 8.0)

Pinnacle Creative Pack Volume 1 (x32 Version: 1.00.0000.17)

Pinnacle Video Driver (Version: 12.1.0.030)

PreSonus FaderPort (x32)

PreSonus Studio One 2 x64 (Version: 2.5.2.22258)

PreSonus Studio One x64 (Version: 1.6.5.16006)

PreSonus Universal Control 3.5.2.8028 (Version: 3.5.2.8028)

PVSonyDll (Version: 1.00.0001)

QuickTime (x32 Version: 7.74.80.86)

Red Giant ToonIt Studio (x32)

Room EQ Wizard V5 (x32)

SAMSUNG USB Driver for Mobile Phones (x32 Version: 1.3.550.0)

ScoreFitter Volume 1 (x32 Version: 1.00.0000)

ScoreFitter Volume 2 (x32 Version: 1.00.0000)

Seagate Dashboard (x32 Version: 1.1.0.1421)

Sony DVD Architect Studio 4.5 (x32 Version: 4.5.66)

Sony Vegas Movie Studio 8.0 (x32 Version: 8.0.142)

Speccy (Version: 1.08)

SpeedFan (remove only) (x32)

Superior Drummer 64-bit (Version: 2.3.1)

Superior Drummer Installer (x32 Version: 2.2.1)

SureThing Express Labeler (x32)

swMSM (x32 Version: 12.0.0.1)

Toontrack solo (x32 Version: 1.3.2)

Toontrack solo 64 bit (Version: 1.3.2)

Trapcode 3DStroke Studio (x32)

Trapcode Particular Studio (x32)

Trapcode Shine Studio (x32)

TurboTax 2010 (x32)

TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227)

TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483)

TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214)

TurboTax 2010 wrapper (x32 Version: 010.000.0157)

TurboTax 2011 (x32)

TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)

TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495)

TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)

TurboTax 2011 wrapper (x32 Version: 011.000.0121)

TurboTax 2012 (x32 Version: 2012.0)

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114)

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)

TurboTax 2012 wrapper (x32 Version: 012.000.0127)

Tweaking.com - Windows Repair (All in One) (x32 Version: 1.9.15)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office Access 2007 Help (KB963663) (x32)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32)

Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)

Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)

Update for Microsoft Office Script Editor Help (KB963671) (x32)

Update for Microsoft Office Word 2007 Help (KB963665) (x32)

Verizon V CAST Media Manager (x32)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.0)

VLC media player 2.0.5 (x32 Version: 2.0.5)

 

==================== Restore Points  =========================

 

21-07-2013 23:30:27 Windows Update

22-07-2013 01:40:25 Windows Update

22-07-2013 01:50:59 Removed Microsoft Silverlight

25-07-2013 15:42:05 Windows Update

28-07-2013 01:12:27 Removed Microsoft Silverlight

28-07-2013 01:13:20 Removed Microsoft Silverlight

29-07-2013 14:14:13 Windows Update

29-07-2013 21:17:08 Installed HiJackThis

01-08-2013 18:05:00 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2013-06-02 15:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {04EB9C1C-3F5E-46BD-ADBC-502C56F7624D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)

Task: {318C2D2C-1D2E-4FED-8D83-8616D4DB7714} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)

Task: {51090A7D-C980-42F0-9C8E-DDD6313AD336} - System32\Tasks\Microsoft\Windows\PLA\New Data Collector Set => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)

Task: {60A406CC-579B-4B34-B622-56A078E3B1C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27] (Google Inc.)

Task: {79874F79-6132-4DBF-BD73-02338B17C57A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {7C5E7E4D-5E17-4ABD-822D-3BEE9DC4518E} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe No File

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe

 

==================== Faulty Device Manager Devices =============

 

Name: High Definition Audio Device

Description: High Definition Audio Device

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HdAudAddService

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

Error: (08/01/2013 08:42:04 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 08:41:28 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:25 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:22 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:18 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:15 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:12 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:09 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:06 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (08/01/2013 07:25:03 PM) (Source: Disk) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (06/09/2013 01:16:49 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 11:18:31 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 11:07:18 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 11:06:46 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 214 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 11:02:30 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 10:49:28 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/09/2013 09:58:15 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/02/2013 04:27:07 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/02/2013 04:13:24 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (06/01/2013 01:34:34 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 36684 seconds with 960 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-08-01 18:01:14.020

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-01 18:01:07.639

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-01 16:40:21.996

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-01 16:40:15.631

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-01 12:32:23.014

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-01 12:32:16.713

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-07-31 16:49:40.544

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-07-31 16:49:34.085

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-07-30 16:09:49.350

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-07-30 16:09:42.970

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 27%

Total physical RAM: 16382.18 MB

Available physical RAM: 11878.21 MB

Total Pagefile: 33162.54 MB

Available Pagefile: 28899.89 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:428.95 GB) NTFS (Disk=0 Partition=2)

Drive e: () (Fixed) (Total:931.5 GB) (Free:905.94 GB) NTFS (Disk=1 Partition=1)

Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1354.4 GB) NTFS (Disk=2 Partition=1)

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D4F15274)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0D760D76)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 1863 GB) (Disk ID: A4B57300)

Partition 1: (Not Active) - (Size=-198626967040) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 17:55:34

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Mitch Tiffin - MITCHTIFFIN-PC

# Boot Mode : Normal

# Running from : C:\Users\Mitch Tiffin\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16496

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v22.0 (en-US)

 

File : C:\Users\Mitch Tiffin\AppData\Roaming\Mozilla\Firefox\Profiles\6kx2u9vk.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\Mitch Tiffin\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R17].txt - [1010 octets] - [29/07/2013 12:45:49]

AdwCleaner[R18].txt - [1093 octets] - [29/07/2013 15:20:32]

AdwCleaner[R19].txt - [1154 octets] - [01/08/2013 17:54:19]

AdwCleaner[s4].txt - [1178 octets] - [29/07/2013 12:46:31]

AdwCleaner[s5].txt - [1085 octets] - [01/08/2013 17:55:34]

 

########## EOF - C:\AdwCleaner[s5].txt - [1145 octets] ##########
Link to post
Share on other sites

C:\Users\Mitch Tiffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APPRCZ6D\offer[1].htm HTML/ScrInject.B.Gen virus

C:\Users\Mitch Tiffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY7AYPLW\cbsidlm-cbsi127-Freemake_Video_Converter-SEO-75218346.exe probably a variant of Win32/CNETInstaller.A application

C:\Users\Mitch Tiffin\AppData\Local\Temp\7931FA2.tmp multiple threats

C:\Users\Mitch Tiffin\AppData\Local\Temp\7939676.tmp multiple threats

C:\Users\Mitch Tiffin\AppData\Local\Temp\793CDEA.tmp multiple threats

C:\Users\Mitch Tiffin\AppData\Local\Temp\is1244477948\11803052_Setup.EXE Win32/OpenCandy application

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloader.exe a variant of Win32/KBM.A application

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade(1).exe multiple threats

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe multiple threats

C:\Users\Mitch Tiffin\Downloads\burnaware_free.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\Mitch Tiffin\Downloads\cbsidlm-cbsi127-Free_Youtube_Downloader_Converter-SEO-75891114.exe probably a variant of Win32/CNETInstaller.A application

C:\Users\Mitch Tiffin\Downloads\freeripmp3-setup.exe multiple threats

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloader.exe a variant of Win32/KBM.A application

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade(1).exe multiple threats

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe multiple threats

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\burnaware_free.exe a variant of Win32/Bundled.Toolbar.Ask application

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\freeripmp3-setup.exe multiple threats
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013

Ran by Mitch Tiffin at 2013-08-02 00:01:53 Run:1

Running from C:\Users\Mitch Tiffin\Desktop

Boot Mode: Normal

==============================================

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB} => Key not found.

HKCR\CLSID\{17E58097-6CA5-448B-830F-2A19678248FB} => Key not found.

C:\Program Files (x86)\fuLyriXeeker => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APPRCZ6D\offer[1].htm => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NY7AYPLW\cbsidlm-cbsi127-Freemake_Video_Converter-SEO-75218346.exe => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Temp\7931FA2.tmp => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Temp\7939676.tmp => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Temp\793CDEA.tmp => Moved successfully.

C:\Users\Mitch Tiffin\AppData\Local\Temp\is1244477948\11803052_Setup.EXE => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloader.exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade(1).exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\burnaware_free.exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\cbsidlm-cbsi127-Free_Youtube_Downloader_Converter-SEO-75891114.exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\freeripmp3-setup.exe => Moved successfully.

C:\Users\Mitch Tiffin\Downloads\FreeYouTubeDownloaderInstallerIC.exe => Moved successfully.

C:\Windows\System32\Tasks\LyricXeeker Update => Moved successfully.

C:\Windows\Tasks\LyricXeeker Update.job => Moved successfully.

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloader.exe => Moved successfully.

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade(1).exe => Moved successfully.

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe => Moved successfully.

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\burnaware_free.exe => Moved successfully.

F:\Mitch Tiffin_Backup\2011-03-20_11-47-50\Memeo\2011-03-20_11-47-50\C_\Users\Mitch Tiffin\Downloads\freeripmp3-setup.exe => Moved successfully.

C:\Windows\Tasks\LyricXeeker Update.job not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C5E7E4D-5E17-4ABD-822D-3BEE9DC4518E} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5E7E4D-5E17-4ABD-822D-3BEE9DC4518E} => Key deleted successfully.

C:\Windows\System32\Tasks\LyricXeeker Update not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update => Key deleted successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Looks good.  that redirector should hopefully be gone now but let's do a little more cleanup.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Link to post
Share on other sites

Thanks for the help       

 

I run a studio from this computer and its a resource hog   

 

what would you suggest as the minimum i should run to protect the system from infection (its always online when recording)

 

and additional programs  should i turn on when i'm just surfing?

 

Thanks again


 Results of screen317's Security Check version 0.99.71  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.169  

 Adobe Reader XI  

 Mozilla Firefox (22.0) 

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 


 

 

Results of screen317's Security Check version 0.99.71  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.169  

 Adobe Reader XI  

 Mozilla Firefox (22.0) 

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites

looks like it's in Frst quarantine

 

So lets move forward        as long as we don't stress my recording software (it has to come first)     but i can start loading protection before i use the general web  

 

most of what i do is trading Wave files on soundcloud and other music sites

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.

 

 

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)
 
 
Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.
 
 
 
Please read the following when you have time and if you have any questions let me know.
 
Best Practices for Safe Computing - Prevention of Malware Infection

 

 

We can discuss protection further if you like as well - again, just let me know.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.