-
Posts
20 -
Joined
-
Last visited
Reputation
0 Neutral-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, I've done as suggested and deleted the 3 programs mentioned... Thanks for the advice! I've updated my Java to version 67 for both X86 and X64 versions. Hopefully everything else is sorted. All those steps completed ok. Many thanks for helping me fix this, and for the prompt response. I'm happy that I can get back to work tomorrow without delay.. Warm regards, Doug.- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, Here is the ESET SCAN C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined C:\Users\dougmarkham\Desktop\Media & programs\Program updates\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\dougmarkham\Desktop\Media & programs\Program updates\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\dougmarkham\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\dougmarkham\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\dougmarkham\Google Drive\Recent docs\Program updates\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined Here is the Security check results Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File SpywareBlaster 5.0 SpywareGuard v2.2 Spybot - Search & Destroy JavaFX 2.1.1 Java 7 Update 67 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` I have the MalwareBytes pro version. Regards, Doug.- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, The browser type lag seems to have stopped, so that's ok. The lag I was getting after I logged in to my computer is also much reduced. Malwarebytes is working again, and the firefox browser is no longer opening another page when I type www.yahoo.co.uk... So, seems everthing is ok.. I haven't had any crashes since either. I ran some more virus scans today, and nothing has been reported. Was my computer very badly infected? Kind regards, Doug.. P.S., thanks very much for your help!!- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin,, Here is the Junkware Removal Tool log file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by dougmarkham on 09/08/2014 at 23:44:03.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\dougmarkham\AppData\Roaming\mozilla\firefox\profiles\fvthkp07.default\minidumps [47 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09/08/2014 at 23:57:24.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Kind Regards, Doug.- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, Here is the Adw Cleaner deletion log # AdwCleaner v3.304 - Report created 09/08/2014 at 23:31:06 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : dougmarkham - DOUGMARKHAM-PC # Running from : C:\Users\dougmarkham\Desktop\Media & programs\Program updates\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-7-dreamscene-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-7-dreamscene-installer_RASMANCS Key Deleted : HKCU\Software\AVG Nation toolbar Key Deleted : HKLM\Software\AVG Nation toolbar Key Deleted : HKLM\Software\AVG Security Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [1919 octets] - [09/08/2014 23:20:04] AdwCleaner[s0].txt - [1814 octets] - [09/08/2014 23:31:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1874 octets] ##########- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, Thanks for the quick response :-). My UK bank insist on Trusteer being installed. The malwarebytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09/08/2014 Scan Time: 22:53:40 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.09.07 Rootkit Database: v2014.08.04.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: dougmarkham Scan Type: Threat Scan Result: Completed Objects Scanned: 351241 Time Elapsed: 18 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here is the AdwCleaner report # AdwCleaner v3.304 - Report created 09/08/2014 at 23:20:04 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : dougmarkham - DOUGMARKHAM-PC # Running from : C:\Users\dougmarkham\Desktop\Media & programs\Program updates\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AVG Nation toolbar Key Found : [x64] HKCU\Software\AVG Nation toolbar Key Found : HKLM\Software\AVG Nation toolbar Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-7-dreamscene-installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-7-dreamscene-installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [1775 octets] - [09/08/2014 23:20:04] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1835 octets] ########## It asked me to unselect items I didn't want to remove. I went ahead and deleted everything. Next post, junkware removal tool log. Kind regards, Doug- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Computer infection, request for assistance.
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi Kevin, Thanks for helping me out . Here is FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 Ran by dougmarkham (administrator) on DOUGMARKHAM-PC on 09-08-2014 16:50:02 Running from C:\Users\dougmarkham\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (AMD) C:\WINDOWS\System32\atiesrxx.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (AMD) C:\WINDOWS\System32\atieclxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe () C:\Program Files (x86)\SpywareGuard\sgmain.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () C:\Program Files (x86)\SpywareGuard\sgbhp.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\System32\osk.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.) HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel® Corporation) HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation) HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134160 2007-09-21] (Logitech, Inc.) HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] () HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-05] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [FATrayAlert] => c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision ) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [FAStartup] => [X] HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-05] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\FastAccess-x32: c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () HKU\.DEFAULT\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation) HKU\S-1-5-21-1671177821-2510141233-1922907397-1001\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-1671177821-2510141233-1922907397-1001\...\Run: [Google Update] => C:\Users\dougmarkham\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-27] (Google Inc.) HKU\S-1-5-21-1671177821-2510141233-1922907397-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-1671177821-2510141233-1922907397-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-10] (SUPERAntiSpyware) Lsa: [Notification Packages] scecli FAPassSync Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\dougmarkham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\dougmarkham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe () Startup: C:\Users\dougmarkham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TheBrain.lnk ShortcutTarget: TheBrain.lnk -> C:\Program Files (x86)\PersonalBrain\TheBrain.exe () SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {F6315EA6-FDE6-410D-8697-A035E6225CD4} => C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {F6315EA6-FDE6-410D-8697-A035E6225CD4} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C09CB737-5267-4916-9ADF-FACD64AE7A7D} URL = SearchScopes: HKCU - {79A001BB-2D9D-404C-BF42-EA05D2A3CE92} URL = SearchScopes: HKCU - {C09CB737-5267-4916-9ADF-FACD64AE7A7D} URL = BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files (x86)\SpywareGuard\dlprotect.dll () BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: FAIESSOHelper Class -> {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -> c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) ShellExecuteHooks-x32: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll [126976 2003-08-02] () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default FF Homepage: hxxp://www.google.co.uk FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\dougmarkham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\dougmarkham\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\dougmarkham\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dougmarkham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dougmarkham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\dougmarkham\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\dougmarkham\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Разпознаване на устройство Logitech - C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default\Extensions\DeviceDetection@logitech.com [2011-09-27] FF Extension: WOT - C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28] FF Extension: DownloadHelper - C:\Users\dougmarkham\AppData\Roaming\Mozilla\Firefox\Profiles\fvthkp07.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-09] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= CHR HomePage: hxxp://intranet.company.local/informed CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\dougmarkham\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\dougmarkham\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\dougmarkham\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16] CHR Extension: (Google Drive) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (WOT) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-19] CHR Extension: (YouTube) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16] CHR Extension: (Google Search) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16] CHR Extension: (Skype Click to Call) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-11] CHR Extension: (Google Wallet) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Gmail) - C:\Users\dougmarkham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-09-05] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-09-05] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd) [File not signed] R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [403456 2009-09-16] (Red Bend Ltd.) [File not signed] R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2010-09-05] (Creative Labs) [File not signed] R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.) R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [907264 2009-09-16] (Intel® Corporation) [File not signed] S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-09] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-16] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.) S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation) S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atipmdag.sys 52679612D742BF74CA1BA6AB86DDF431 C:\Windows\System32\DRIVERS\atikmpag.sys 414E0788920A8C856032BE2CBF29F984 C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtiHdmi.sys FB7602C5C508BE281368AAE0B61B51C6 C:\Windows\System32\DRIVERS\avgdiska.sys 946C038A7274D689A004785E581FAD5F C:\Windows\System32\DRIVERS\avgidsdrivera.sys 50E7E80BB5F3E2BB0B48F3F7E17ED6B1 C:\Windows\System32\DRIVERS\avgidsha.sys B0E4A1F342A3F8B75C4A4ADB044761C9 C:\Windows\System32\DRIVERS\avgldx64.sys 5D115BF49AE159D4D7D1EBC640CB138F C:\Windows\System32\DRIVERS\avgloga.sys 197F28711B4B71E6575E5298CCEDC737 C:\Windows\System32\DRIVERS\avgmfx64.sys D9CED15E158573DE1BB67330C4206763 C:\Windows\System32\DRIVERS\avgrkx64.sys C4F9056928B26BCAF15872E46B29184F C:\Windows\System32\DRIVERS\avgtdia.sys 0971913995F5FAFD711B0B2426A175E9 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bpenum.sys A91B4392B326F6AED0052CB2592E979D C:\Windows\System32\DRIVERS\bpmp.sys 7057339774618E38CFEFE0B5D1FDD58E C:\Windows\System32\Drivers\bpusb.sys 2636C9619120A6B16DCB51886C46AC20 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\drivers\btwaudio.sys 6BCFDC2B5B7F66D484486D4BD4B39A6B C:\Windows\System32\drivers\btwavdt.sys 82DC8B7C626E526681C1BEBED2BC3FF9 C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975 C:\Windows\System32\DRIVERS\btwrchid.sys 28E105AD3B79F440BF94780F507BF66A C:\Windows\system32\drivers\cbfs3.sys 555FA105C22B1616094EDAD1CBFB0551 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361 C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\facap.sys 2C1D443E14F376E8331F52F135DCA9EF C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\itecir.sys 8D990A44B4F2B68E2C56A3724EC3EB84 C:\Windows\System32\DRIVERS\k57nd60a.sys 9D7EA8C7215D8D4AE7BE110EEE61085D C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LHidFilt.Sys A7A1F07A63EECEA1DE943592374E26CE C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LMouFilt.Sys 3FFC578A2388ED48600EA7B3A37E4394 C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbamchameleon.sys 9D9ED48F841EA37AA5310D54B9E5D3C7 C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60 C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647 C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NETw5s64.sys 4D85A450EDEF10C38882182753A49AAE C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys 8AC4D852A2F36C732C6B8E4709571176 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 17140EC9B8465E1DB7EDD4580E9BEEC6 C:\Windows\System32\Drivers\RapportKE64.sys 6DCF723AF410F3E85CF595819FF053D4 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys BF0AF9A26AE6B480ACB28DF1E884597A C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rimspe64.sys E20B1907FC72A3664ECE21E3C20FC63D C:\Windows\System32\DRIVERS\risdpe64.sys A6DA2B0C8F5BB3F9F5423CFF8D6A02D9 C:\Windows\System32\DRIVERS\rixdpe64.sys 6A1CD4674505E6791390A1AB71DA1FBE C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\SysWOW64\DRIVERS\RxFilter.sys AA097220EFC843A0581DFC06D082D4AF C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\stwrt64.sys CAF5A9708671B14B9670260735B22C4E C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 868DFB220A18312A12CEF01BA9AC069B C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys 825E7A1F48FB8BCFBA27C178AAB4E275 C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\drivers\ymidusbx64.sys 01BB59BED139965DF5964E021512942B ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 16:50 - 2014-08-09 16:51 - 00049990 _____ () C:\Users\dougmarkham\Desktop\FRST.txt 2014-08-09 16:49 - 2014-08-09 16:50 - 00000000 ____D () C:\FRST 2014-08-09 16:48 - 2014-08-09 16:48 - 02093568 _____ (Farbar) C:\Users\dougmarkham\Desktop\FRST64.exe 2014-08-09 16:05 - 2014-08-09 16:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-09 16:04 - 2014-08-09 16:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-07 16:12 - 2014-08-07 16:12 - 00000460 _____ () C:\Users\dougmarkham\Documents\cc_20140807_161159 7th aug 2014.reg 2014-08-07 14:38 - 2014-08-07 14:38 - 00026018 _____ () C:\Users\dougmarkham\Documents\cc_20140807_143817 7th Aug 2014.reg 2014-08-07 14:36 - 2014-08-07 14:36 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-02 11:14 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-02 11:14 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-02 11:14 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-02 11:14 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-02 11:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-02 11:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-02 11:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-02 11:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 22:47 - 2014-07-31 22:47 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04 (2).ppt 2014-07-31 22:40 - 2014-07-31 22:40 - 02936832 _____ () C:\Users\dougmarkham\Downloads\Lecture 25 - The Endocrine System.ppt 2014-07-31 22:39 - 2014-07-31 22:39 - 00605184 _____ () C:\Users\dougmarkham\Downloads\leptin.ppt 2014-07-31 22:38 - 2014-07-31 22:38 - 00088576 _____ () C:\Users\dougmarkham\Downloads\3999s1_02_temeck.ppt 2014-07-31 22:37 - 2014-07-31 22:37 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04 (1).ppt 2014-07-31 22:34 - 2014-07-31 22:34 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04.ppt 2014-07-24 15:33 - 2014-07-24 15:34 - 12626432 _____ () C:\Users\dougmarkham\Downloads\6-Ostrander.ppt 2014-07-24 15:29 - 2014-07-24 15:29 - 02038272 _____ () C:\Users\dougmarkham\Downloads\Badger(27Feb08).ppt 2014-07-24 15:17 - 2014-07-24 15:17 - 09637376 _____ () C:\Users\dougmarkham\Downloads\clement pres final.ppt 2014-07-23 12:55 - 2014-07-23 12:55 - 00000448 _____ () C:\Users\dougmarkham\Documents\cc_20140723_125456 23rd July 2014.reg 2014-07-23 12:52 - 2014-07-23 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 14:06 - 2014-07-21 14:06 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 11:22 - 2014-07-18 11:22 - 00000554 _____ () C:\Users\dougmarkham\Documents\cc_20140718_112152 18th July 2014.reg 2014-07-15 17:58 - 2014-07-31 18:56 - 00006144 _____ () C:\Users\dougmarkham\pomodairo-1.1.db 2014-07-15 17:58 - 2014-07-15 17:58 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pomodairo.lnk 2014-07-15 17:58 - 2014-07-15 17:58 - 00000883 _____ () C:\Users\Public\Desktop\pomodairo.lnk 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\pomodairo 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Program Files (x86)\pomodairo 2014-07-15 17:56 - 2014-07-15 17:56 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-15 17:56 - 2014-07-15 17:56 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-15 17:55 - 2014-07-15 17:55 - 18732144 _____ (Adobe Systems Inc.) C:\Users\dougmarkham\Downloads\AdobeAIRInstaller.exe 2014-07-15 17:54 - 2014-07-15 17:54 - 01769585 _____ () C:\Users\dougmarkham\Downloads\pomodairo-1.9.air ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 16:51 - 2014-08-09 16:50 - 00049990 _____ () C:\Users\dougmarkham\Desktop\FRST.txt 2014-08-09 16:50 - 2014-08-09 16:49 - 00000000 ____D () C:\FRST 2014-08-09 16:48 - 2014-08-09 16:48 - 02093568 _____ (Farbar) C:\Users\dougmarkham\Desktop\FRST64.exe 2014-08-09 16:48 - 2011-10-27 22:55 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1671177821-2510141233-1922907397-1001UA.job 2014-08-09 16:34 - 2011-09-27 13:51 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-09 16:34 - 2011-09-27 13:51 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-09 16:25 - 2012-06-15 16:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-09 16:08 - 2011-10-04 12:23 - 00000000 ____D () C:\Windows\Minidump 2014-08-09 16:08 - 2011-09-27 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-09 16:08 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-09 16:08 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-09 16:08 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-09 16:07 - 2013-07-16 19:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-09 16:05 - 2013-09-13 12:34 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-09 16:04 - 2014-08-09 16:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-09 16:04 - 2014-08-09 16:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-09 16:04 - 2014-08-09 16:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-09 16:03 - 2013-05-15 20:11 - 01759560 ____N () C:\Windows\WindowsUpdate.log 2014-08-09 16:02 - 2014-01-03 11:33 - 00000000 ___RD () C:\Users\dougmarkham\Google Drive 2014-08-09 16:02 - 2013-07-16 19:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-09 16:02 - 2010-09-05 02:28 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-08-09 16:02 - 2010-09-05 02:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-08-09 16:02 - 2010-09-05 02:02 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-08-09 16:01 - 2014-05-20 12:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-09 16:01 - 2010-09-05 01:54 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log 2014-08-09 16:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-09 09:46 - 2011-09-27 13:39 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-08 21:48 - 2011-10-27 22:55 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1671177821-2510141233-1922907397-1001Core.job 2014-08-08 19:12 - 2011-09-27 15:35 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\vlc 2014-08-08 12:55 - 2014-06-05 17:34 - 00625469 _____ () C:\Users\dougmarkham\Downloads\Lu.pptx 2014-08-07 16:12 - 2014-08-07 16:12 - 00000460 _____ () C:\Users\dougmarkham\Documents\cc_20140807_161159 7th aug 2014.reg 2014-08-07 14:38 - 2014-08-07 14:38 - 00026018 _____ () C:\Users\dougmarkham\Documents\cc_20140807_143817 7th Aug 2014.reg 2014-08-07 14:37 - 2011-10-08 16:36 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\Media Player Classic 2014-08-07 14:36 - 2014-08-07 14:36 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-07 14:36 - 2011-09-27 15:19 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-07 12:46 - 2013-05-22 09:50 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-08-06 15:23 - 2014-04-11 15:25 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-05 22:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-05 11:37 - 2014-03-05 17:44 - 00007891 _____ () C:\Windows\BRRBCOM.INI 2014-08-02 23:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-08-02 23:16 - 2012-05-04 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-02 23:16 - 2012-04-03 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-02 23:16 - 2012-04-03 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-31 22:47 - 2014-07-31 22:47 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04 (2).ppt 2014-07-31 22:40 - 2014-07-31 22:40 - 02936832 _____ () C:\Users\dougmarkham\Downloads\Lecture 25 - The Endocrine System.ppt 2014-07-31 22:39 - 2014-07-31 22:39 - 00605184 _____ () C:\Users\dougmarkham\Downloads\leptin.ppt 2014-07-31 22:38 - 2014-07-31 22:38 - 00088576 _____ () C:\Users\dougmarkham\Downloads\3999s1_02_temeck.ppt 2014-07-31 22:37 - 2014-07-31 22:37 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04 (1).ppt 2014-07-31 22:34 - 2014-07-31 22:34 - 02623488 _____ () C:\Users\dougmarkham\Downloads\seminar_karali_24_11_04.ppt 2014-07-31 18:56 - 2014-07-15 17:58 - 00006144 _____ () C:\Users\dougmarkham\pomodairo-1.1.db 2014-07-31 18:56 - 2011-09-27 13:10 - 00000000 ____D () C:\Users\dougmarkham 2014-07-25 20:47 - 2014-05-07 01:06 - 01474366 _____ () C:\Users\dougmarkham\Downloads\an.pptx 2014-07-25 03:02 - 2012-04-03 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 15:34 - 2014-07-24 15:33 - 12626432 _____ () C:\Users\dougmarkham\Downloads\6-Ostrander.ppt 2014-07-24 15:29 - 2014-07-24 15:29 - 02038272 _____ () C:\Users\dougmarkham\Downloads\Badger(27Feb08).ppt 2014-07-24 15:17 - 2014-07-24 15:17 - 09637376 _____ () C:\Users\dougmarkham\Downloads\clement pres final.ppt 2014-07-24 09:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-23 12:55 - 2014-07-23 12:55 - 00000448 _____ () C:\Users\dougmarkham\Documents\cc_20140723_125456 23rd July 2014.reg 2014-07-23 12:52 - 2014-07-23 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-23 12:52 - 2014-06-18 17:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-07-21 14:06 - 2014-07-21 14:06 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 23:28 - 2011-09-27 21:16 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\EndNote 2014-07-18 11:44 - 2009-07-14 03:34 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20140807-150227.backup 2014-07-18 11:22 - 2014-07-18 11:22 - 00000554 _____ () C:\Users\dougmarkham\Documents\cc_20140718_112152 18th July 2014.reg 2014-07-16 16:58 - 2011-09-27 15:37 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\PCDr 2014-07-15 17:58 - 2014-07-15 17:58 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pomodairo.lnk 2014-07-15 17:58 - 2014-07-15 17:58 - 00000883 _____ () C:\Users\Public\Desktop\pomodairo.lnk 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\pomodairo 2014-07-15 17:58 - 2014-07-15 17:58 - 00000000 ____D () C:\Program Files (x86)\pomodairo 2014-07-15 17:56 - 2014-07-15 17:56 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-15 17:56 - 2014-07-15 17:56 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-15 17:56 - 2014-06-16 16:24 - 00000000 ____D () C:\Users\dougmarkham\AppData\Local\Adobe 2014-07-15 17:56 - 2013-04-19 15:41 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-15 17:56 - 2010-09-05 01:56 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-15 17:55 - 2014-07-15 17:55 - 18732144 _____ (Adobe Systems Inc.) C:\Users\dougmarkham\Downloads\AdobeAIRInstaller.exe 2014-07-15 17:54 - 2014-07-15 17:54 - 01769585 _____ () C:\Users\dougmarkham\Downloads\pomodairo-1.9.air 2014-07-15 16:28 - 2011-09-27 15:26 - 00000000 ____D () C:\Users\dougmarkham\AppData\Roaming\DoItTomorrow 2014-07-10 03:25 - 2009-07-14 05:45 - 00573080 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 03:24 - 2014-05-06 23:55 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-10 03:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 03:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 03:07 - 2013-07-12 11:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 03:04 - 2011-09-28 00:01 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-10 03:03 - 2011-09-27 14:58 - 00000000 ____D () C:\ProgramData\Microsoft Help ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale en-us inherit {globalsettings} default {current} resumeobject {e2d4c6d7-b89c-11df-816a-f04da249c274} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-us inherit {bootloadersettings} recoverysequence {e2d4c6d9-b89c-11df-816a-f04da249c274} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {e2d4c6d7-b89c-11df-816a-f04da249c274} nx OptIn bootstatuspolicy IgnoreShutdownFailures Windows Boot Loader ------------------- identifier {e2d4c6d9-b89c-11df-816a-f04da249c274} device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e2d4c6da-b89c-11df-816a-f04da249c274} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e2d4c6da-b89c-11df-816a-f04da249c274} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {e2d4c6d7-b89c-11df-816a-f04da249c274} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {e2d4c6da-b89c-11df-816a-f04da249c274} description Ramdisk Options ramdisksdidevice partition=\Device\HarddiskVolume2 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2014-08-07 13:30 ==================== End Of Log ============================ Kind regards, Doug. Addition.txt- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Hey guys, Recently I've been writing an article on the causes of obesity and have been doing allot of searching as part of my literature review. I believe that during this exercise (and although I use WOT), unfortunately, my computer maybe have become infected with a virus. Yesterday I did a virus check with several different programs: malware bytes, AVG, SuperAntispyware, spybot search & destroy... All programs reported no infection. The symptoms are as follows: 1) for a while now, a time lag has occurred between typing and observing the text appear, an issue effecting both of my browsers (firefox/google chrome) 2) my computer just blue screen crashed on me today 3) when the computer rebooted, I noticed a warning symbol on the malwarebytes taskbar icon, 4) when I type www.yahoo.co.uk into my firefox browser, I sometimes get a fashion website loading up that has a completely different URL. After my system crash, I opened malwarebytes, and the dashboard showed the following warning: Malicious website protection disabled. Clicking on the fix now option has no effect. Would you guys be able to help? Thanks in advance. Doug.
- 14 replies
-
- Browser hijack
- virus
-
(and 4 more)
Tagged with:
-
Many thanks for helping me disinfect my hijacked browser and for the preventative maintenance advice. MrC rocks!
-
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC Lets hope the disinfection worked so it's more than me thinking you've helped me lol.. I'll post a comment on your profile.. Thanks very much again for helping me remove the infection and for the preventative maintenance advice. Kind regards, Doug. -
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC The programs seem to be working well, and the internet browser is working fine. I reinstalled AVG last night to get the identity protection function working. It seems to be ok. From the logs you saw, was the browser was compromised? I'll must be more careful not to fall for these kinds of social engineering trick again! If you think that my computer is all clear, I'd like to thank you for spending your time helping me !! Kind regards, Doug -
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC Attached is the AdwCleanerS3.txt delete log Here is the requested security check log Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 SpywareGuard v2.2 Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 21 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Regards, Doug AdwCleanerS3.txt -
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC I've looked through the search results. I don't recognize the registry entries and don't know what programs or files they refer to. I.e., HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} & HKCU\Software\5a0d88fe768ea14 The files mentioned seem to be firefox profiles. I don't recognize anything related to my personal files. Regards Doug AdwCleanerR3.txt -
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC Ran combo-fix as instructed (see attached file).. It seems to have deleted a few things.. Regards, Doug ComboFix.txt -
Clicked On Link From Friends Hacked Email Account
dougmarkham replied to dougmarkham's topic in Resolved Malware Removal Logs
Hi MrC Ran the scan, it came back clean. Does this mean I'm in the clear? Regards, Doug mbar-log-2013-06-14 (09-45-01).txt system-log.txt