Jump to content

hms1018

Honorary Members
  • Posts

    70
  • Joined

  • Last visited

Reputation

0 Neutral

About hms1018

  • Birthday 10/18/1961

Profile Information

  • Location
    Michigan

Contact Methods

  • Yahoo
    hms1018@yahoo.com
  1. Thanks again AdvancedSetup. It has been a pleasure, I am back up and running.
  2. I had to reboot it and things seem to be running faster, Things are also loading a little faster, but I will run msconfig so that all these other things won't slow down my startup. Thank you soo much. Hope
  3. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 02 15:34:54 2013 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  4. Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.7011) Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02 Ran by HMS1018 at 2013-10-01 17:24:48 Run:1 Running from C:\Users\HMS1018\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/ SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL = SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC) FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi Task: {150672DB-EAF9-4941-ADEA-4E940DEC4E86} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {17F43E83-B769-47A9-A10A-E9E183B0D41C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.) Task: {8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {D597D0D1-B6A7-463D-9D84-0464FAD2C88E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.) Task: {F4BD837E-A59F-4011-969E-36117C4F33E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {F7DC172C-461B-4A59-846E-F588285296C2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {F87126C6-071F-4B17-B99E-A65D4B30E7E1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\magicJackSetup.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\msprod2.exe:BDU ***************** C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part => Moved successfully. "C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll" => File/Directory not found. C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully. C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js => Moved successfully. C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe => Moved successfully. C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe => Moved successfully. C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe => Moved successfully. C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe => Moved successfully. C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe => Moved successfully. C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar => Moved successfully. C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe => Moved successfully. C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe => Moved successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key deleted successfully. HKCR\CLSID\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key deleted successfully. HKCR\CLSID\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2 => Key deleted successfully. C:\Windows\system32\npDeployJava1.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully. C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@Koox Group LLC/WatchTorrents Player,version=1.0.0.0 => Key deleted successfully. C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-vpu7aD5IBmKRFA@jetpack => Value deleted successfully. C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully. C:\ProgramData\Nalpeiron => ":user.ns1" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns2" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns3" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns4" ADS removed successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\magicJackSetup.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\msprod2.exe => ":BDU" ADS removed successfully. ==== End of Fixlog ====
  6. Post too long, attaching. Addition.txt
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by HMS1018 (administrator) on HMS1018-PC on 01-10-2013 01:05:06 Running from C:\Users\HMS1018\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ( ) C:\Windows\system32\lxcjcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\Windows\system32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (magicJack L.P.) C:\Users\HMS1018\AppData\Roaming\mjusbsp\magicJack.exe (Spotify Ltd) C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [cdloader] - C:\Users\HMS1018\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKCU\...\Run: [spotify Web Helper] - C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-28] (Spotify Ltd) HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39874C359D1ECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL = SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\WatchTorrents Player\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR RestoreOnStartup: "urls_to_restore_on_startup": [ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (uTorrentControl_v6) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.16.2.9_0 CHR Extension: (Google Search) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (savensharE ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10 CHR Extension: (Browsea22ssAAvve) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffoganknhpieanlejociegddgkoaaae\1 CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0 CHR Extension: (avast! Online Security) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0 CHR Extension: (Xfinity) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_0 CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0 CHR Extension: (WhiteSmoke New) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.23_0 CHR Extension: (WatchTorrents) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpafocldgpkgojfbjigddelmfjmffkee\1_0 CHR Extension: (saVensshaare ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (Gmail) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\HMS1018\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx CHR HKLM-x32\...\Chrome\Extension: [mpafocldgpkgojfbjigddelmfjmffkee] - C:\Program Files (x86)\WatchTorrents Player\mpafocldgpkgojfbjigddelmfjmffkee.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [566192 2007-02-08] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices) R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.) R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-11-30] (C-Media Inc) S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider) S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] () S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] () S3 ltusbaud; C:\Windows\System32\DRIVERS\ltusbaud_x64.sys [250144 2013-03-04] () S3 ltusbaudks; C:\Windows\System32\DRIVERS\ltusbaudks_x64.sys [54048 2013-03-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation ) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [105832 2011-08-29] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221544 2011-08-29] (Renesas Electronics Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-06] (Duplex Secure Ltd.) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) U3 azn3ma5z; C:\Windows\System32\Drivers\azn3ma5z.sys [0 ] (Advanced Micro Devices) S3 HRMACPI; SYSTEM32\DRIVERS\HRMACPI.SYS [x] R4 ImmunetNetworkMonitorDriver; \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [x] R4 ImmunetProtectDriver; system32\DRIVERS\ImmunetProtect.sys [x] R4 ImmunetSelfProtectDriver; system32\DRIVERS\ImmunetSelfProtect.sys [x] S3 MSICDSetup; \??\D:\CDriver64.sys [x] S3 SOFTUSBTESTHUB; SYSTEM32\DRIVERS\SOFTUSBTESTHUB.SYS [x] S3 SOFTWADP; SYSTEM32\DRIVERS\SOFTWADP.SYS [x] S3 WSOFTUSBK; SYSTEM32\DRIVERS\WSOFTUSBK.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt 2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST 2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe 2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt 2013-09-30 22:45 - 2013-10-01 00:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-30 22:22 - 2013-09-30 22:23 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe 2013-09-30 21:51 - 2013-09-30 21:52 - 00000000 ____D C:\AdwCleaner 2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe 2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt 2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT 2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe 2013-09-30 20:53 - 2013-09-30 21:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-30 19:20 - 2013-09-30 21:19 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar 2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe 2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes 2013-09-30 17:59 - 2013-09-30 18:13 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back 2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt 2013-09-30 17:34 - 2013-09-30 17:39 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine 2013-09-30 17:32 - 2013-09-30 17:33 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe 2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer ) C:\Users\HMS1018\Downloads\erunt-setup.exe 2013-09-30 13:03 - 2013-09-30 13:04 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt 2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill 2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe 2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif 2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm 2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal 2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db 2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt 2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\Program Files\iTunes 2013-09-23 16:43 - 2013-09-23 16:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod 2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg 2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder 2013-09-18 19:30 - 2013-09-18 19:31 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt 2013-09-18 19:30 - 2013-09-18 19:31 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt 2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com 2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log 2013-09-18 16:20 - 2013-09-18 17:00 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-09-18 16:20 - 2013-09-18 16:59 - 00000000 ____D C:\ProgramData\savensharE 2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-18 15:51 - 2013-09-18 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-18 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare ) C:\Users\HMS1018\Downloads\setup(3).exe 2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe 2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0 2013-09-15 22:40 - 2013-09-15 22:41 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log 2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo 2013-09-15 21:08 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage 2013-09-15 21:07 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-09-15 21:07 - 2013-09-16 02:27 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst 2013-09-15 21:07 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault 2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana 2013-09-15 21:05 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\xfin_portal 2013-09-15 21:04 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc 2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader 2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk 2013-09-15 19:30 - 2013-09-16 14:19 - 00000000 ____D C:\ProgramData\saVensshaare 2013-09-13 23:03 - 2013-09-17 14:01 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green 2013-09-13 22:27 - 2013-09-27 13:19 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie 2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe 2013-09-12 23:52 - 2013-09-17 16:49 - 00000000 ____D C:\ProgramData\Nalpeiron 2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software 2013-09-12 23:51 - 2013-09-12 23:53 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software 2013-09-12 23:49 - 2013-09-12 23:51 - 00000000 ____D C:\ProgramData\onOne Software 2013-09-12 23:47 - 2013-09-12 23:48 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe 2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk 2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1) 2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill 2013-09-12 16:56 - 2013-09-13 23:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky 2013-09-12 09:16 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 09:16 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 09:16 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 09:16 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 09:16 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 09:16 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 09:16 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 09:16 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-12 09:16 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 09:16 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 09:16 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 09:16 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 06:45 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 06:44 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-12 06:44 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-12 06:44 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 06:44 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-12 06:44 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 06:44 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-12 06:44 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-12 06:44 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 06:44 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-12 06:44 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-12 06:44 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:43 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 06:42 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 06:42 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 06:42 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-12 06:42 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk 2013-09-09 11:51 - 2013-09-09 12:18 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard 2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic 2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt 2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx 2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp 2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp ==================== One Month Modified Files and Folders ======= 2013-10-01 00:58 - 2012-10-18 03:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt 2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST 2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe 2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt 2013-10-01 00:46 - 2013-09-30 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 00:46 - 2013-08-13 22:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 00:46 - 2012-10-18 03:38 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Mozilla 2013-10-01 00:41 - 2012-11-09 22:36 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job 2013-10-01 00:27 - 2012-12-17 19:03 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job 2013-10-01 00:13 - 2012-12-17 09:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-30 22:48 - 2013-08-20 12:32 - 00000000 ____D C:\Users\HMS1018\Desktop\Stray 2013-09-30 22:37 - 2011-01-01 00:56 - 01933757 _____ C:\Windows\WindowsUpdate.log 2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-30 22:23 - 2013-09-30 22:22 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe 2013-09-30 21:52 - 2013-09-30 21:51 - 00000000 ____D C:\AdwCleaner 2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe 2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt 2013-09-30 21:41 - 2012-11-09 22:36 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job 2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT 2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe 2013-09-30 21:19 - 2013-09-30 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-30 21:19 - 2013-09-30 19:20 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar 2013-09-30 21:13 - 2012-12-17 09:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-30 20:27 - 2012-12-17 19:03 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job 2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe 2013-09-30 19:18 - 2013-08-12 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Spotify 2013-09-30 19:04 - 2013-08-14 13:05 - 00000000 ____D C:\ProgramData\Immunet 2013-09-30 19:04 - 2013-08-14 12:44 - 00000000 ____D C:\Program Files\Immunet 2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes 2013-09-30 18:13 - 2013-09-30 17:59 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back 2013-09-30 18:07 - 2013-03-14 11:10 - 00655872 ___SH C:\Users\HMS1018\Desktop\Thumbs.db 2013-09-30 17:39 - 2013-09-30 17:34 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine 2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt 2013-09-30 17:33 - 2013-09-30 17:32 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe 2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer ) C:\Users\HMS1018\Downloads\erunt-setup.exe 2013-09-30 16:51 - 2013-04-25 22:59 - 00000000 ____D C:\Users\HMS1018\Desktop\Rental info 2013-09-30 13:04 - 2013-09-30 13:03 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt 2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill 2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe 2013-09-30 12:41 - 2012-11-02 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\uTorrent 2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif 2013-09-30 11:11 - 2013-07-28 20:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Lake Placid (1999) 2013-09-30 11:11 - 2012-11-14 17:17 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Windows Live 2013-09-30 11:05 - 2013-02-14 12:45 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\IrfanView 2013-09-30 11:03 - 2012-10-22 14:10 - 00000000 ____D C:\Program Files\Lx_cats 2013-09-28 21:53 - 2013-08-13 10:48 - 00000999 _____ C:\Users\HMS1018\Desktop\magicJack.lnk 2013-09-28 21:53 - 2012-10-18 01:58 - 00000985 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2013-09-28 21:53 - 2012-10-18 01:58 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\mjusbsp 2013-09-27 21:27 - 2013-04-06 20:00 - 00000000 ___RD C:\Users\HMS1018\Desktop\Dropbox 2013-09-27 21:27 - 2013-04-04 11:08 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Dropbox 2013-09-27 15:38 - 2009-07-14 00:51 - 22404150 _____ C:\Windows\setupact.log 2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-27 13:32 - 2013-07-24 06:29 - 00000993 _____ C:\Users\Guest\Desktop\magicJack.lnk 2013-09-27 13:32 - 2013-07-24 06:29 - 00000979 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2013-09-27 13:32 - 2013-07-24 06:29 - 00000000 ____D C:\Users\Guest\AppData\Roaming\mjusbsp 2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm 2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal 2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db 2013-09-27 13:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-27 13:29 - 2012-10-18 00:29 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-27 13:19 - 2013-09-13 22:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie 2013-09-25 22:08 - 2013-05-02 11:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-09-25 22:08 - 2012-10-18 03:42 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Adobe 2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt 2013-09-25 10:32 - 2013-01-03 00:22 - 00000000 ____D C:\Users\HMS1018\Desktop\odd stuff 2013-09-24 15:43 - 2013-08-12 19:16 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Spotify 2013-09-24 10:20 - 2010-11-20 23:47 - 00231470 _____ C:\Windows\PFRO.log 2013-09-24 10:18 - 2012-10-18 00:09 - 00000000 ____D C:\Windows 7 Activation (Reccomended) 2013-09-23 21:06 - 2013-05-07 08:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iTunes 2013-09-23 16:45 - 2013-08-26 14:26 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-23 16:44 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod 2013-09-23 16:30 - 2013-05-07 16:55 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Apple Computer 2013-09-22 05:17 - 2013-01-22 22:18 - 00000000 ____D C:\Program Files (x86)\Cain 2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg 2013-09-20 10:13 - 2013-07-28 09:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Young Dro - Best Thang Smokin' Album 2013-09-20 06:58 - 2012-10-18 03:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 06:58 - 2012-10-18 03:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 06:58 - 2012-10-18 03:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 20:30 - 2013-06-05 13:31 - 00000000 ____D C:\Users\HMS1018\Desktop\Old Firefox Data 2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder 2013-09-18 19:31 - 2013-09-18 19:30 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt 2013-09-18 19:31 - 2013-09-18 19:30 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt 2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com 2013-09-18 17:00 - 2013-09-18 16:20 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-09-18 16:59 - 2013-09-18 16:20 - 00000000 ____D C:\ProgramData\savensharE 2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log 2013-09-18 16:25 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\Browsea22ssAAvve 2013-09-18 16:20 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-17 16:49 - 2013-09-12 23:52 - 00000000 ____D C:\ProgramData\Nalpeiron 2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare ) C:\Users\HMS1018\Downloads\setup(3).exe 2013-09-17 14:01 - 2013-09-13 23:03 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green 2013-09-16 14:19 - 2013-09-15 19:30 - 00000000 ____D C:\ProgramData\saVensshaare 2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe 2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0 2013-09-16 02:28 - 2013-09-15 21:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-09-16 02:28 - 2013-09-15 21:05 - 00000000 ____D C:\Program Files (x86)\xfin_portal 2013-09-16 02:28 - 2013-09-15 21:04 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-09-16 02:28 - 2013-07-28 20:13 - 00000000 ____D C:\Users\HMS1018\Downloads\A Nightmare on Elm Street (1984) 2013-09-16 02:28 - 2013-07-28 20:00 - 00000000 ____D C:\Users\HMS1018\Downloads\Fast And Furious 6[2013]WEBRip XviD-ETRG 2013-09-16 02:28 - 2013-07-28 19:50 - 00000000 ____D C:\Users\HMS1018\Downloads\[ www.Torrenting.com ] - Love.and.Basketball.2000.WS.iNTERNAL.REPACK.DVDRip.XviD-PiRATEKiD 2013-09-16 02:28 - 2013-05-13 15:44 - 00000000 ____D C:\Users\HMS1018\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu] 2013-09-16 02:28 - 2013-04-30 13:02 - 00000000 ____D C:\Users\Guest 2013-09-16 02:27 - 2013-09-15 21:07 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst 2013-09-16 02:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-09-15 22:41 - 2013-09-15 22:40 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log 2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo 2013-09-15 22:29 - 2011-01-01 00:56 - 00000000 ____D C:\Users\HMS1018 2013-09-15 21:13 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault 2013-09-15 21:13 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage 2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana 2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc 2013-09-15 19:35 - 2012-11-09 14:03 - 00000000 ____D C:\Windows\system32\appmgmt 2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader 2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk 2013-09-15 10:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-14 04:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-09-13 23:27 - 2013-09-12 16:56 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky 2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe 2013-09-12 23:53 - 2013-09-12 23:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-07-06 11:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe 2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software 2013-09-12 23:51 - 2013-09-12 23:49 - 00000000 ____D C:\ProgramData\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software 2013-09-12 23:50 - 2012-10-22 15:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-12 23:48 - 2013-09-12 23:47 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe 2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk 2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1) 2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill 2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 09:59 - 2009-07-14 00:45 - 05433144 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:15 - 2013-07-26 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 09:11 - 2012-11-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-12 09:11 - 2012-10-18 00:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 23:23 - 2013-05-07 08:18 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk 2013-09-10 02:39 - 2012-12-21 00:36 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-09-10 02:39 - 2012-12-20 15:40 - 00000000 ____D C:\Program Files\WinRAR 2013-09-09 12:18 - 2013-09-09 11:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard 2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic 2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt 2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx 2013-09-05 11:10 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-04 14:32 - 2013-07-06 11:06 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe 2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp 2013-09-04 14:18 - 2013-02-22 05:17 - 539062456 _____ C:\Windows\MEMORY.DMP 2013-09-04 14:18 - 2013-02-22 05:17 - 00000000 ____D C:\Windows\Minidump 2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp Some content of TEMP: ==================== C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-21 01:11 ==================== End Of Log ============================
  8. List of found threats: C:\Program Files (x86)\Cain\Cain.exe a variant of Win32/CainAbel application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe multiple threats C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part Win32/DownloadAdmin.G application C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part a variant of Win32/Amonetize.P application C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part Win32/DownloadAdmin.G application C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part a variant of Win32/Amonetize.P application C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp Win32/Napolar.A trojan C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe a variant of Win32/InstallCore.T application C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe a variant of Win32/InstallCore.AX application C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe Win32/DownloadAdmin.G application C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe Win32/DownloadAdmin.G application C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar Win32/InstalleRex.I application C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe Win32/Toolbar.Babylon.E application C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe a variant of Win32/Bunndle application
  9. # AdwCleaner v3.006 - Report created 30/09/2013 at 21:52:26 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : HMS1018 - HMS1018-PC # Running from : C:\Users\HMS1018\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Folder Found C:\Program Files (x86)\BitLord 2 Folder Found C:\Program Files (x86)\xfin_portal Folder Found C:\ProgramData\savensharE Folder Found C:\ProgramData\saVensshaare Folder Found C:\Users\HMS1018\AppData\LocalLow\xfin_portal Folder Found C:\Users\HMS1018\AppData\Roaming\BitLord Folder Found C:\Users\HMS1018\AppData\Roaming\EZDownloader Folder Found C:\Users\HMS1018\Documents\BitLord ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124\prefs.js ] -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage Found : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [6223 octets] - [30/09/2013 21:52:26] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6283 octets] ##########
  10. unkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Professional x64 Ran by HMS1018 on Mon 09/30/2013 at 21:32:32.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D570841B-10AE-4D5B-BBB8-237DA20EA69F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\softsafe" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\cre" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\comcasttb" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\websearch" ~~~ FireFox Emptied folder: C:\Users\HMS1018\AppData\Roaming\mozilla\firefox\profiles\oqc7cjzd.default-1379637043124\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/30/2013 at 21:42:31.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Just hit no and restarted it no problems: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.30.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 HMS1018 :: HMS1018-PC [administrator] 9/30/2013 8:53:07 PM mbar-log-2013-09-30 (20-53-07).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 291908 Time elapsed: 23 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.013000 GHz Memory total: 4292403200, free: 2146627584 Downloaded database version: v2013.09.30.09 Downloaded database version: v2013.09.23.01 ======================================= Initializing... ------------ Kernel report ------------ 09/30/2013 20:53:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\DRIVERS\dsfksvcs.sys \SystemRoot\system32\DRIVERS\DSFOleaut32.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\dsfroot.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\system32\DRIVERS\ImmunetProtect.sys \SystemRoot\system32\DRIVERS\ImmunetSelfProtect.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\softehci.sys \SystemRoot\system32\DRIVERS\usbehci_dsf.sys \SystemRoot\system32\DRIVERS\hrmports.sys \SystemRoot\system32\DRIVERS\USBPORT_DSF.SYS \SystemRoot\system32\DRIVERS\hrmints.sys \SystemRoot\SYSTEM32\DRIVERS\HRMCFGSPC.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\rusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\cmudax3.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\Drivers\azn3ma5z.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\mcdbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\DRIVERS\rusb3hub.sys \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\netr28ux.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\bcbtums.sys \??\C:\Windows\system32\drivers\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\hidbth.sys \SystemRoot\system32\DRIVERS\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\system32\DRIVERS\btwrchid.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shlwapi.dll \Windows\System32\lpk.dll \Windows\System32\comdlg32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\shell32.dll \Windows\System32\gdi32.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\clbcatq.dll \Windows\System32\usp10.dll \Windows\System32\wininet.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\Wldap32.dll \Windows\System32\ole32.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\kernel32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xfffffa8010c5e380 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000d7\ Lower Device Object: 0xfffffa8010876b60 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xfffffa8010c5e380 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000d7\ Lower Device Object: 0xfffffa8010876b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8007c51060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a7\ Lower Device Object: 0xfffffa8007a6fb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c525d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004aed060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c53040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004adcd10, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004aed060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00281f080, 0xfffffa8004c525d0, 0xfffffa800ab92750 Lower DeviceData: 0xfffff8a00d924c00, 0xfffffa8004aed060, 0xfffffa80113949e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 61767149 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1953314816 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80104ef250, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010876b60, DeviceName: \Device\000000d7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c51b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007a6fb60, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished
  12. STEP 03 Not sure what to do! will be waiting on you.
  13. Thanks! RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : HMS1018 [Admin rights] Mode : Scan -- Date : 09/30/2013 17:38:35 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721010CLA332 ATA Device +++++ --- User --- [MBR] dacf81a5cdc15d6b23b15cce8364c761 [bSP] ade3b5e7897382b1a593b7116c9fea16 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09302013_173835.txt >>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.