Jump to content

Karl1965

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral

About Karl1965

  • Birthday 03/10/1965

Profile Information

  • Location
    Alabama
  1. Thank you very much for all your help i do appreciate it. So far everything cleaned up fine, i do have a few things i'll have to manually delete but thats no problem. I will keep an eye on things and will let you know if the pop up comes back. Sorry i took up all your time today. Thanks again for everything, Have a great day. Kind Regards, Karl.
  2. I use Ccleaner all the time, it's one of my favorite tools. Here is the Security Check log. Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. Sorry where it say (It never shower any signs other than that pop up.)was suppost to be (It never showed any signs other than that pop up.)
  4. I will be checking but it may be a while before i know. That pop up didn't happen all the time. Sometimes it would happen 2 or 3 time a day, then it might be a couple of days before it happened again. All i can do is continue surfing the web to see if it comes back or not. It never shower any signs other than that pop up. The first time i seen the pop up was about 4 or 5 weeks ago. i would just refresh the page and it would be gone. I did try doing some research on it but came up empty, so as a result of not finding out anything i landed here. I do appreciate your help very much.
  5. Hi, I use to have Java but i uninstalled it and will never reinstall it. It seems to me Java is not good with keeping up with security patches. Anyways here is the log you requested. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Home at 2014-03-16 20:00:43 Run:1 Running from C:\Users\Home\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key deleted successfully. HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. ==== End of Fixlog ====
  6. He has been very kind to help me and i do appreciate his help.
  7. Here is AdwCleaner log... # AdwCleaner v3.022 - Report created 16/03/2014 at 19:23:26 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Home - HOME-HP # Running from : C:\Users\Home\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\Program Files (x86)\OpinionSquare Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin Folder Deleted : C:\Users\Home\AppData\Local\Conduit Folder Deleted : C:\Users\Home\AppData\LocalLow\Conduit File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2 Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dj-mixer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dj-mixer_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\wscontb Key Deleted : HKCU\Software\YahooPartnerToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4350 octets] - [16/03/2014 19:20:41] AdwCleaner[s0].txt - [3862 octets] - [16/03/2014 19:23:26] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3922 octets] ########## And here is FRST logs... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Home (administrator) on HOME-HP on 16-03-2014 19:30:56 Running from C:\Users\Home\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard) HKU\S-1-5-21-4272652656-438244758-189266899-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-13] (AMD) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKCU - DefaultScope {A4F68B9F-6830-4124-9742-BC1A70FC20E3} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {A4F68B9F-6830-4124-9742-BC1A70FC20E3} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05] CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05] CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05] CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] () R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () ==================== Drivers (Whitelisted) ==================== S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-16 19:30 - 2014-03-16 19:31 - 00009904 _____ () C:\Users\Home\Desktop\FRST.txt 2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\FRST 2014-03-16 19:28 - 2014-03-16 19:28 - 02157056 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe 2014-03-16 19:25 - 2014-03-16 19:25 - 00004026 _____ () C:\Users\Home\Desktop\AdwCleaner[s0].txt 2014-03-16 19:20 - 2014-03-16 19:23 - 00000000 ____D () C:\AdwCleaner 2014-03-16 19:19 - 2014-03-16 19:20 - 01950720 _____ () C:\Users\Home\Desktop\AdwCleaner.exe 2014-03-16 19:11 - 2014-03-16 19:11 - 00000844 _____ () C:\Windows\PFRO.log 2014-03-16 19:09 - 2014-03-16 19:09 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Desktop\TFC.exe 2014-03-16 18:28 - 2014-03-16 18:28 - 00017442 _____ () C:\ComboFix.txt 2014-03-16 18:20 - 2014-03-16 18:28 - 00000000 ____D () C:\Qoobox 2014-03-16 18:20 - 2014-03-16 18:27 - 00000000 ____D () C:\Windows\erdnt 2014-03-16 18:20 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-16 18:20 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-16 18:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-16 18:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-16 18:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-16 18:20 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-16 18:20 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-16 18:20 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-16 18:19 - 2014-03-16 18:19 - 05190594 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe 2014-03-16 17:53 - 2014-03-16 19:24 - 00000168 _____ () C:\Windows\setupact.log 2014-03-16 17:53 - 2014-03-16 17:53 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-16 17:50 - 2014-03-16 17:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Home\Desktop\tdsskiller.exe 2014-03-16 17:40 - 2014-03-16 17:40 - 00002185 _____ () C:\Users\Home\Desktop\RKreport[0]_D_03162014_174048.txt 2014-03-16 17:33 - 2014-03-16 17:33 - 00002131 _____ () C:\Users\Home\Desktop\RKreport[0]_S_03162014_173347.txt 2014-03-16 15:19 - 2014-03-16 15:19 - 00002098 _____ () C:\Users\Home\Desktop\RKreport[0]_S_03162014_151915.txt 2014-03-16 15:17 - 2014-03-16 15:25 - 00000000 ____D () C:\Users\Home\Desktop\RK_Quarantine 2014-03-16 15:16 - 2014-03-16 15:16 - 04497920 _____ () C:\Users\Home\Desktop\RogueKillerX64.exe 2014-03-16 13:47 - 2014-03-16 13:47 - 00013978 _____ () C:\Users\Home\Desktop\dds.txt 2014-03-16 13:47 - 2014-03-16 13:47 - 00005300 _____ () C:\Users\Home\Desktop\attach.txt 2014-03-16 13:43 - 2014-03-16 13:43 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com 2014-03-12 19:59 - 2014-02-23 02:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-12 19:59 - 2014-02-23 01:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-12 19:59 - 2014-02-23 01:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-12 19:59 - 2014-02-23 01:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-12 19:59 - 2014-02-23 01:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-12 19:59 - 2014-02-23 01:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-12 19:59 - 2014-02-23 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-12 19:59 - 2014-02-23 01:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-12 19:59 - 2014-02-23 01:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-12 19:59 - 2014-02-23 01:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-12 19:59 - 2014-02-23 01:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-12 19:59 - 2014-02-23 01:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-12 19:59 - 2014-02-23 01:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-12 19:59 - 2014-02-23 01:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-12 19:59 - 2014-02-23 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-12 19:59 - 2014-02-23 01:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 19:59 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-12 19:59 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-12 19:59 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-12 19:59 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-12 19:59 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-12 19:59 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-12 19:59 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-03-12 19:59 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-12 19:59 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-12 19:59 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-12 19:59 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-12 19:59 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-12 19:59 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-12 19:59 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-12 19:59 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-03-12 19:59 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-12 19:54 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 19:54 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 19:54 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 19:54 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-12 19:54 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 19:54 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 19:54 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-12 19:54 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-05 17:31 - 2014-03-05 17:31 - 00000000 ____D () C:\Users\Home\AppData\Local\TechSmith 2014-03-05 16:36 - 2014-03-15 15:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-05 16:35 - 2014-03-16 19:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-05 16:35 - 2014-03-16 18:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-05 16:35 - 2014-03-05 16:35 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-05 16:35 - 2014-03-05 16:35 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-25 18:16 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-02-25 18:16 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll ==================== One Month Modified Files and Folders ======= 2014-03-16 19:31 - 2014-03-16 19:30 - 00009904 _____ () C:\Users\Home\Desktop\FRST.txt 2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ____D () C:\FRST 2014-03-16 19:29 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-16 19:28 - 2014-03-16 19:28 - 02157056 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe 2014-03-16 19:27 - 2011-12-04 17:00 - 01388631 _____ () C:\Windows\WindowsUpdate.log 2014-03-16 19:25 - 2014-03-16 19:25 - 00004026 _____ () C:\Users\Home\Desktop\AdwCleaner[s0].txt 2014-03-16 19:25 - 2014-03-05 16:35 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-16 19:24 - 2014-03-16 17:53 - 00000168 _____ () C:\Windows\setupact.log 2014-03-16 19:24 - 2013-11-30 00:46 - 02481928 _____ () C:\Simraceway.log 2014-03-16 19:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-16 19:23 - 2014-03-16 19:20 - 00000000 ____D () C:\AdwCleaner 2014-03-16 19:20 - 2014-03-16 19:19 - 01950720 _____ () C:\Users\Home\Desktop\AdwCleaner.exe 2014-03-16 19:19 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-16 19:19 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-16 19:11 - 2014-03-16 19:11 - 00000844 _____ () C:\Windows\PFRO.log 2014-03-16 19:09 - 2014-03-16 19:09 - 00448512 _____ (OldTimer Tools) C:\Users\Home\Desktop\TFC.exe 2014-03-16 18:40 - 2014-03-05 16:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-16 18:38 - 2013-09-12 16:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-16 18:28 - 2014-03-16 18:28 - 00017442 _____ () C:\ComboFix.txt 2014-03-16 18:28 - 2014-03-16 18:20 - 00000000 ____D () C:\Qoobox 2014-03-16 18:28 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2014-03-16 18:27 - 2014-03-16 18:20 - 00000000 ____D () C:\Windows\erdnt 2014-03-16 18:27 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-16 18:26 - 2011-06-17 09:18 - 00000000 ____D () C:\Users\Home 2014-03-16 18:19 - 2014-03-16 18:19 - 05190594 ____R (Swearware) C:\Users\Home\Desktop\ComboFix.exe 2014-03-16 17:53 - 2014-03-16 17:53 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-16 17:50 - 2014-03-16 17:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Home\Desktop\tdsskiller.exe 2014-03-16 17:40 - 2014-03-16 17:40 - 00002185 _____ () C:\Users\Home\Desktop\RKreport[0]_D_03162014_174048.txt 2014-03-16 17:33 - 2014-03-16 17:33 - 00002131 _____ () C:\Users\Home\Desktop\RKreport[0]_S_03162014_173347.txt 2014-03-16 15:25 - 2014-03-16 15:17 - 00000000 ____D () C:\Users\Home\Desktop\RK_Quarantine 2014-03-16 15:19 - 2014-03-16 15:19 - 00002098 _____ () C:\Users\Home\Desktop\RKreport[0]_S_03162014_151915.txt 2014-03-16 15:16 - 2014-03-16 15:16 - 04497920 _____ () C:\Users\Home\Desktop\RogueKillerX64.exe 2014-03-16 13:47 - 2014-03-16 13:47 - 00013978 _____ () C:\Users\Home\Desktop\dds.txt 2014-03-16 13:47 - 2014-03-16 13:47 - 00005300 _____ () C:\Users\Home\Desktop\attach.txt 2014-03-16 13:43 - 2014-03-16 13:43 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.com 2014-03-16 13:27 - 2011-08-04 13:58 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps 2014-03-16 13:23 - 2012-07-01 14:32 - 00001726 _____ () C:\Users\Public\Desktop\Defraggler.lnk 2014-03-16 13:23 - 2012-07-01 14:31 - 00000000 ____D () C:\Program Files\Defraggler 2014-03-16 13:20 - 2011-11-24 10:23 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-03-16 13:20 - 2011-11-24 10:23 - 00000000 ____D () C:\Program Files\Speccy 2014-03-16 13:20 - 2011-08-08 18:52 - 00037580 _____ () C:\Windows\system32\lvcoinst.log 2014-03-16 13:11 - 2011-06-16 19:39 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B2C2F285-78E5-4523-A34B-4AD38242E9BE} 2014-03-16 01:25 - 2013-11-30 00:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Simraceway 2014-03-15 22:51 - 2013-02-16 17:41 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHOME-HP$ 2014-03-15 22:51 - 2013-02-16 17:41 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job 2014-03-15 15:43 - 2014-03-05 16:36 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-15 15:09 - 2012-03-07 09:34 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForHome.job 2014-03-14 18:32 - 2012-03-07 09:34 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHome 2014-03-14 18:32 - 2011-10-23 11:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-03-14 18:32 - 2011-06-17 18:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-03-14 18:31 - 2011-06-17 18:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HP Support Assistant 2014-03-14 18:31 - 2011-06-17 08:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HpUpdate 2014-03-12 20:02 - 2009-07-13 23:45 - 00278704 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-12 20:01 - 2012-05-11 03:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 20:01 - 2012-05-11 03:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 19:59 - 2013-07-09 17:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-12 19:57 - 2011-06-16 20:24 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-11 14:04 - 2011-03-10 18:00 - 00000000 ____D () C:\ProgramData\PDFC 2014-03-11 13:44 - 2013-09-12 16:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 13:44 - 2012-03-31 08:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 13:44 - 2011-06-16 23:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-10 00:00 - 2013-12-22 03:05 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-03-10 00:00 - 2013-12-21 23:32 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-03-05 17:31 - 2014-03-05 17:31 - 00000000 ____D () C:\Users\Home\AppData\Local\TechSmith 2014-03-05 16:36 - 2013-11-25 18:33 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-05 16:36 - 2012-09-19 00:26 - 00000000 ____D () C:\Users\Home\AppData\Local\Google 2014-03-05 16:35 - 2014-03-05 16:35 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-05 16:35 - 2014-03-05 16:35 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-05 16:34 - 2012-09-19 00:25 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment 2014-03-04 23:20 - 2013-12-21 23:32 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-03-01 18:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-27 20:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-02-27 03:02 - 2011-06-27 03:31 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-27 03:02 - 2011-06-27 03:31 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-23 02:12 - 2014-03-12 19:59 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-23 01:54 - 2014-03-12 19:59 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-23 01:52 - 2014-03-12 19:59 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-23 01:48 - 2014-03-12 19:59 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-23 01:48 - 2014-03-12 19:59 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-23 01:46 - 2014-03-12 19:59 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-23 01:46 - 2014-03-12 19:59 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-23 01:46 - 2014-03-12 19:59 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-23 01:45 - 2014-03-12 19:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-23 01:45 - 2014-03-12 19:59 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-23 01:45 - 2014-03-12 19:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-23 01:44 - 2014-03-12 19:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-23 01:44 - 2014-03-12 19:59 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-23 01:44 - 2014-03-12 19:59 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-23 01:44 - 2014-03-12 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-23 01:43 - 2014-03-12 19:59 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-23 00:50 - 2014-03-12 19:59 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-23 00:47 - 2014-03-12 19:59 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-23 00:43 - 2014-03-12 19:59 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-23 00:41 - 2014-03-12 19:59 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-23 00:40 - 2014-03-12 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-23 00:39 - 2014-03-12 19:59 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-23 00:38 - 2014-03-12 19:59 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-23 00:38 - 2014-03-12 19:59 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-23 00:38 - 2014-03-12 19:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-23 00:37 - 2014-03-12 19:59 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-23 00:37 - 2014-03-12 19:59 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-23 00:37 - 2014-03-12 19:59 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-23 00:37 - 2014-03-12 19:59 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-23 00:36 - 2014-03-12 19:59 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-23 00:36 - 2014-03-12 19:59 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-23 00:35 - 2014-03-12 19:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll Some content of TEMP: ==================== C:\Users\Home\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 21:12 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Home at 2014-03-16 19:32:00 Running from C:\Users\Home\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden AMD Problem Report Wizard (Version: 3.0.851.0 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.1.603578 - ) ATI AVIVO64 Codecs (Version: 11.6.0.10627 - ATI Technologies Inc.) Hidden Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.5122 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 4.2.5122 - Hewlett-Packard) Hidden HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard) HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard) HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard) HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard) HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard) Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC) HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc. Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1229 - Electronic Arts) NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc) PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow) Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden ==================== Restore Points ========================= 26-02-2014 09:00:16 Windows Update 02-03-2014 15:41:18 Windows Update 05-03-2014 22:30:24 Installed Jing 06-03-2014 02:22:27 Windows Update 09-03-2014 06:04:25 Removed Jing 09-03-2014 08:52:26 Windows Update 12-03-2014 19:11:04 Windows Update 13-03-2014 00:55:08 Windows Update 16-03-2014 06:26:57 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2014-03-16 18:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {119A9CFA-971E-4418-8BBD-13DD7806FAB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.) Task: {3BC84719-0325-4128-A6A6-896B9E062058} - System32\Tasks\{6DCC691E-BE97-42B9-9270-DB3B472EC41B} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] () Task: {613AA204-5508-4782-BCE4-D3153AE2F0F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {659B0994-82D6-4D53-9B56-EC383B16BF88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {7A5CA443-44EE-49F7-A359-C540DB47A293} - System32\Tasks\HPCeeScheduleForHome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {8CFCD9B3-9555-4DED-A527-204BC53F89BE} - System32\Tasks\{7F410356-673C-4ED4-B3CD-F3F954E60D2F} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {8E81995C-497E-4236-9B0F-4CC37F42CB6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.) Task: {92F92359-F30E-4DD5-BED8-66482E351B26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {97663CA6-CBD8-4294-9748-9FAD6B5704A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {A91BFC0F-4854-4C31-BA9C-7D014D0A7844} - System32\Tasks\{1F45C847-B65B-4AB6-917B-11A6879FCAEF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {C25FDC5E-D5D3-46AD-AE2D-BBC7BF1F83C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard) Task: {F1AABB4D-1051-4DE9-9B4B-E84867812502} - System32\Tasks\HPCeeScheduleForHOME-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {F4DFCB94-5DAF-414C-A7B9-6E1F595ED2BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForHOME-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForHome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-21 23:32 - 2013-12-21 23:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-07-11 16:04 - 2013-07-11 16:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe 2010-09-15 13:31 - 2010-09-15 13:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2013-07-11 16:03 - 2013-07-11 16:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRW Download Manager.lnk => C:\Windows\pss\SRW Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/09/2014 07:09:16 PM) (Source: Application Error) (User: ) Description: Faulting application name: iexplore.exe, version: 9.0.8112.16533, time stamp: 0x52f1fb14 Faulting module name: npUnity3D32.dll_unloaded, version: 0.0.0.0, time stamp: 0x514e9a58 Exception code: 0xc0000005 Fault offset: 0x15c8fe98 Faulting process id: 0x4b88 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (03/07/2014 06:44:59 PM) (Source: Application Error) (User: ) Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c Exception code: 0xc0000005 Fault offset: 0x0002b78a Faulting process id: 0x1d20 Faulting application start time: 0xhpasset.exe0 Faulting application path: hpasset.exe1 Faulting module path: hpasset.exe2 Report Id: hpasset.exe3 Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (03/16/2014 07:24:46 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.1 service failed to start due to the following error: %%2 Error: (03/16/2014 07:24:14 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (03/16/2014 07:11:59 PM) (Source: Service Control Manager) (User: ) Description: The AODDriver4.1 service failed to start due to the following error: %%2 Error: (03/16/2014 07:11:25 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (03/16/2014 07:10:48 PM) (Source: Service Control Manager) (User: ) Description: The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s). Error: (03/16/2014 06:27:19 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/16/2014 06:26:50 PM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (03/16/2014 06:25:55 PM) (Source: Service Control Manager) (User: ) Description: The Simraceway Update Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 10 milliseconds: Restart the service. Error: (03/16/2014 06:25:09 PM) (Source: Service Control Manager) (User: ) Description: The Simraceway Update Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10 milliseconds: Restart the service. Error: (03/16/2014 06:24:31 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (03/09/2014 07:09:16 PM) (Source: Application Error)(User: ) Description: iexplore.exe9.0.8112.1653352f1fb14npUnity3D32.dll_unloaded0.0.0.0514e9a58c000000515c8fe984b8801cf3bf431fefd46C:\Program Files (x86)\Internet Explorer\iexplore.exenpUnity3D32.dll37a6629c-a7e8-11e3-b8f3-78acc0bd08b3 Error: (03/07/2014 06:44:59 PM) (Source: Application Error)(User: ) Description: hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78a1d2001cf3a5f3c3fbce6C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe7e582692-a652-11e3-9994-78acc0bd08b3 Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/06/2014 07:58:38 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service)(User: ) Description: Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) The catalog is corrupt Error: (03/06/2014 07:58:37 PM) (Source: Windows Search Service)(User: ) Description: Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) 4700 CodeIntegrity Errors: =================================== Date: 2014-03-16 18:26:50.713 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-03-16 18:26:50.433 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 2815.29 MB Available physical RAM: 1819.47 MB Total Pagefile: 5628.75 MB Available Pagefile: 4584.09 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:370.45 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 606EA97A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. Here is the combofix log. ComboFix 14-03-16.01 - Home 03/16/2014 18:21:15.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1704 [GMT -5:00] Running from: c:\users\Home\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END C:\Thumbs.db c:\users\Home\g2mdlhlpx.exe c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 ))))))))))))))))))))))))))))))) . . 2014-03-16 23:27 . 2014-03-16 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-16 13:31 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EB914B6-A4E2-4BA4-A5E4-E60CA6BBE8B4}\mpengine.dll 2014-03-16 06:27 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-14 23:31 . 2014-02-19 22:44 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24FDED2B-D5D3-4343-92A5-BAFB76E04F5E}\gapaengine.dll 2014-03-13 00:54 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2014-03-13 00:54 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll 2014-03-13 00:54 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-03-13 00:54 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-13 00:54 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-13 00:54 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-13 00:54 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-13 00:54 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-05 22:31 . 2014-03-05 22:31 -------- d-----w- c:\users\Home\AppData\Local\TechSmith 2014-02-25 23:16 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-02-25 23:16 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-13 00:57 . 2011-06-17 01:24 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-03-11 18:44 . 2012-03-31 13:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-11 18:44 . 2011-06-17 04:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-10 05:00 . 2013-12-22 08:05 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-03-10 05:00 . 2013-12-22 04:32 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-03-05 04:20 . 2013-12-22 04:32 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-02-19 22:44 . 2011-09-08 20:50 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-01-19 07:33 . 2011-08-16 19:55 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-24 23:09 . 2014-02-12 00:05 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48 . 2014-02-12 00:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-12-22 04:32 . 2013-12-22 04:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-13 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 Simraceway Update Service;Simraceway Update Service;c:\program files (x86)\SimracewayUpdater\SRWUpdate.exe;c:\program files (x86)\SimracewayUpdater\SRWUpdate.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 48288693 *Deregistered* - 48288693 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-15 20:41 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:44] . 2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 21:34] . 2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 21:34] . 2014-03-16 c:\windows\Tasks\HPCeeScheduleForHOME-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2014-03-15 c:\windows\Tasks\HPCeeScheduleForHome.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720] . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-48288693.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-03-16 18:28:47 ComboFix-quarantined-files.txt 2014-03-16 23:28 . Pre-Run: 398,070,558,720 bytes free Post-Run: 397,940,043,776 bytes free . - - End Of File - - D13D4F2B6973D2BF36258F26F2EDD9D4 DEA7009B8C5104B864B2D8A2D37FED18
  9. Here is the logs from TDSSKiller. I will post combofix in my next reply. 17:51:20.0522 0x2c7c TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02 17:51:25.0608 0x2c7c ============================================================ 17:51:25.0608 0x2c7c Current date / time: 2014/03/16 17:51:25.0608 17:51:25.0608 0x2c7c SystemInfo: 17:51:25.0608 0x2c7c 17:51:25.0608 0x2c7c OS Version: 6.1.7601 ServicePack: 1.0 17:51:25.0608 0x2c7c Product type: Workstation 17:51:25.0608 0x2c7c ComputerName: HOME-HP 17:51:25.0608 0x2c7c UserName: Home 17:51:25.0608 0x2c7c Windows directory: C:\Windows 17:51:25.0608 0x2c7c System windows directory: C:\Windows 17:51:25.0608 0x2c7c Running under WOW64 17:51:25.0608 0x2c7c Processor architecture: Intel x64 17:51:25.0608 0x2c7c Number of processors: 2 17:51:25.0608 0x2c7c Page size: 0x1000 17:51:25.0608 0x2c7c Boot type: Normal boot 17:51:25.0608 0x2c7c ============================================================ 17:51:26.0029 0x2c7c KLMD registered as C:\Windows\system32\drivers\50814279.sys 17:51:26.0341 0x2c7c System UUID: {24720316-D4DA-79D0-D393-CF9845EDF90A} 17:51:26.0981 0x2c7c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:51:26.0996 0x2c7c ============================================================ 17:51:26.0996 0x2c7c \Device\Harddisk0\DR0: 17:51:26.0996 0x2c7c MBR partitions: 17:51:26.0996 0x2c7c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:51:26.0996 0x2c7c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x388EC000 17:51:26.0996 0x2c7c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3891E800, BlocksNum 0x1A67000 17:51:26.0996 0x2c7c ============================================================ 17:51:27.0012 0x2c7c C: <-> \Device\Harddisk0\DR0\Partition2 17:51:27.0074 0x2c7c D: <-> \Device\Harddisk0\DR0\Partition3 17:51:27.0074 0x2c7c ============================================================ 17:51:27.0074 0x2c7c Initialize success 17:51:27.0074 0x2c7c ============================================================ 17:52:50.0862 0x1828 KLMD registered as C:\Windows\system32\drivers\74429809.sys 17:52:51.0642 0x1828 Deinitialize success TDSSKiller.3.0.0.25_16.03.2014_17.54.36_log.txt
  10. Hello Here is the logs from RogueKiller from the second scan. Iwanted to go ahead and post this i will do the TDSSKiller and ComboFix and post them next. This log is before the clean... RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Home [Admin rights] Mode : Scan -- Date : 03/16/2014 17:33:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHUB1B6.tmp.exe [x][x] -> FOUND [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHU6621.tmp.exe [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST350041 8AS SATA Disk Device +++++ --- User --- [MBR] f8b8fc7cf168c1322a9eeccbd5db935e [bSP] 6518f3cdc2f87b85f4b61d45567fbb64 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463320 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949086208 | Size: 13518 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 87491acbd5b4bfeba8e9a1265ae79306 [bSP] e59807d88bb77f070731e3d05f2e1d27 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo Finished : << RKreport[0]_S_03162014_173347.txt >> RKreport[0]_S_03162014_151915.txt And this is the log after the clean... RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Home [Admin rights] Mode : Remove -- Date : 03/16/2014 17:40:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHUB1B6.tmp.exe [x][x] -> DELETED [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHU6621.tmp.exe [x][x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST350041 8AS SATA Disk Device +++++ --- User --- [MBR] f8b8fc7cf168c1322a9eeccbd5db935e [bSP] 6518f3cdc2f87b85f4b61d45567fbb64 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463320 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949086208 | Size: 13518 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 87491acbd5b4bfeba8e9a1265ae79306 [bSP] e59807d88bb77f070731e3d05f2e1d27 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo Finished : << RKreport[0]_D_03162014_174048.txt >> RKreport[0]_S_03162014_151915.txt;RKreport[0]_S_03162014_173347.txt
  11. After i made this post and read your reply, I figured it wouldn't hurt to have things checked out. Like you said that message shouldn't popup unless i clicked on something, i didn't do anything but open web pages it poped up once opening this forum. I don't know why it does it and i don't know how to stop it. My computer don't give me any problems so i don't think its anything major.
  12. Hello MrCharlie, Thank you, for your help i do appreciate it. Here is the logs you requested. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-HP [administrator] 3/16/2014 3:10:42 PM mbam-log-2014-03-16 (15-10-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 213387 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Home [Admin rights] Mode : Scan -- Date : 03/16/2014 15:19:15 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHUB1B6.tmp.exe [x][x] -> FOUND [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Home\AppData\Local\Temp\IHU6621.tmp.exe [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST350041 8AS SATA Disk Device +++++ --- User --- [MBR] f8b8fc7cf168c1322a9eeccbd5db935e [bSP] 6518f3cdc2f87b85f4b61d45567fbb64 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 463320 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949086208 | Size: 13518 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 87491acbd5b4bfeba8e9a1265ae79306 [bSP] e59807d88bb77f070731e3d05f2e1d27 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo Finished : << RKreport[0]_S_03162014_151915.txt >>
  13. Hello, I have this popup when visiting web sites, i don't have to click anything and it don't matter what site i visit. Here is a screen shot of the popup... It don't popup often but i don't think it should popup at all. I don't know how to stop it. My scanners are Microsoft Security Essentials and Malwarebytes neither comes up with anything. Any help would be appreciated. Here is MB scan log and DDS logs. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-HP [administrator] 3/16/2014 1:33:06 PM mbam-log-2014-03-16 (13-33-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212916 Time elapsed: 3 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16540 Run by Home at 13:46:24 on 2014-03-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1660 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{01EEE925-EB88-440D-A564-24E619EB0922} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-10 1119768] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 Simraceway Update Service;Simraceway Update Service;C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [2013-7-11 1630720] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-17 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38456] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-16 1255736] . =============== Created Last 30 ================ . 2014-03-16 13:33:38 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EB914B6-A4E2-4BA4-A5E4-E60CA6BBE8B4}\offreg.dll 2014-03-16 13:31:28 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EB914B6-A4E2-4BA4-A5E4-E60CA6BBE8B4}\mpengine.dll 2014-03-16 06:27:45 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-14 23:31:34 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24FDED2B-D5D3-4343-92A5-BAFB76E04F5E}\gapaengine.dll 2014-03-13 00:54:54 484864 ----a-w- C:\Windows\System32\wer.dll 2014-03-13 00:54:54 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-03-13 00:54:53 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-03-13 00:54:53 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-03-13 00:54:52 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-13 00:54:52 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-13 00:54:51 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-13 00:54:51 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-03-05 22:31:16 -------- d-----w- C:\Users\Home\AppData\Local\TechSmith 2014-02-25 23:16:04 6574592 ----a-w- C:\Windows\System32\mstscax.dll 2014-02-25 23:16:04 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll . ==================== Find3M ==================== . 2014-03-11 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-11 18:44:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-10 05:00:07 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2014-03-10 05:00:07 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2014-03-05 04:20:48 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll 2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-12-22 04:32:35 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe . ============= FINISH: 13:47:09.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/17/2011 9:18:41 AM System Uptime: 3/15/2014 8:01:33 PM (17 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Athlon II X2 240 Processor | CPU 1 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 452 GiB total, 371.131 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.624 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP468: 2/26/2014 3:00:16 AM - Windows Update RP469: 3/2/2014 9:41:18 AM - Windows Update RP470: 3/5/2014 4:30:24 PM - Installed Jing RP471: 3/5/2014 8:22:27 PM - Windows Update RP472: 3/9/2014 1:04:25 AM - Removed Jing RP473: 3/9/2014 3:52:26 AM - Windows Update RP474: 3/12/2014 2:11:04 PM - Windows Update RP475: 3/12/2014 7:55:08 PM - Windows Update RP476: 3/16/2014 1:26:57 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 12 ActiveX AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD Problem Report Wizard AMD VISION Engine Control Center APB Reloaded ATI AVIVO64 Codecs Bing Rewards Client Installer Blio CameraHelperMsi Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CyberLink DVD Suite Deluxe Defraggler DVD Menu Pack for HP MediaSmart Video erLT GamersFirst LIVE! Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP MovieStore HP Odometer HP Product Detection HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics Hulu Desktop HydraVision Kobo LabelPrint League of Legends LightScribe System Software Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5.1 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft WSE 3.0 Runtime Movie Theme Pack for HP MediaSmart Video MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need For Speed™ World NVIDIA PhysX PDF Complete Special Edition PhotoNow! PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Power2Go PowerDirector PressReader PunkBuster Services Realtek High Definition Audio Driver Recovery Manager RoxioNow Player Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Simraceway 28.92 Skype™ 6.11 Speccy swMSM Unity Web Player Zinio Reader 4 . ==== Event Viewer Messages From Past Week ======== . 3/16/2014 4:17:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/16/2014 3:10:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service. 3/15/2014 3:09:21 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================
  14. Thanks for the reply. Thats what i was thinking, i don't have to click anything just open a web page. It don't happen often but it is annoying, my scanners don't pick up anything. I will take your advice get it checked out.
  15. I have this popup sometimes when going to web sites, it don't matter what site it is. Has anyone seen it before or know what it is? Any information would be appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.