Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scorpion Saver Issues and Pop Ups


  • This topic is locked This topic is locked
18 replies to this topic

#1 dfresh27

dfresh27

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 01 December 2013 - 12:57 PM

Down loaded a program to read CAD files. I then noticed my computer was acting sluggish. I ran Malwarebytes and picked up a bunch load of items. I removed them and also removed the program Scorpion Saver which must have installed with the other program (Now removed also). I now am getting pop up ads from Scorpion Saver and other various things. I ran HiJack This and saw some strange things in there. Time to turn to someone who can help.  Thanks in advance.   Doug



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 01 December 2013 - 04:45 PM





Hello dfresh27

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 11:20 AM

Ok, Here is the first report.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Doug (administrator) on DOUG-PC on 02-12-2013 08:15:46
Running from C:\Users\Doug\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKCU\...\Run: [72AD97DCB79BDDC4647FC61DF7C654731EDCDE1C._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_A462849BBECABE8223ECB2D0000483C0] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
MountPoints2: {61776f59-0526-11e3-a621-00247eb29705} - F:\LaunchU3.exe -a
MountPoints2: {61776f64-0526-11e3-a621-00247eb29705} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-22] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\c1625e51-a4fb-4049-8ca7-8e4c15edaa9e.exe [180184 2013-11-24] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR RestoreOnStartup: ""
CHR Extension: (Google Docs) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (BeFunky Photo Editor) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0
CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Spotify - Music for every moment) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0
CHR Extension: (Google Search) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (VUDU Movies) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib\2.0.0.2_0
CHR Extension: (PartyCloud) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko\4.1_0
CHR Extension: (Google Calendar) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Pandora) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0
CHR Extension: (PicMonkey) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0
CHR Extension: (Full Screen Weather) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0
CHR Extension: (avast! Online Security) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Don't Starve) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (Vimeo Couch Mode) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif\1.0_0
CHR Extension: (Pixlr Express) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.2_0
CHR Extension: (Pixlr Editor) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0
CHR Extension: (Google Play Music) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0
CHR Extension: (iPiccy Photo Editor) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0
CHR Extension: (Until AM Web App) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0
CHR Extension: (Paymo.biz) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenbfhcjnclnoepkkahpnibbekkekihp\1.3_0
CHR Extension: (Google Maps) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Exfm) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\mleeljpaahmfjalppocodgakabmgekim\1.0.4_0
CHR Extension: (Google Wallet) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Scorpion Saver) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: (Psykopaint) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR Extension: (Gmail) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-22] (AVAST Software)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-22] ()
R3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 URC_USB_SYNC_FW; C:\Windows\System32\Drivers\URC_USB_SYNC_FW.sys [24576 2008-04-21] (Universal Remote Control, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-02 08:15 - 2013-12-02 08:16 - 00013462 _____ C:\Users\Doug\Downloads\FRST.txt
2013-12-02 08:15 - 2013-12-02 08:15 - 00000000 ____D C:\FRST
2013-12-02 08:14 - 2013-12-02 08:14 - 00001081 _____ C:\Users\Doug\Desktop\FRST64 - Shortcut.lnk
2013-12-02 08:13 - 2013-12-02 08:13 - 01959184 _____ (Farbar) C:\Users\Doug\Downloads\FRST64.exe
2013-11-30 15:28 - 2013-11-30 15:29 - 00000000 ___DC C:\Users\Doug\AppData\Local\MigWiz
2013-11-26 21:14 - 2013-11-26 21:14 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-26 08:28 - 2013-11-26 08:28 - 00009350 _____ C:\Windows\DPINST.LOG
2013-11-26 08:27 - 2013-11-26 08:27 - 00000000 ____D C:\Program Files\Western Digital
2013-11-25 20:30 - 2013-11-25 20:30 - 00001004 _____ C:\Users\Doug\Desktop\JRT.txt
2013-11-25 20:16 - 2013-11-30 18:27 - 00000280 _____ C:\Windows\setupact.log
2013-11-25 20:16 - 2013-11-25 20:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 20:15 - 2013-11-30 14:52 - 00025846 _____ C:\Windows\PFRO.log
2013-11-25 19:56 - 2013-11-25 19:56 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 19:44 - 2013-11-30 18:15 - 00000000 ____D C:\AdwCleaner
2013-11-25 19:35 - 2013-11-25 19:35 - 00001264 _____ C:\Users\Doug\Desktop\Revo Uninstaller.lnk
2013-11-25 19:35 - 2013-11-25 19:35 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-25 19:12 - 2013-11-25 19:12 - 00001046 _____ C:\Users\Doug\Desktop\JRT - Shortcut.lnk
2013-11-25 19:11 - 2013-11-25 19:11 - 01034531 _____ (Thisisu) C:\Users\Doug\Downloads\JRT.exe
2013-11-25 19:06 - 2013-11-25 19:06 - 01091882 _____ C:\Users\Doug\Downloads\AdwCleaner.exe
2013-11-25 19:06 - 2013-11-25 19:06 - 00001119 _____ C:\Users\Doug\Desktop\AdwCleaner - Shortcut.lnk
2013-11-25 18:43 - 2013-11-25 18:43 - 00688992 _____ (Swearware) C:\Users\Doug\Desktop\dds (1).com
2013-11-25 18:34 - 2013-11-25 18:34 - 00019365 _____ C:\Users\Doug\Desktop\dds.txt
2013-11-25 18:34 - 2013-11-25 18:34 - 00005603 _____ C:\Users\Doug\Desktop\attach.txt
2013-11-25 14:44 - 2013-11-25 14:44 - 00001137 _____ C:\Users\Doug\Desktop\iExplore (1) - Shortcut.lnk
2013-11-25 14:43 - 2013-11-25 14:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Doug\Downloads\iExplore (1).exe
2013-11-25 14:41 - 2013-11-25 14:41 - 00002971 _____ C:\Users\Doug\Desktop\HiJackThis.lnk
2013-11-25 14:41 - 2013-11-25 14:41 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-25 14:41 - 2013-11-25 14:41 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-25 13:52 - 2013-12-01 10:23 - 00002032 _____ C:\Users\Doug\Desktop\Rkill.txt
2013-11-25 13:52 - 2013-11-25 14:45 - 00000000 ____D C:\Users\Doug\Desktop\rkill
2013-11-25 13:51 - 2013-11-30 18:19 - 00000000 ____D C:\Users\Doug\AppData\Roaming\newnext.me
2013-11-25 13:51 - 2013-11-25 14:12 - 00000000 ____D C:\Users\Doug\AppData\Local\Mobogenie
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\Documents\Mobogenie
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Local\genienext
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Local\cache
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\.android
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 _____ C:\Users\Doug\daemonprocess.txt
2013-11-25 13:12 - 2013-11-25 13:12 - 00002299 _____ C:\Users\Doug\Desktop\Chrome App Launcher.lnk
2013-11-25 13:12 - 2013-11-25 13:12 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-25 13:12 - 2013-11-25 13:12 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-24 12:16 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-24 12:16 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-22 16:38 - 2013-11-22 16:38 - 00000000 ____D C:\Users\Doug\AppData\Roaming\AutoDWG
2013-11-22 16:31 - 2013-11-22 16:31 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-22 08:38 - 2013-11-22 08:38 - 00000000 ____D C:\Users\Doug\AppData\Roaming\AVAST Software
2013-11-17 12:43 - 2013-11-17 12:43 - 00000000 ____D C:\Users\Doug\AppData\Roaming\com.wd.WDMyCloud.sav
2013-11-17 11:48 - 2013-11-17 11:48 - 00000000 ____D C:\Users\Doug\AppData\Local\Western_Digital_Technolog
2013-11-17 11:46 - 2013-11-30 18:27 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-17 11:46 - 2013-11-26 08:27 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-17 11:46 - 2013-11-26 08:27 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-17 11:45 - 2013-11-26 08:29 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-17 09:37 - 2013-11-17 09:37 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Macromedia
2013-11-17 09:36 - 2013-11-26 08:27 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-17 09:36 - 2013-11-17 09:37 - 00000000 ____D C:\Users\Doug\AppData\Roaming\com.wd.WDMyCloud
2013-11-17 09:36 - 2013-11-17 09:36 - 00001153 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files\Bonjour
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-16 18:58 - 2013-11-17 11:48 - 00000000 ____D C:\Users\Doug\AppData\Local\Western Digital
2013-11-15 08:10 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-15 08:07 - 2013-11-15 08:07 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 08:07 - 2013-11-15 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 08:07 - 2013-11-15 08:07 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 08:07 - 2013-11-15 08:07 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 08:07 - 2013-11-15 08:07 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 08:07 - 2013-11-15 08:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 08:07 - 2013-11-15 08:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 08:07 - 2013-11-15 08:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 08:07 - 2013-11-15 08:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 08:07 - 2013-11-15 08:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 08:07 - 2013-11-15 08:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 14:26 - 2013-11-13 14:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_winusb_01009.Wdf
2013-11-13 09:39 - 2013-11-13 09:39 - 00000000 ____D C:\Users\Public\Documents\sun
2013-11-13 08:26 - 2013-11-13 08:26 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-13 08:21 - 2013-11-13 08:21 - 00000000 ____D C:\Users\Doug\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2013-11-12 19:58 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 19:58 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 19:58 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 19:58 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 19:58 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 19:58 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 19:58 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 19:58 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 19:58 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 19:58 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 19:58 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 19:58 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 19:58 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 19:58 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 19:58 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 19:58 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 19:58 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 19:58 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 19:58 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 19:58 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 19:58 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 19:58 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 19:58 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 19:58 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 19:58 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 19:58 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 19:58 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 19:58 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 19:58 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 19:58 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-02 09:32 - 2013-11-02 09:32 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Oracle
2013-11-02 09:31 - 2013-11-02 09:31 - 00000000 ____D C:\ProgramData\Oracle
2013-11-02 09:28 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-02 09:28 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-02 09:28 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-02 09:28 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-02 09:27 - 2013-11-02 09:28 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
 
==================== One Month Modified Files and Folders =======
 
2013-12-02 08:16 - 2013-12-02 08:15 - 00013462 _____ C:\Users\Doug\Downloads\FRST.txt
2013-12-02 08:16 - 2013-10-01 10:18 - 01510874 _____ C:\Windows\WindowsUpdate.log
2013-12-02 08:15 - 2013-12-02 08:15 - 00000000 ____D C:\FRST
2013-12-02 08:14 - 2013-12-02 08:14 - 00001081 _____ C:\Users\Doug\Desktop\FRST64 - Shortcut.lnk
2013-12-02 08:13 - 2013-12-02 08:13 - 01959184 _____ (Farbar) C:\Users\Doug\Downloads\FRST64.exe
2013-12-02 08:12 - 2013-10-17 16:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 08:06 - 2013-06-14 20:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 17:28 - 2013-06-14 20:25 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 10:23 - 2013-11-25 13:52 - 00002032 _____ C:\Users\Doug\Desktop\Rkill.txt
2013-11-30 18:34 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 18:34 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-30 18:27 - 2013-11-25 20:16 - 00000280 _____ C:\Windows\setupact.log
2013-11-30 18:27 - 2013-11-17 11:46 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-30 18:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-30 18:19 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Roaming\newnext.me
2013-11-30 18:15 - 2013-11-25 19:44 - 00000000 ____D C:\AdwCleaner
2013-11-30 15:29 - 2013-11-30 15:28 - 00000000 ___DC C:\Users\Doug\AppData\Local\MigWiz
2013-11-30 15:07 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 14:52 - 2013-11-25 20:15 - 00025846 _____ C:\Windows\PFRO.log
2013-11-26 21:14 - 2013-11-26 21:14 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-26 08:29 - 2013-11-17 11:45 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-26 08:28 - 2013-11-26 08:28 - 00009350 _____ C:\Windows\DPINST.LOG
2013-11-26 08:27 - 2013-11-26 08:27 - 00000000 ____D C:\Program Files\Western Digital
2013-11-26 08:27 - 2013-11-17 11:46 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-26 08:27 - 2013-11-17 11:46 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-26 08:27 - 2013-11-17 09:36 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-25 20:30 - 2013-11-25 20:30 - 00001004 _____ C:\Users\Doug\Desktop\JRT.txt
2013-11-25 20:16 - 2013-11-25 20:16 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 19:56 - 2013-11-25 19:56 - 00000000 ____D C:\Windows\ERUNT
2013-11-25 19:35 - 2013-11-25 19:35 - 00001264 _____ C:\Users\Doug\Desktop\Revo Uninstaller.lnk
2013-11-25 19:35 - 2013-11-25 19:35 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-25 19:12 - 2013-11-25 19:12 - 00001046 _____ C:\Users\Doug\Desktop\JRT - Shortcut.lnk
2013-11-25 19:11 - 2013-11-25 19:11 - 01034531 _____ (Thisisu) C:\Users\Doug\Downloads\JRT.exe
2013-11-25 19:06 - 2013-11-25 19:06 - 01091882 _____ C:\Users\Doug\Downloads\AdwCleaner.exe
2013-11-25 19:06 - 2013-11-25 19:06 - 00001119 _____ C:\Users\Doug\Desktop\AdwCleaner - Shortcut.lnk
2013-11-25 18:43 - 2013-11-25 18:43 - 00688992 _____ (Swearware) C:\Users\Doug\Desktop\dds (1).com
2013-11-25 18:34 - 2013-11-25 18:34 - 00019365 _____ C:\Users\Doug\Desktop\dds.txt
2013-11-25 18:34 - 2013-11-25 18:34 - 00005603 _____ C:\Users\Doug\Desktop\attach.txt
2013-11-25 14:46 - 2013-06-14 18:02 - 00000000 ____D C:\Users\Doug\AppData\Local\VirtualStore
2013-11-25 14:45 - 2013-11-25 13:52 - 00000000 ____D C:\Users\Doug\Desktop\rkill
2013-11-25 14:44 - 2013-11-25 14:44 - 00001137 _____ C:\Users\Doug\Desktop\iExplore (1) - Shortcut.lnk
2013-11-25 14:43 - 2013-11-25 14:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Doug\Downloads\iExplore (1).exe
2013-11-25 14:41 - 2013-11-25 14:41 - 00002971 _____ C:\Users\Doug\Desktop\HiJackThis.lnk
2013-11-25 14:41 - 2013-11-25 14:41 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-25 14:41 - 2013-11-25 14:41 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-25 14:35 - 2013-06-18 14:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-25 14:13 - 2013-06-14 18:02 - 00000000 ___RD C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 14:12 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Local\Mobogenie
2013-11-25 14:12 - 2013-06-14 18:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\Documents\Mobogenie
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Local\genienext
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\AppData\Local\cache
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 ____D C:\Users\Doug\.android
2013-11-25 13:51 - 2013-11-25 13:51 - 00000000 _____ C:\Users\Doug\daemonprocess.txt
2013-11-25 13:51 - 2013-06-14 18:01 - 00000000 ____D C:\Users\Doug
2013-11-25 13:12 - 2013-11-25 13:12 - 00002299 _____ C:\Users\Doug\Desktop\Chrome App Launcher.lnk
2013-11-25 13:12 - 2013-11-25 13:12 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-25 13:12 - 2013-11-25 13:12 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-25 13:11 - 2013-06-14 20:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-24 21:23 - 2013-11-24 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-24 20:05 - 2013-06-14 18:35 - 00000000 ____D C:\Windows\Panther
2013-11-22 16:38 - 2013-11-22 16:38 - 00000000 ____D C:\Users\Doug\AppData\Roaming\AutoDWG
2013-11-22 16:31 - 2013-11-22 16:31 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-22 08:38 - 2013-11-22 08:38 - 00000000 ____D C:\Users\Doug\AppData\Roaming\AVAST Software
2013-11-22 08:22 - 2013-06-18 14:47 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-22 08:21 - 2013-06-18 14:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-22 08:21 - 2013-06-18 14:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-22 08:21 - 2013-06-18 14:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-22 08:21 - 2013-06-18 14:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-22 08:19 - 2013-06-18 14:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-22 08:09 - 2013-06-18 14:45 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-17 12:43 - 2013-11-17 12:43 - 00000000 ____D C:\Users\Doug\AppData\Roaming\com.wd.WDMyCloud.sav
2013-11-17 11:48 - 2013-11-17 11:48 - 00000000 ____D C:\Users\Doug\AppData\Local\Western_Digital_Technolog
2013-11-17 11:48 - 2013-11-16 18:58 - 00000000 ____D C:\Users\Doug\AppData\Local\Western Digital
2013-11-17 09:37 - 2013-11-17 09:37 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Macromedia
2013-11-17 09:37 - 2013-11-17 09:36 - 00000000 ____D C:\Users\Doug\AppData\Roaming\com.wd.WDMyCloud
2013-11-17 09:36 - 2013-11-17 09:36 - 00001153 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files\Bonjour
2013-11-17 09:35 - 2013-11-17 09:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-17 09:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 18:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-16 16:44 - 2013-06-14 18:02 - 00001413 _____ C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 16:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-15 08:07 - 2013-11-15 08:07 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 08:07 - 2013-11-15 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 08:07 - 2013-11-15 08:07 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-15 08:07 - 2013-11-15 08:07 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-15 08:07 - 2013-11-15 08:07 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-15 08:07 - 2013-11-15 08:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-15 08:07 - 2013-11-15 08:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-15 08:07 - 2013-11-15 08:07 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-15 08:07 - 2013-11-15 08:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-15 08:07 - 2013-11-15 08:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-15 08:07 - 2013-11-15 08:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-15 08:07 - 2013-11-15 08:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-15 08:07 - 2013-11-15 08:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 14:26 - 2013-11-13 14:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_winusb_01009.Wdf
2013-11-13 09:39 - 2013-11-13 09:39 - 00000000 ____D C:\Users\Public\Documents\sun
2013-11-13 09:38 - 2013-06-14 20:25 - 00064024 _____ C:\Users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-13 08:50 - 2009-07-13 20:45 - 00294568 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-13 08:27 - 2013-08-14 18:56 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-11-13 08:26 - 2013-11-13 08:26 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-13 08:21 - 2013-11-13 08:21 - 00000000 ____D C:\Users\Doug\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2013-11-13 08:21 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-13 08:07 - 2013-07-20 08:08 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 08:06 - 2013-06-14 18:31 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 15:16 - 2013-10-17 16:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-09 15:16 - 2013-10-17 16:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-09 15:16 - 2013-10-17 16:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-09 15:16 - 2013-06-21 09:29 - 00000000 ____D C:\Users\Doug\AppData\Local\Adobe
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-02 09:32 - 2013-11-02 09:32 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Oracle
2013-11-02 09:31 - 2013-11-02 09:31 - 00000000 ____D C:\ProgramData\Oracle
2013-11-02 09:28 - 2013-11-02 09:27 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-02 09:28 - 2013-07-01 12:40 - 00000000 ____D C:\Program Files (x86)\Java
 
Some content of TEMP:
====================
C:\Users\Doug\AppData\Local\Temp\BackupSetup.exe
C:\Users\Doug\AppData\Local\Temp\Quarantine.exe
C:\Users\Doug\AppData\Local\Temp\SpOrder.dll
C:\Users\Doug\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-30 19:16
 
==================== End Of Log ============================


#4 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 11:22 AM

And the second report...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Doug at 2013-12-02 08:16:24
Running from C:\Users\Doug\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
avast! Free Antivirus (x32 Version: 9.0.2008)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
CCleaner (Version: 4.04)
Complete Control Program (x32 Version: 1.00.000)
Digital DJ Pro 1.7.0 (x32 Version: 1.7.0)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
HiJackThis (x32 Version: 1.0.0)
HP ePrint (x32 Version: 6.0.12230.783)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8600 Help (x32 Version: 28.0.0)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0)
HP Postscript Converter (Version: 3.1.3591)
HP Product Detection (x32 Version: 11.15.0008)
HP Quick Launch Buttons (x32 Version: 6.50.14.1)
HP Unified IO (Version: 2.0.0.404)
HP Unified IO (x32 Version: 2.0.0.404)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Image Editor Packages (HKCU)
Intel® Management Engine Interface
Intel® Active Management Technology
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
LightScribe System Software (x32 Version: 1.18.27.10)
LightScribe Template Labeler (x32 Version: 1.18.27.10)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MyTomTom 3.2.0.1116 (x32 Version: 3.2.0.1116)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
QLBCASL (x32 Version: 6.40.17.2)
Revo Uninstaller 1.95 (x32 Version: 1.95)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
SoundMAX (x32 Version: 6.10.2.7255)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Update for Image Editor (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WD My Cloud (Version: 1.0.3.12)
WD Quick View (x32 Version: 2.2.1.6)
WD SmartWare (Version: 2.2.1.6)
WD SmartWare Installer (x32 Version: 2.2.1.6)
Yahoo! Toolbar (x32)
 
==================== Restore Points  =========================
 
01-12-2013 16:34:07 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A087E76-3CDC-46CB-8AD3-5D7067EABB92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.)
Task: {713923AB-8A80-401C-A013-9165BBD19E47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.)
Task: {828FFDD1-62F5-4048-A9F1-41BC068C9E27} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8D838534-2D84-45E6-B9CF-48FE56691877} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A092E09B-6396-4588-BE39-27170BF89FE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-09] (Adobe Systems Incorporated)
Task: {CCCBAA85-B3DF-4CD0-A4D6-8E900CA69D52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-22] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-02 08:05 - 2013-12-02 00:52 - 02150912 _____ () C:\Program Files\AVAST Software\Avast\defs\13120201\algo.dll
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-05-23 03:53 - 2013-05-23 03:53 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-05-23 03:53 - 2013-05-23 03:53 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-05-23 03:53 - 2013-05-23 03:53 - 00279480 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2013-01-16 10:58 - 2013-01-16 10:58 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-11-22 08:21 - 2013-11-22 08:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-25 13:12 - 2013-11-14 03:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-25 13:12 - 2013-11-14 03:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-25 13:12 - 2013-11-14 03:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-25 13:12 - 2013-11-14 03:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-25 13:12 - 2013-11-14 03:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2013 07:00:00 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (11/30/2013 06:28:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2013 06:18:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2013 02:54:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/26/2013 08:23:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/02/2013 08:05:41 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (12/01/2013 07:30:48 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (12/01/2013 06:56:50 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (12/01/2013 05:15:42 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WDMYCLOUD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B135E587-560C-4A7E-A572-2CC81086AAE8}.
The master browser is stopping or an election is being forced.
 
Error: (12/01/2013 05:14:30 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (12/01/2013 08:34:01 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (11/30/2013 06:27:09 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (11/30/2013 06:27:09 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (11/30/2013 06:17:31 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (11/30/2013 06:17:31 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
 
Microsoft Office Sessions:
=========================
Error: (12/01/2013 07:00:00 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (11/30/2013 06:28:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2013 06:18:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2013 02:54:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/26/2013 08:23:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-01 11:07:46.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 11:07:46.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 11:07:46.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-01 10:52:28.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-27 01:36:52.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8092.27 MB
Available physical RAM: 5722.9 MB
Total Pagefile: 16182.71 MB
Available Pagefile: 13700.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.87 GB) (Free:121 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=232 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1 GB) - (Type=0C)
 
==================== End Of Log ============================


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 02 December 2013 - 11:51 AM



Hello dfresh27

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 12:20 PM

AdwCleaner report......

 

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 09:14:37
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Doug - DOUG-PC
# Running from : C:\Users\Doug\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Level Quality Watcher
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\Windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2723 octets] - [25/11/2013 19:44:22]
AdwCleaner[R1].txt - [874 octets] - [25/11/2013 19:51:44]
AdwCleaner[R2].txt - [992 octets] - [25/11/2013 20:21:14]
AdwCleaner[R3].txt - [1051 octets] - [30/11/2013 18:14:59]
AdwCleaner[R4].txt - [1589 octets] - [02/12/2013 09:13:10]
AdwCleaner[S0].txt - [2756 octets] - [25/11/2013 19:45:56]
AdwCleaner[S1].txt - [934 octets] - [25/11/2013 19:53:03]
AdwCleaner[S2].txt - [1113 octets] - [30/11/2013 18:15:43]
AdwCleaner[S3].txt - [1526 octets] - [02/12/2013 09:14:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1586 octets] ##########


#7 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 12:32 PM

JRT report......I assume with nothing listed , it is a good sign.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Doug on Mon 12/02/2013 at  9:22:11.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/02/2013 at  9:28:43.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 02 December 2013 - 12:40 PM


Hello dfresh27

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 12:42 PM

Just tried surfing the web. It looks like the ad pop ups have been taken care of. Computers boot time time seems slow.  The hard drive light is solid for a long time after I log in.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 02 December 2013 - 12:48 PM

Hello

go ahead and run combofix for me and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 02:11 PM

Combofix report.....

I still see Scorpion Saver listed along with Adpeak and mobogenie

 

 ComboFix 13-12-01.01 - Doug 12/02/2013  10:48:31.2.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8092.6499 [GMT -8:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-02 to 2013-12-02  )))))))))))))))))))))))))))))))
.
.
2013-12-02 18:53 . 2013-12-02 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 16:15 . 2013-12-02 16:15 -------- d-----w- C:\FRST
2013-11-30 23:28 . 2013-11-30 23:29 -------- dc----w- c:\users\Doug\AppData\Local\MigWiz
2013-11-30 22:58 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F954B549-2AF2-4EBB-A903-D7D6EC1891A7}\mpengine.dll
2013-11-27 05:14 . 2013-11-27 05:14 -------- d-----w- c:\program files\ScorpionSaver Services
2013-11-26 16:27 . 2013-11-26 16:27 -------- d-----w- c:\program files\Western Digital
2013-11-26 03:56 . 2013-11-26 03:56 -------- d-----w- c:\windows\ERUNT
2013-11-26 03:44 . 2013-12-02 17:14 -------- d-----w- C:\AdwCleaner
2013-11-26 03:35 . 2013-11-26 03:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-11-25 22:41 . 2013-11-25 22:41 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-25 22:41 . 2013-11-25 22:41 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\.android
2013-11-25 21:51 . 2013-12-01 02:19 -------- d-----w- c:\users\Doug\AppData\Roaming\newnext.me
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\AppData\Local\genienext
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\AppData\Local\cache
2013-11-25 21:51 . 2013-11-25 22:12 -------- d-----w- c:\users\Doug\AppData\Local\Mobogenie
2013-11-25 05:23 . 2013-11-25 05:23 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-25 05:23 . 2013-11-25 05:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-24 20:16 . 2013-10-16 18:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-24 20:16 . 2013-10-16 18:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-23 00:38 . 2013-11-23 00:38 -------- d-----w- c:\users\Doug\AppData\Roaming\AutoDWG
2013-11-22 16:38 . 2013-11-22 16:38 -------- d-----w- c:\users\Doug\AppData\Roaming\AVAST Software
2013-11-17 19:48 . 2013-11-17 19:48 -------- d-----w- c:\users\Doug\AppData\Local\Western_Digital_Technolog
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\programdata\Western Digital
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\program files\Common Files\Western Digital
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2013-11-17 19:45 . 2013-11-26 16:29 -------- d-----w- c:\programdata\Package Cache
2013-11-17 17:36 . 2013-11-26 16:27 -------- d-----w- c:\program files (x86)\Western Digital
2013-11-17 17:36 . 2013-11-17 17:37 -------- d-----w- c:\users\Doug\AppData\Roaming\com.wd.WDMyCloud
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files\Bonjour Print Services
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files\Bonjour
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files (x86)\Bonjour
2013-11-17 02:58 . 2013-11-17 19:48 -------- d-----w- c:\users\Doug\AppData\Local\Western Digital
2013-11-17 02:12 . 2013-11-17 02:12 -------- d-----w- c:\users\Doug\AppData\Local\Diagnostics
2013-11-15 16:10 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-13 03:58 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 16:21 . 2013-06-18 22:47 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-22 16:21 . 2013-06-18 22:47 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-22 16:21 . 2013-06-18 22:47 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-22 16:21 . 2013-06-18 22:47 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-22 16:21 . 2013-06-18 22:47 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-22 16:21 . 2013-06-18 22:47 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 16:21 . 2013-06-18 22:47 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-22 16:21 . 2013-06-18 22:47 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-22 16:21 . 2013-06-18 22:47 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-22 16:21 . 2013-06-18 22:46 43152 ----a-w- c:\windows\avastSS.scr
2013-11-13 16:06 . 2013-06-15 02:31 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 13:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-09 23:16 . 2013-10-18 00:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 01:03 . 2013-10-23 01:03 198464 ----a-w- c:\windows\SysWow64\ftd2xx.dll
2013-10-23 01:03 . 2013-10-23 01:03 55112 ----a-w- c:\windows\system32\ftserui2.dll
2013-10-23 01:03 . 2013-10-23 01:03 85320 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2013-10-23 01:03 . 2013-10-23 01:03 72648 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2013-10-23 01:03 . 2013-10-23 01:03 232264 ----a-w- c:\windows\system32\ftd2xx.dll
2013-10-23 01:03 . 2013-10-23 01:03 211776 ----a-w- c:\windows\system32\FTLang.dll
2013-10-23 01:03 . 2013-10-23 01:03 64328 ----a-w- c:\windows\system32\ftcserco.dll
2013-10-23 01:03 . 2013-10-23 01:03 108872 ----a-w- c:\windows\system32\ftbusui.dll
2013-10-08 14:50 . 2013-11-02 17:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 02:30 . 2013-10-09 03:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 03:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 03:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 03:57 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 03:57 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 03:57 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 03:57 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 03:57 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 03:57 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 03:57 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2013-01-16 2736128]
"72AD97DCB79BDDC4647FC61DF7C654731EDCDE1C._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]
"GoogleChromeAutoLaunch_A462849BBECABE8223ECB2D0000483C0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-22 3568312]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\c1625e51-a4fb-4049-8ca7-8e4c15edaa9e.exe" [2013-11-24 180184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 URC_USB_SYNC_FW;URC USB Sync FW;c:\windows\system32\Drivers\URC_USB_SYNC_FW.sys;c:\windows\SYSNATIVE\Drivers\URC_USB_SYNC_FW.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdpeakProxy;AdpeakProxy;c:\program files\ScorpionSaver Services\AdpeakProxy.exe;c:\program files\ScorpionSaver Services\AdpeakProxy.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 19:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-25 21:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-18 23:16]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 04:25]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 04:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-22 16:21 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-02  10:55:44
ComboFix-quarantined-files.txt  2013-12-02 18:55
ComboFix2.txt  2013-12-02 17:58
.
Pre-Run: 134,196,326,400 bytes free
Post-Run: 134,134,292,480 bytes free
.
- - End Of File - - 505CCB7E4C71E6243E9F6951FFE349B5
A36C5E4F47E84449FF07ED3517B43A31


#12 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2013 - 03:56 PM

Still seeing banner ads and popup ads.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 02 December 2013 - 08:42 PM


Hello dfresh27

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\ScorpionSaver Services

File::
c:\windows\system32\AdpeakProxy64.dll
c:\windows\SysWow64\AdpeakProxy.dll


Driver::
AdpeakProxy
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 December 2013 - 07:37 PM

No problems updating the ComboFix.  I don't see the ScopionSaver ads. I am going to paste the ComboFix report here, but I would also like to post my HiJack This report as well.

 

ComboFix 13-12-01.01 - Doug 12/03/2013  16:14:05.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8092.6318 [GMT -8:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\system32\AdpeakProxy64.dll"
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ScorpionSaver Services
c:\program files\ScorpionSaver Services\AdpeakProxy.dll
c:\program files\ScorpionSaver Services\AdpeakProxy.exe
c:\program files\ScorpionSaver Services\AdpeakProxy64.dll
c:\program files\ScorpionSaver Services\AdpeakRegisterLSP.exe
c:\program files\ScorpionSaver Services\AdpeakRegisterLSP.ini
c:\program files\ScorpionSaver Services\AdpeakRegisterLSP64.exe
c:\program files\ScorpionSaver Services\Installbat.dll
c:\program files\ScorpionSaver Services\Installbat64.dll
c:\program files\ScorpionSaver Services\InstallDLL.dll
c:\program files\ScorpionSaver Services\InstallDLL64.dll
c:\program files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll
c:\program files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml
c:\program files\ScorpionSaver Services\PCProxyDLL.dll
c:\windows\system32\AdpeakProxy64.dll
c:\windows\SysWow64\AdpeakProxy.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdpeakProxy
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-04 to 2013-12-04  )))))))))))))))))))))))))))))))
.
.
2013-12-04 00:19 . 2013-12-04 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-03 17:44 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{358E97A2-5280-454C-B76B-0E91E7AB8F54}\mpengine.dll
2013-12-02 16:15 . 2013-12-02 16:15 -------- d-----w- C:\FRST
2013-11-30 23:28 . 2013-11-30 23:29 -------- dc----w- c:\users\Doug\AppData\Local\MigWiz
2013-11-26 16:27 . 2013-11-26 16:27 -------- d-----w- c:\program files\Western Digital
2013-11-26 03:56 . 2013-11-26 03:56 -------- d-----w- c:\windows\ERUNT
2013-11-26 03:44 . 2013-12-02 17:14 -------- d-----w- C:\AdwCleaner
2013-11-26 03:35 . 2013-11-26 03:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-11-25 22:41 . 2013-11-25 22:41 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-25 22:41 . 2013-11-25 22:41 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\.android
2013-11-25 21:51 . 2013-12-01 02:19 -------- d-----w- c:\users\Doug\AppData\Roaming\newnext.me
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\AppData\Local\genienext
2013-11-25 21:51 . 2013-11-25 21:51 -------- d-----w- c:\users\Doug\AppData\Local\cache
2013-11-25 21:51 . 2013-11-25 22:12 -------- d-----w- c:\users\Doug\AppData\Local\Mobogenie
2013-11-25 05:23 . 2013-11-25 05:23 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-25 05:23 . 2013-11-25 05:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-23 00:38 . 2013-11-23 00:38 -------- d-----w- c:\users\Doug\AppData\Roaming\AutoDWG
2013-11-22 16:38 . 2013-11-22 16:38 -------- d-----w- c:\users\Doug\AppData\Roaming\AVAST Software
2013-11-17 19:48 . 2013-11-17 19:48 -------- d-----w- c:\users\Doug\AppData\Local\Western_Digital_Technolog
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\programdata\Western Digital
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\program files\Common Files\Western Digital
2013-11-17 19:46 . 2013-11-26 16:27 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2013-11-17 19:45 . 2013-11-26 16:29 -------- d-----w- c:\programdata\Package Cache
2013-11-17 17:36 . 2013-11-26 16:27 -------- d-----w- c:\program files (x86)\Western Digital
2013-11-17 17:36 . 2013-11-17 17:37 -------- d-----w- c:\users\Doug\AppData\Roaming\com.wd.WDMyCloud
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files\Bonjour Print Services
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files\Bonjour
2013-11-17 17:35 . 2013-11-17 17:35 -------- d-----w- c:\program files (x86)\Bonjour
2013-11-17 02:58 . 2013-11-17 19:48 -------- d-----w- c:\users\Doug\AppData\Local\Western Digital
2013-11-17 02:12 . 2013-11-17 02:12 -------- d-----w- c:\users\Doug\AppData\Local\Diagnostics
2013-11-15 16:10 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-13 03:58 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 16:21 . 2013-06-18 22:47 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-22 16:21 . 2013-06-18 22:47 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-22 16:21 . 2013-06-18 22:47 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-22 16:21 . 2013-06-18 22:47 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-22 16:21 . 2013-06-18 22:47 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-22 16:21 . 2013-06-18 22:47 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 16:21 . 2013-06-18 22:47 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-22 16:21 . 2013-06-18 22:47 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-22 16:21 . 2013-06-18 22:47 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-22 16:21 . 2013-06-18 22:46 43152 ----a-w- c:\windows\avastSS.scr
2013-11-13 16:06 . 2013-06-15 02:31 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 13:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-09 23:16 . 2013-10-18 00:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 01:03 . 2013-10-23 01:03 198464 ----a-w- c:\windows\SysWow64\ftd2xx.dll
2013-10-23 01:03 . 2013-10-23 01:03 55112 ----a-w- c:\windows\system32\ftserui2.dll
2013-10-23 01:03 . 2013-10-23 01:03 85320 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2013-10-23 01:03 . 2013-10-23 01:03 72648 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2013-10-23 01:03 . 2013-10-23 01:03 232264 ----a-w- c:\windows\system32\ftd2xx.dll
2013-10-23 01:03 . 2013-10-23 01:03 211776 ----a-w- c:\windows\system32\FTLang.dll
2013-10-23 01:03 . 2013-10-23 01:03 64328 ----a-w- c:\windows\system32\ftcserco.dll
2013-10-23 01:03 . 2013-10-23 01:03 108872 ----a-w- c:\windows\system32\ftbusui.dll
2013-10-08 14:50 . 2013-11-02 17:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-08 02:30 . 2013-10-09 03:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 03:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 03:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2013-01-16 2736128]
"72AD97DCB79BDDC4647FC61DF7C654731EDCDE1C._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]
"GoogleChromeAutoLaunch_A462849BBECABE8223ECB2D0000483C0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-11-14 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-22 3568312]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\c1625e51-a4fb-4049-8ca7-8e4c15edaa9e.exe" [2013-11-24 180184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 URC_USB_SYNC_FW;URC USB Sync FW;c:\windows\system32\Drivers\URC_USB_SYNC_FW.sys;c:\windows\SYSNATIVE\Drivers\URC_USB_SYNC_FW.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 19:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-25 21:11 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-18 23:16]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 04:25]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 04:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-22 16:21 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-12-03  16:25:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-04 00:25
ComboFix2.txt  2013-12-02 18:55
ComboFix3.txt  2013-12-02 17:58
.
Pre-Run: 133,865,820,160 bytes free
Post-Run: 134,251,847,680 bytes free
.
- - End Of File - - A0D9A22E330A029B1266D1C558E693E7
A36C5E4F47E84449FF07ED3517B43A31


#15 dfresh27

dfresh27
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 December 2013 - 07:41 PM

Here is the HiJack This report.  Should I be concerned with all the entries that have missing files?

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:38:26 PM, on 12/3/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\c1625e51-a4fb-4049-8ca7-8e4c15edaa9e.exe /check
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN31AB3HTW05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [72AD97DCB79BDDC4647FC61DF7C654731EDCDE1C._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_A462849BBECABE8223ECB2D0000483C0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 8572 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users