Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please Help (I have adchoices and possibly more)


  • This topic is locked This topic is locked
15 replies to this topic

#1 zachisbest

zachisbest

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 10 August 2013 - 12:06 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:42 PM, on 8/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Zach\AppData\Local\DefineExt\temp.dat
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12682 bytes
 

 



BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 14 August 2013 - 01:47 AM

Hi, zachisbest! I'm going to try to help you out. :)

 

Before we get started, here's some things I need you to remember:

 


  • Please don't make any changes to your computer until I'm done helping you, without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I'm a human just like you, so I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!


Before we can do anything, I need you to run a program called DDS. HijackThis is outdated and has bugs that make it harder to properly analyze your PC, so I'll need to get more accurate information. :)

 

DDS

 

I need you to run DDS to get some information about your computer.

 

 

  • Download DDS from here, and save it to your desktop.

     

     

  • Double click DDS on your desktop to run it. Ensure the options for dds.txt and attach.txt are checked on the box that appears, and click Start.

     

     

  • Once the program is done scanning, copy and paste both reports that open up into your reply, one at a time.

 

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 18 August 2013 - 04:17 PM

sorry, I thought I posted this a week or so ago but I don't see it here.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2012 12:34:59 PM
System Uptime: 8/14/2013 8:23:11 PM (0 hours ago)
.
Motherboard: Acer |  | JM40_HR
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 382.379 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP197: 7/15/2013 12:35:49 PM - Windows Update
RP198: 7/18/2013 11:44:56 PM - Windows Update
RP199: 7/22/2013 12:34:32 AM - Windows Backup
RP200: 7/22/2013 11:17:04 AM - Windows Update
RP201: 7/23/2013 12:27:37 PM - Bing Ads Editor Prerequisites
RP202: 7/23/2013 12:30:42 PM - Bing Ads Editor Prerequisites
RP203: 7/26/2013 10:05:38 AM - Windows Update
RP204: 7/28/2013 7:00:21 PM - Windows Backup
RP205: 7/30/2013 8:10:44 PM - Windows Update
RP206: 8/3/2013 4:55:02 PM - Windows Update
RP207: 8/6/2013 11:58:07 PM - Windows Backup
RP208: 8/7/2013 12:17:35 AM - Windows Update
RP209: 8/9/2013 10:19:21 PM - Removed SofTest v11
RP210: 8/9/2013 10:34:36 PM - Installed HiJackThis
RP211: 8/10/2013 10:44:54 PM - Windows Update
RP212: 8/11/2013 7:00:10 PM - Windows Backup
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer PowerSmart Manager
Acer Updater
Acer USB Charge Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bing Ads Editor
Bing Ads Editor Prerequisites
Bonjour
Cisco Connect
Cisco WebEx Meetings
clear.fi
clear.fi Client
Conexant HD Audio
CutePDF Writer 3.0
D3DX10
Define Ext
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ETDWare PS/2-X64 8.0.6.3_WHQL
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GmailDefaultMaker
Google AdWords Editor
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 5.4.0.1082
HiJackThis
iCloud
Identity Card
ImgBurn
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
join.me
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Express LocalDB
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
NVIDIA Control Panel 267.21
NVIDIA Graphics Driver 267.21
NVIDIA Install Application
NVIDIA PhysX
PlayReady PC Runtime x86
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 5.10
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.5
WIDCOMM Bluetooth Software
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 9:51:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ExamsoftShieldService service to connect.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Zach at 20:33:36 on 2013-08-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.1785 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\DOLBY PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Zach\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Zach\AppData\Local\DefineExt\temp.dat
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6D5F2711-A0C0-4431-8D1E-50298B72A03B} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6D5F2711-A0C0-4431-8D1E-50298B72A03B}\2454C494E435B49523 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6D5F2711-A0C0-4431-8D1E-50298B72A03B}\34F6E66756E64796F6E66427565675966696 : DHCPNameServer = 216.136.95.2 64.132.94.250
TCP: Interfaces\{6D5F2711-A0C0-4431-8D1E-50298B72A03B}\35075616368697723702E4564777F627B60223031323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6D5F2711-A0C0-4431-8D1E-50298B72A03B}\3716665677169777966696 : DHCPNameServer = 10.1.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-2-15 25960]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-2-15 198784]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-12-5 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2012-2-15 799848]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-5 2425960]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-12-5 255376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-5 2656280]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-12-5 142632]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-5 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-5 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-5 339048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-2-15 620072]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-2-15 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-15 39976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-15 02:23:40 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64254703-2583-4D5A-8620-A1A7FD2689DF}\offreg.dll
2013-08-13 02:41:01 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64254703-2583-4D5A-8620-A1A7FD2689DF}\mpengine.dll
2013-08-11 04:45:30 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-10 04:35:05 388096 ----a-r- C:\Users\Zach\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-10 04:35:05 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-08-10 04:17:00 63160 ----a-w- C:\Users\Zach\AppData\Local\dpqs.exe
2013-08-10 04:17:00 -------- d-----w- C:\Users\Zach\AppData\Roaming\QuickScan
2013-08-10 04:16:59 2051696 ----a-w- C:\Users\Zach\AppData\Local\qs64.dll
2013-08-10 04:16:58 733224 ----a-w- C:\Users\Zach\AppData\Local\qs.dll
2013-08-10 04:16:46 -------- d-----w- C:\Program Files (x86)\Defender Pro Quick Scanner
2013-07-25 03:56:50 -------- d-----w- C:\Users\Zach\AppData\Local\DefineExt
2013-07-17 03:56:15 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A11B581B-4F44-4757-93FB-29FC2C306BB4}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-06-24 04:10:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 04:10:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 04:10:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 02:04:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 02:04:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 01:06:41 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 20:34:04.15 ===============
 



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 20 August 2013 - 06:34 PM

Hi,
 
Ok, that's better. Now that I have more information, it's time to start fixing some things. I'll also be having you run two more scans to get a deeper look at your system. :)
 
AdwCleaner

I need you to run AdwCleaner to see if it removes anything.
  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.
Malwarebytes Anti-Rootkit
 
I need you to run a scan with MBAR.
  • Download MBAR from here, and save it to your desktop.
  • Double click the file to run it. When prompted on where to extract the program to, simply proceed with the default option. Once it's done, it should open the main window on its own.
  • On the main window, click Next, then Update. Wait for MBAR to finish updating, then click Next again. Make sure all the boxes are checked on the next screen, then click Scan and wait for it to finish.
  • When it's finished, don't fix anything, simply exit the program. In the mbar folder on your desktop, you'll find two logs, system-log.txt and mbar-log-<date program was run>.txt, please copy and paste them into your reply one by one.
Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.
  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Say Yes on the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and addition.txt. Please copy and paste both into your reply, one at a time.
Please tell me how your PC is running in your next reply.
 
Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 21 August 2013 - 11:56 PM

Thanks. My computer is still having problems. Ads appearing in strange places and popping up at strange times. Also notifications from browser that something has been blocked.

 

# AdwCleaner v3.000 - Report created 21/08/2013 at 22:20:13
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zach - ZACH-PC
# Running from : C:\Users\Zach\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Zach\AppData\Local\Conduit
Folder Deleted : C:\Users\Zach\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Smartbar
Folder Deleted : C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\END
File Deleted : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v

[ File : C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\prefs.js ]

Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376106696692,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=1A5A34BB-523C-4637-8BA2-9FFCFF3C572A&n=77fc8df7&p2=^ZO^xdm036^YY^us&si=EL_UTUS_20");
Line Deleted : user_pref("smartbar.machineId", "AZW9V8FFH1PAX+C+1D2PBMKUSS14YY4A7Y+RR7956RXIUEWPUDV1SN6F/FYAMIOESUR1R4ID3MN2E5WXSLILMG");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3009 octets] - [21/08/2013 22:18:27]
AdwCleaner[R1].txt - [3069 octets] - [21/08/2013 22:19:29]
AdwCleaner[S0].txt - [2792 octets] - [21/08/2013 22:20:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2852 octets] ##########

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4139630592, free: 2537435136

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4139630592, free: 2133831680

Downloaded database version: v2013.08.22.01
Initializing...
------------ Kernel report ------------
     08/21/2013 22:25:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\drivers\nusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\drivers\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\lpk.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007596060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80050e2050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007596060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007596b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007596060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80050e2050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 74F0B568

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31457280

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128  Numsec = 945106944

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: c:\Users\Zach\AppData\Local\dpqs.exe --> [Trojan.Agent]
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Zach :: ZACH-PC [administrator]

8/21/2013 10:25:49 PM
mbar-log-2013-08-21 (22-25-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 253776
Time elapsed: 14 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Zach\AppData\Local\dpqs.exe (Trojan.Agent) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by Zach (administrator) on 21-08-2013 22:51:28
Running from C:\Users\Zach\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google) C:\Users\Zach\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [QuickScanner] - C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe [14483800 2013-03-21] (Defender Pro)
MountPoints2: {8ad2a367-b85f-11e2-9999-dc0ea12599df} - E:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {f669fd23-579e-11e1-a174-806e6f6e6963} - D:\autoplay.exe /CD
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tw.msn.com/?rd=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Zach\AppData\Local\DefineExt\temp.dat ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default
FF Homepage: hxxp://google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Zach\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zach\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zach\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF Extension: No Name - C:\Users\Zach\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
FF Extension: Define Ext - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Extensions\gystqfr@ylgga.com
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Define Ext) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0
CHR Extension: (Gmail) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
U4 mbamswissarmy;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-21 22:50 - 2013-08-21 22:50 - 01576476 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2013-08-21 22:25 - 2013-08-21 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 22:24 - 2013-08-21 22:42 - 00000000 ____D C:\Users\Zach\Desktop\mbar
2013-08-21 22:23 - 2013-08-21 22:24 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Zach\Downloads\mbar-1.06.1.1005.exe
2013-08-21 22:22 - 2013-08-21 22:22 - 00002932 _____ C:\Users\Zach\Desktop\AdwCleaner[S0].txt
2013-08-21 22:17 - 2013-08-21 22:20 - 00000000 ____D C:\AdwCleaner
2013-08-21 22:16 - 2013-08-21 22:16 - 00975858 _____ C:\Users\Zach\Desktop\adwcleaner.exe
2013-08-18 15:35 - 2013-08-18 15:35 - 00003116 _____ C:\Windows\System32\Tasks\{B40C1398-EC72-40AE-A86C-594114E42BD7}
2013-08-18 15:34 - 2013-08-18 15:34 - 01595740 _____ () C:\Users\Zach\Downloads\USBDRVEN.EXE
2013-08-18 15:34 - 2013-08-18 15:34 - 00000000 ____D C:\Users\Zach\Downloads\Sony_usb
2013-08-14 21:22 - 2013-07-25 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 21:22 - 2013-07-25 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 21:22 - 2013-07-25 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 21:22 - 2013-07-25 23:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 21:22 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 21:22 - 2013-07-25 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 21:22 - 2013-07-25 21:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 21:22 - 2013-07-25 21:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 21:22 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 21:22 - 2013-07-25 21:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 21:22 - 2013-07-25 20:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 21:22 - 2013-07-25 20:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 21:22 - 2013-07-25 19:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 21:21 - 2013-07-25 23:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 21:21 - 2013-07-25 23:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 21:21 - 2013-07-25 21:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 21:21 - 2013-07-25 21:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 21:16 - 2013-08-14 21:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:37 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:37 - 2013-07-08 23:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:37 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:37 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 20:37 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 20:37 - 2013-07-08 22:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 20:37 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 20:37 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 20:36 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 20:36 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 20:36 - 2013-07-18 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:36 - 2013-07-18 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 20:36 - 2013-07-09 00:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:36 - 2013-07-08 23:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:36 - 2013-07-08 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 20:36 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:36 - 2013-07-08 23:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 20:36 - 2013-07-08 23:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 20:36 - 2013-07-08 22:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 20:36 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 20:36 - 2013-07-08 22:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 20:36 - 2013-07-08 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 20:36 - 2013-07-08 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 20:36 - 2013-07-08 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 20:36 - 2013-07-08 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 20:36 - 2013-07-06 00:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:36 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 20:34 - 2013-08-14 20:34 - 00017799 _____ C:\Users\Zach\Desktop\dds.txt
2013-08-14 20:34 - 2013-08-14 20:34 - 00010237 _____ C:\Users\Zach\Desktop\attach.txt
2013-08-13 22:57 - 2013-08-13 22:57 - 00001430 _____ C:\Users\Zach\Desktop\Internet Explorer.lnk
2013-08-13 20:04 - 2013-08-13 20:05 - 00000000 ____D C:\Users\Zach\Desktop\New folder
2013-08-11 00:54 - 2013-08-11 00:54 - 04476508 _____ C:\Users\Zach\Downloads\wordpress-3.6.zip
2013-08-09 22:17 - 2013-08-09 22:17 - 00063160 _____ C:\Users\Zach\AppData\Local\dpqs.exe
2013-08-09 22:17 - 2013-08-09 22:17 - 00015404 _____ C:\quickscan.txt
2013-08-09 22:17 - 2013-08-09 22:17 - 00001004 _____ C:\quickscan.xml
2013-08-09 22:17 - 2013-08-09 22:17 - 00000000 ____D C:\Users\Zach\AppData\Roaming\QuickScan
2013-08-09 22:16 - 2013-08-09 22:18 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-09 22:16 - 2013-08-09 22:17 - 02051696 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs64.dll
2013-08-09 22:16 - 2013-08-09 22:16 - 00733224 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs.dll
2013-08-03 16:46 - 2013-08-03 16:46 - 00000000 ____D C:\Users\Zach\Desktop\Bruce's Magic Jump Drive
2013-07-24 21:57 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
2013-07-24 21:56 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Local\DefineExt
2013-07-23 12:34 - 2013-07-23 12:34 - 00002217 _____ C:\Users\Zach\Desktop\Bing Ads Editor 9.8.lnk
2013-07-23 12:34 - 2013-07-23 12:34 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Ads Editor

==================== One Month Modified Files and Folders =======

2013-08-21 22:50 - 2013-08-21 22:50 - 01576476 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2013-08-21 22:42 - 2013-08-21 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 22:42 - 2013-08-21 22:24 - 00000000 ____D C:\Users\Zach\Desktop\mbar
2013-08-21 22:29 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 22:29 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 22:25 - 2012-02-15 00:42 - 02080504 _____ C:\Windows\WindowsUpdate.log
2013-08-21 22:24 - 2013-08-21 22:23 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Zach\Downloads\mbar-1.06.1.1005.exe
2013-08-21 22:24 - 2012-06-16 17:32 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000UA.job
2013-08-21 22:22 - 2013-08-21 22:22 - 00002932 _____ C:\Users\Zach\Desktop\AdwCleaner[S0].txt
2013-08-21 22:22 - 2012-05-23 12:40 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-21 22:21 - 2013-07-09 16:58 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-21 22:21 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 22:21 - 2009-07-13 22:51 - 00077043 _____ C:\Windows\setupact.log
2013-08-21 22:20 - 2013-08-21 22:17 - 00000000 ____D C:\AdwCleaner
2013-08-21 22:16 - 2013-08-21 22:16 - 00975858 _____ C:\Users\Zach\Desktop\adwcleaner.exe
2013-08-21 22:08 - 2013-07-09 16:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-21 22:04 - 2012-05-27 22:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 19:04 - 2012-05-27 22:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 19:04 - 2012-05-24 22:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 19:04 - 2011-12-05 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 18:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 18:24 - 2012-06-16 17:32 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000Core.job
2013-08-21 18:10 - 2013-07-09 16:59 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-21 17:41 - 2012-06-16 17:31 - 00000000 ____D C:\Users\Zach\AppData\Local\Deployment
2013-08-21 17:36 - 2012-11-10 11:21 - 00000000 ____D C:\Users\Zach\AppData\Local\join.me
2013-08-21 17:10 - 2009-07-13 23:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 15:35 - 2013-08-18 15:35 - 00003116 _____ C:\Windows\System32\Tasks\{B40C1398-EC72-40AE-A86C-594114E42BD7}
2013-08-18 15:34 - 2013-08-18 15:34 - 01595740 _____ () C:\Users\Zach\Downloads\USBDRVEN.EXE
2013-08-18 15:34 - 2013-08-18 15:34 - 00000000 ____D C:\Users\Zach\Downloads\Sony_usb
2013-08-18 12:04 - 2011-12-05 23:35 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-18 12:02 - 2011-12-05 23:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-18 12:02 - 2011-12-05 23:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-14 21:18 - 2013-08-14 21:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:16 - 2011-12-05 23:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 20:34 - 2013-08-14 20:34 - 00017799 _____ C:\Users\Zach\Desktop\dds.txt
2013-08-14 20:34 - 2013-08-14 20:34 - 00010237 _____ C:\Users\Zach\Desktop\attach.txt
2013-08-14 20:23 - 2013-06-05 13:15 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2013-08-13 23:06 - 2010-11-20 21:47 - 00047226 _____ C:\Windows\PFRO.log
2013-08-13 22:57 - 2013-08-13 22:57 - 00001430 _____ C:\Users\Zach\Desktop\Internet Explorer.lnk
2013-08-13 22:55 - 2013-07-05 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 22:02 - 2012-06-21 23:16 - 00000000 ____D C:\Users\Zach\AppData\Local\BEFA5F4F-AD05-4A7C-9FF9-6048AFE52D0F.aplzod
2013-08-13 20:05 - 2013-08-13 20:04 - 00000000 ____D C:\Users\Zach\Desktop\New folder
2013-08-11 00:54 - 2013-08-11 00:54 - 04476508 _____ C:\Users\Zach\Downloads\wordpress-3.6.zip
2013-08-09 22:36 - 2012-05-23 12:35 - 00000000 ____D C:\Users\Zach\AppData\Local\VirtualStore
2013-08-09 22:18 - 2013-08-09 22:16 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-09 22:17 - 2013-08-09 22:17 - 00063160 _____ C:\Users\Zach\AppData\Local\dpqs.exe
2013-08-09 22:17 - 2013-08-09 22:17 - 00015404 _____ C:\quickscan.txt
2013-08-09 22:17 - 2013-08-09 22:17 - 00001004 _____ C:\quickscan.xml
2013-08-09 22:17 - 2013-08-09 22:17 - 00000000 ____D C:\Users\Zach\AppData\Roaming\QuickScan
2013-08-09 22:17 - 2013-08-09 22:16 - 02051696 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs64.dll
2013-08-09 22:16 - 2013-08-09 22:16 - 00733224 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs.dll
2013-08-03 16:46 - 2013-08-03 16:46 - 00000000 ____D C:\Users\Zach\Desktop\Bruce's Magic Jump Drive
2013-08-03 16:44 - 2009-07-13 23:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-30 16:59 - 2012-09-01 13:00 - 00000000 ____D C:\Users\Zach\AppData\Local\CutePDF Writer
2013-07-30 16:55 - 2013-06-24 18:35 - 00000000 ____D C:\ProgramData\SofTest
2013-07-25 23:13 - 2013-08-14 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 23:13 - 2013-08-14 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 23:13 - 2013-08-14 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 23:12 - 2013-08-14 21:22 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 23:12 - 2013-08-14 21:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 23:12 - 2013-08-14 21:21 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 23:12 - 2013-08-14 21:21 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 21:35 - 2013-08-14 21:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 21:13 - 2013-08-14 21:22 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 21:13 - 2013-08-14 21:22 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 21:12 - 2013-08-14 21:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 21:12 - 2013-08-14 21:21 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 21:11 - 2013-08-14 21:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 21:11 - 2013-08-14 21:21 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:49 - 2013-08-14 21:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 20:39 - 2013-08-14 21:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 19:59 - 2013-08-14 21:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 03:25 - 2013-08-14 20:36 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 02:57 - 2013-08-14 20:36 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 21:57 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
2013-07-24 21:57 - 2013-07-24 21:56 - 00000000 ____D C:\Users\Zach\AppData\Local\DefineExt
2013-07-23 12:34 - 2013-07-23 12:34 - 00002217 _____ C:\Users\Zach\Desktop\Bing Ads Editor 9.8.lnk
2013-07-23 12:34 - 2013-07-23 12:34 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Ads Editor
2013-07-23 12:34 - 2012-10-03 16:49 - 00000000 ____D C:\Users\Zach\AppData\Local\Bing Ads Editor
2013-07-23 12:34 - 2012-07-20 23:15 - 00000000 ____D C:\Users\Zach\AppData\Local\Package Cache
2013-07-23 12:30 - 2012-10-03 16:50 - 00000000 ____D C:\ProgramData\Package Cache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-21 18:36

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by Zach at 2013-08-21 22:51:57
Running from C:\Users\Zach\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
Acer Crystal Eye Webcam (x32 Version: 1.0.1904)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer PowerSmart Manager (x32 Version: 6.01.3002)
Acer Updater (x32 Version: 1.02.3500)
Acer USB Charge Manager (x32 Version: 1.00.3001)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
Bing Ads Editor (HKCU Version: 9.8.14311.0)
Bing Ads Editor (x32 Version: 9.8.14311.0)
Bing Ads Editor Prerequisites (x32 Version: 9.7.13234.0)
Bonjour (Version: 3.0.0.10)
Cisco Connect (x32 Version: 1.4.11350.0)
Cisco WebEx Meetings (HKCU)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2228.00)
clear.fi (x32 Version: 9.0.8228)
clear.fi Client (x32 Version: 1.00.3500)
CutePDF Writer 3.0
D3DX10 (x32 Version: 15.4.2368.0902)
Define Ext (HKCU Version: 8)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
exant HD Audio (Version: 8.54.17.51)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GmailDefaultMaker (x32 Version: 2.0)
Google AdWords Editor (x32 Version: 10.1.0)
Google Chrome (x32 Version: 29.0.1547.57)
Google Talk Plugin (x32 Version: 4.4.2.14502)
Google Update Helper (x32 Version: 1.3.21.153)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
iCloud (Version: 2.1.2.8)
Identity Card (x32 Version: 1.00.3501)
ImgBurn (x32 Version: 2.5.7.0)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2418)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® WiDi (x32 Version: 2.1.41.0)
Intel® Wireless Display
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.1 (x32 Version: 2.1.1)
join.me (HKCU Version: 1.10.1.253)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2318.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
NVIDIA Control Panel 267.21 (Version: 267.21)
NVIDIA Graphics Driver 267.21 (Version: 267.21)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.85)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VLC media player 2.0.5 (x32 Version: 2.0.5)
WIDCOMM Bluetooth Software (Version: 6.5.0.2200)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.07.1404.01)
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

==================== Restore Points  =========================

11-08-2013 04:44:54 Windows Update
12-08-2013 01:00:10 Windows Backup
15-08-2013 02:37:12 Windows Update
15-08-2013 03:15:35 Windows Update
18-08-2013 18:00:33 Windows Update
19-08-2013 02:23:30 Windows Backup
21-08-2013 23:19:27 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0530F282-344B-4E4D-AC6F-4E9E324BBCA1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0712E88F-29EC-4E47-986E-316F534DC33F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {2518CA86-F542-4E36-9C2C-70073CB6B6B7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3148971909-2120683883-1237405719-1000
Task: {3B5FFDD8-7174-4DD0-9747-FBAC18280170} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated)
Task: {431015D7-9280-4716-B775-E2B2E7FB999A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {43CB3FF4-1DFA-481D-8324-02AFA56A590C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5369348B-D263-4841-AD1A-B66D696038D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000UA => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {538B09D5-0FC2-4605-A3B3-0E649496AB7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {6895EAB7-BEF1-4774-921A-542C17E80424} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {6A4517BC-D979-408B-802B-47E1CB0AC5A3} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-28] (CyberLink Corp.)
Task: {A6F4324D-CE61-4353-A1E3-889376B37B3C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-28] (CyberLink)
Task: {A8CB3767-9F28-4CE0-8985-6825F458556D} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {B80B719F-8DD5-4603-88F2-FA9E0A934A8A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {CA3BA71C-5974-4725-93FE-BB83F7BA5B15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000Core => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {DB63AD5C-2985-45F1-BD4B-AFCCD818DBC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {E365DAD8-DD7F-4C49-A1BB-CCADF1C3B0AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000Core.job => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000UA.job => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2013 10:22:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 10:14:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: IEFRAME.dll, version: 10.0.9200.16660, time stamp: 0x51f1c8bc
Exception code: 0xc0000005
Fault offset: 0x001f67e9
Faulting process id: 0xefc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2013 09:21:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: IEFRAME.dll, version: 10.0.9200.16660, time stamp: 0x51f1c8bc
Exception code: 0xc0000005
Fault offset: 0x001f67e9
Faulting process id: 0x92c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2013 09:21:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: IEFRAME.dll, version: 10.0.9200.16660, time stamp: 0x51f1c8bc
Exception code: 0xc0000005
Fault offset: 0x001f67e9
Faulting process id: 0x1508
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10421

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10421

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 05:46:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660, time stamp: 0x51f1c5f3
Faulting module name: IEFRAME.dll, version: 10.0.9200.16660, time stamp: 0x51f1c8bc
Exception code: 0xc0000005
Fault offset: 0x001f67e9
Faulting process id: 0x12c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2013 05:09:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 06:26:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/21/2013 06:18:38 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/10/2013 10:35:06 PM) (Source: DCOM) (User: )
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/09/2013 09:51:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ExamsoftShieldService service to connect.

Error: (07/30/2013 08:29:24 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JICHLINSKI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6D5F2711-A0C0-4431-8D1E-50298B72A03B}.
The master browser is stopping or an election is being forced.

Error: (07/30/2013 04:55:47 PM) (Source: Service Control Manager) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 5 time(s).

Error: (07/30/2013 04:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 4 time(s).

Error: (07/30/2013 04:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/30/2013 03:08:13 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1062

Error: (07/30/2013 01:34:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.155.982.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.2.0223.00

 Source Path: 4.2.0223.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/30/2013 00:19:35 PM) (Source: Service Control Manager) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 2 time(s).

Microsoft Office Sessions:
=========================
Error: (08/21/2013 10:22:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 10:14:45 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3IEFRAME.dll10.0.9200.1666051f1c8bcc0000005001f67e9efc01ce9eea3cb9e114C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dll601bb0a2-0ae1-11e3-aaf5-dc0ea12599df

Error: (08/21/2013 09:21:41 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3IEFRAME.dll10.0.9200.1666051f1c8bcc0000005001f67e992c01ce9ee3b57e6bf4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dllf63587d6-0ad9-11e3-aaf5-dc0ea12599df

Error: (08/21/2013 09:21:40 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3IEFRAME.dll10.0.9200.1666051f1c8bcc0000005001f67e9150801ce9ee551363bf2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dllf59f9125-0ad9-11e3-aaf5-dc0ea12599df

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10421

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10421

Error: (08/21/2013 07:13:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 05:46:09 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3IEFRAME.dll10.0.9200.1666051f1c8bcc0000005001f67e912c801ce9ec3a78c8575C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dllda596485-0abb-11e3-aaf5-dc0ea12599df

Error: (08/21/2013 05:09:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2013 06:26:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3947.86 MB
Available physical RAM: 2133.84 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5996.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.66 GB) (Free:382.07 GB) NTFS
Drive d: (DataDVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 74F0B568)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 23 August 2013 - 10:21 PM

Hi,

 

AdwCleaner got rid of some stuff, but I'm gonna have you run FRST to fix things, which should hopefully improve your performance.

 

Farbar Recovery Scan Tool

 

I need you to run a fix with FRST.

 

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:

    HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
    HKCU\...\Run: [QuickScanner] - C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe [14483800 2013-03-21] (Defender Pro)
    URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Zach\AppData\Local\DefineExt\temp.dat ()
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    2013-08-09 22:17 - 2013-08-09 22:17 - 00063160 _____ C:\Users\Zach\AppData\Local\dpqs.exe
    2013-08-09 22:17 - 2013-08-09 22:17 - 00015404 _____ C:\quickscan.txt
    2013-08-09 22:17 - 2013-08-09 22:17 - 00001004 _____ C:\quickscan.xml
    2013-08-09 22:17 - 2013-08-09 22:17 - 00000000 ____D C:\Users\Zach\AppData\Roaming\QuickScan
    2013-08-09 22:16 - 2013-08-09 22:18 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
    2013-08-09 22:16 - 2013-08-09 22:17 - 02051696 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs64.dll
    2013-08-09 22:16 - 2013-08-09 22:16 - 00733224 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs.dll
    2013-07-24 21:57 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
    2013-07-24 21:56 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Local\DefineExt
    2013-08-13 22:02 - 2012-06-21 23:16 - 00000000 ____D C:\Users\Zach\AppData\Local\BEFA5F4F-AD05-4A7C-9FF9-6048AFE52D0F.aplzod

    Save it to the same location as FRST as fixlist.txt.

     

  • Open up FRST, and click the Fix button.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

 

Please tell me how your PC is running in your next reply, and if you're still getting notifications from your browser that something's being blocked, please try to tell me the exact message (and I'll need to know which browser, too!)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 25 August 2013 - 12:40 PM

This made a real difference. After a reboot I am no longer getting Ads on Wikipedia strange pop ups or IE certificate error messages. I will update you shortly to confirm that no other problems are still persisting. here is fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2013 02
Ran by Zach at 2013-08-25 10:33:11 Run:1
Running from C:\Users\Zach\Desktop\Logs
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [QuickScanner] - C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe [14483800 2013-03-21] (Defender Pro)
URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} -  No File
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Zach\AppData\Local\DefineExt\temp.dat ()
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
2013-08-09 22:17 - 2013-08-09 22:17 - 00063160 _____ C:\Users\Zach\AppData\Local\dpqs.exe
2013-08-09 22:17 - 2013-08-09 22:17
- 00015404 _____ C:\quickscan.txt
2013-08-09 22:17 - 2013-08-09 22:17 - 00001004 _____ C:\quickscan.xml
2013-08-09 22:17 - 2013-08-09 22:17 - 00000000 ____D C:\Users\Zach\AppData\Roaming\QuickScan
2013-08-09 22:16 - 2013-08-09 22:18 - 00000000 ____D C:\Program Files (x86)\Defender Pro Quick Scanner
2013-08-09 22:16 - 2013-08-09 22:17 - 02051696 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs64.dll
2013-08-09 22:16 - 2013-08-09 22:16 - 00733224 _____ (Bitdefender SRL) C:\Users\Zach\AppData\Local\qs.dll
2013-07-24 21:57 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
2013-07-24 21:56 - 2013-07-24 21:57 - 00000000 ____D C:\Users\Zach\AppData\Local\DefineExt
2013-08-13 22:02 - 2012-06-21 23:16 - 00000000 ____D C:\Users\Zach\AppData\Local\BEFA5F4F-AD05-4A7C-9FF9-6048AFE52D0F.aplzod
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\QuickScanner => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Value deleted successfully.
HKCR\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Value deleted successfully.
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Zach\AppData\Local\dpqs.exe => Moved successfully.
"2013-08-09 22:17 - 2013-08-09 22:17" => File/Directory not found.
C:\quickscan.xml => Moved successfully.
C:\Users\Zach\AppData\Roaming\QuickScan => Moved successfully.
C:\Program Files (x86)\Defender Pro Quick Scanner => Moved successfully.
C:\Users\Zach\AppData\Local\qs64.dll => Moved successfully.
C:\Users\Zach\AppData\Local\qs.dll => Moved successfully.
C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext => Moved successfully.
C:\Users\Zach\AppData\Local\DefineExt => Moved successfully.
C:\Users\Zach\AppData\Local\BEFA5F4F-AD05-4A7C-9FF9-6048AFE52D0F.aplzod => Moved successfully.

==== End of Fixlog ====



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 26 August 2013 - 06:17 AM

Hi,

 

Great to hear things are running better! :thumbup2: We've still got a bit of work to do, but things should be easier from here on out.

 

Can you please navigate to your C: drive and delete the quickscan.txt file there? Something went wrong while trying to get rid of it with that last script, so I'm having you delete it manually.

 

Additionally, I'm going to have you run a precautionary scan with Malwarebytes Anti-Malware to ensure nothing is left. :)

 

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.
 

  • Download MBAM from here, and save it to your desktop.
  • Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.
  • Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

 

Please tell me how your PC's running in your next reply.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 26 August 2013 - 05:15 PM

There were 2 item in the logs tab so I copied and pasted both of them. Can I delete some of the old logs we generated that are now notepad files on my desktop. What about some of the software we have been installing? Thanks for everything so far. Computer running better after each fix.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Zach :: ZACH-PC [administrator]

Protection: Enabled

8/26/2013 1:51:18 PM
mbam-log-2013-08-26 (13-51-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359922
Time elapsed: 51 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\FRST\Quarantine\dpqs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Zach\AppData\Local\Temp\EZtpjf12.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Zach\AppData\Local\Temp\M6kgpD8s.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Zach\AppData\Local\Temp\uIUrs7oU.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Zach\Documents\Downloads\GamesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.

(end)

 

 

2013/08/26 13:50:16 -0700 ZACH-PC Zach MESSAGE Starting protection
2013/08/26 13:50:16 -0700 ZACH-PC Zach MESSAGE Protection started successfully
2013/08/26 13:50:16 -0700 ZACH-PC Zach MESSAGE Starting IP protection
2013/08/26 13:50:29 -0700 ZACH-PC Zach MESSAGE IP Protection started successfully
2013/08/26 13:50:42 -0700 ZACH-PC Zach MESSAGE Starting database refresh
2013/08/26 13:50:42 -0700 ZACH-PC Zach MESSAGE Stopping IP protection
2013/08/26 13:50:43 -0700 ZACH-PC Zach MESSAGE IP Protection stopped successfully
2013/08/26 13:50:45 -0700 ZACH-PC Zach MESSAGE Database refreshed successfully
2013/08/26 13:50:46 -0700 ZACH-PC Zach MESSAGE Starting IP protection
2013/08/26 13:50:47 -0700 ZACH-PC Zach MESSAGE IP Protection started successfully
2013/08/26 14:04:25 -0700 ZACH-PC Zach MESSAGE Executing scheduled update:  Daily
2013/08/26 14:04:26 -0700 ZACH-PC Zach MESSAGE Database already up-to-date
2013/08/26 15:08:38 -0700 ZACH-PC Zach MESSAGE Starting protection
2013/08/26 15:08:38 -0700 ZACH-PC Zach MESSAGE Protection started successfully
2013/08/26 15:08:38 -0700 ZACH-PC Zach MESSAGE Starting IP protection
2013/08/26 15:08:51 -0700 ZACH-PC Zach MESSAGE IP Protection started successfully
 



#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 27 August 2013 - 02:55 AM

Hi,

 

We will be getting to deleting the tools we used that you don't need anymore very shortly, I just need to make sure everything is clean before doing so, since we might have to use them if there's something still wrong. :)

 

For now, I'm gonna have you uninstall Adobe Reader and update it, because the outdated version has security and bug problems fixed in the most recent update.

 

Uninstall Programs

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

If you want to use Programs and Features:
 

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader X (10.1.7)

    by clicking Change/Remove.

Note: If you have any problems uninstalling a program using Programs/Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):



  • Download Revo from here, and save it to your desktop.
  • Double-click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader X (10.1.7)
  • Double-click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check only the bolded items. If there is a closed folder visible, click the + to expand it until you find the bolded item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too. Repeat this with the other programs to uninstall.

 

Adobe Reader

I need you to install the latest version of Adobe Reader. Your old version was outdated, and new versions have security and bug fixes that older versions didn't, so you need to update.
 

  • Download Reader from here, and save it to your desktop.
  • Double-click the installer to start the installation. Feel free to uncheck to install third-party toolbars or software, as they aren't required for the Adobe Reader installation. Otherwise, follow the prompts and let the program install.

 

Finally, I need you to run one last scan with FRST to make sure nothing is left. Please rerun the scan, but you should only have one log file to copy this time. :)

 

Let me know if your PC is still running well.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 27 August 2013 - 06:50 PM

everything seems good to me.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Zach (administrator) on 27-08-2013 16:47:54
Running from C:\Users\Zach\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Google) C:\Users\Zach\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
MountPoints2: {8ad2a367-b85f-11e2-9999-dc0ea12599df} - E:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {f669fd23-579e-11e1-a174-806e6f6e6963} - D:\autoplay.exe /CD
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tw.msn.com/?rd=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default
FF Homepage: hxxp://google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Zach\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zach\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zach\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\searchplugins\utorrentcontrolv2-customized-web-search.xml
FF Extension: No Name - C:\Users\Zach\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
FF Extension: Define Ext - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Extensions\gystqfr@ylgga.com
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.79) - C:\Users\Zach\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Zach\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-27 16:43 - 2013-08-27 16:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-26 17:35 - 2013-08-26 17:35 - 00000000 ____D C:\Users\Zach\Desktop\Memos
2013-08-26 13:50 - 2013-08-26 13:50 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-26 13:50 - 2013-08-26 13:50 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
2013-08-26 13:49 - 2013-08-26 13:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 13:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-26 13:48 - 2013-08-26 13:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Zach\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-22 19:08 - 2013-08-22 19:08 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files\iPod
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-21 21:51 - 2013-08-21 21:51 - 00000000 ____D C:\FRST
2013-08-21 21:25 - 2013-08-21 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 21:25 - 2013-08-21 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 21:24 - 2013-08-21 21:42 - 00000000 ____D C:\Users\Zach\Desktop\mbar
2013-08-21 21:23 - 2013-08-21 21:24 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Zach\Downloads\mbar-1.06.1.1005.exe
2013-08-21 21:17 - 2013-08-21 21:20 - 00000000 ____D C:\AdwCleaner
2013-08-21 21:16 - 2013-08-21 21:16 - 00975858 _____ C:\Users\Zach\Desktop\adwcleaner.exe
2013-08-18 14:35 - 2013-08-18 14:35 - 00003116 _____ C:\Windows\System32\Tasks\{B40C1398-EC72-40AE-A86C-594114E42BD7}
2013-08-18 14:34 - 2013-08-18 14:34 - 01595740 _____ () C:\Users\Zach\Downloads\USBDRVEN.EXE
2013-08-14 20:22 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:22 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:22 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:22 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:22 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:22 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:22 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:22 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:22 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:22 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:22 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:22 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:22 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 20:21 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:21 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:21 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:21 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:16 - 2013-08-14 20:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:37 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 19:37 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 19:37 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 19:37 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 19:37 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 19:37 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 19:37 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 19:37 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 19:36 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:36 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 19:36 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 19:36 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 19:36 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 19:36 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 19:36 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 19:36 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 19:36 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 19:36 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 19:36 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 19:36 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 19:36 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 19:36 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 19:36 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 19:36 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 19:36 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 19:36 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 19:36 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 19:34 - 2013-08-14 19:34 - 00017799 _____ C:\Users\Zach\Desktop\dds.txt
2013-08-14 19:34 - 2013-08-14 19:34 - 00010237 _____ C:\Users\Zach\Desktop\attach.txt
2013-08-13 21:57 - 2013-08-13 21:57 - 00001430 _____ C:\Users\Zach\Desktop\Internet Explorer.lnk
2013-08-10 23:54 - 2013-08-10 23:54 - 04476508 _____ C:\Users\Zach\Downloads\wordpress-3.6.zip

==================== One Month Modified Files and Folders =======

2013-08-27 16:47 - 2013-08-27 16:47 - 01579080 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2013-08-27 16:44 - 2012-05-28 14:03 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
2013-08-27 16:43 - 2013-08-27 16:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-27 16:43 - 2011-12-05 21:34 - 00000000 ____D C:\ProgramData\Adobe
2013-08-27 16:42 - 2012-02-14 23:42 - 01702732 _____ C:\Windows\WindowsUpdate.log
2013-08-27 16:39 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 16:39 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 16:36 - 2009-07-13 22:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 16:32 - 2012-05-23 11:40 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-27 16:31 - 2013-07-09 15:58 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-27 16:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 16:31 - 2009-07-13 21:51 - 00077603 _____ C:\Windows\setupact.log
2013-08-26 22:24 - 2012-06-16 16:32 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000UA.job
2013-08-26 22:08 - 2013-07-09 15:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 22:04 - 2012-05-27 21:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 18:24 - 2012-06-16 16:32 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3148971909-2120683883-1237405719-1000Core.job
2013-08-26 17:35 - 2013-08-26 17:35 - 00000000 ____D C:\Users\Zach\Desktop\Memos
2013-08-26 15:45 - 2011-12-05 22:39 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-26 15:08 - 2010-11-20 20:47 - 00048468 _____ C:\Windows\PFRO.log
2013-08-26 13:50 - 2013-08-26 13:50 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-26 13:50 - 2013-08-26 13:50 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Malwarebytes
2013-08-26 13:50 - 2013-08-26 13:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-26 13:49 - 2013-08-26 13:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Zach\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-26 11:10 - 2011-12-05 22:34 - 00773482 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-25 12:43 - 2012-05-27 18:57 - 00000000 ____D C:\Users\Zach\Desktop\Hats
2013-08-25 10:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-22 19:08 - 2013-08-22 19:08 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files\iTunes
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files\iPod
2013-08-22 19:08 - 2013-08-22 19:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-21 21:51 - 2013-08-21 21:51 - 00000000 ____D C:\FRST
2013-08-21 21:42 - 2013-08-21 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-21 21:42 - 2013-08-21 21:24 - 00000000 ____D C:\Users\Zach\Desktop\mbar
2013-08-21 21:25 - 2013-08-21 21:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 21:24 - 2013-08-21 21:23 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Zach\Downloads\mbar-1.06.1.1005.exe
2013-08-21 21:20 - 2013-08-21 21:17 - 00000000 ____D C:\AdwCleaner
2013-08-21 21:16 - 2013-08-21 21:16 - 00975858 _____ C:\Users\Zach\Desktop\adwcleaner.exe
2013-08-21 18:04 - 2012-05-27 21:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 18:04 - 2012-05-24 21:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:04 - 2011-12-05 21:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 17:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-21 17:10 - 2013-07-09 15:59 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-21 16:41 - 2012-06-16 16:31 - 00000000 ____D C:\Users\Zach\AppData\Local\Deployment
2013-08-21 16:36 - 2012-11-10 10:21 - 00000000 ____D C:\Users\Zach\AppData\Local\join.me
2013-08-18 14:35 - 2013-08-18 14:35 - 00003116 _____ C:\Windows\System32\Tasks\{B40C1398-EC72-40AE-A86C-594114E42BD7}
2013-08-18 14:34 - 2013-08-18 14:34 - 01595740 _____ () C:\Users\Zach\Downloads\USBDRVEN.EXE
2013-08-18 11:04 - 2011-12-05 22:35 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-18 11:02 - 2011-12-05 22:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-18 11:02 - 2011-12-05 22:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-14 20:18 - 2013-08-14 20:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:16 - 2011-12-05 22:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:34 - 2013-08-14 19:34 - 00017799 _____ C:\Users\Zach\Desktop\dds.txt
2013-08-14 19:34 - 2013-08-14 19:34 - 00010237 _____ C:\Users\Zach\Desktop\attach.txt
2013-08-14 19:23 - 2013-06-05 12:15 - 00000000 ____D C:\Program Files (x86)\SafeConnect
2013-08-13 21:57 - 2013-08-13 21:57 - 00001430 _____ C:\Users\Zach\Desktop\Internet Explorer.lnk
2013-08-13 21:55 - 2013-07-05 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-10 23:54 - 2013-08-10 23:54 - 04476508 _____ C:\Users\Zach\Downloads\wordpress-3.6.zip
2013-08-09 21:36 - 2012-05-23 11:35 - 00000000 ____D C:\Users\Zach\AppData\Local\VirtualStore
2013-08-03 15:44 - 2009-07-13 22:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-30 15:59 - 2012-09-01 12:00 - 00000000 ____D C:\Users\Zach\AppData\Local\CutePDF Writer
2013-07-30 15:55 - 2013-06-24 17:35 - 00000000 ____D C:\ProgramData\SofTest

Files to move or delete:
====================
C:\Users\Zach\AppData\Local\Temp\52ydtzhv.0d1BingAdsEditor.exe
C:\Users\Zach\AppData\Local\Temp\eemiodvb.hklBingAdsEditor.exe
C:\Users\Zach\AppData\Local\Temp\hcjl1qrx.wzzBingAdsEditor.exe
C:\Users\Zach\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Zach\AppData\Local\Temp\Quarantine.exe
C:\Users\Zach\AppData\Local\Temp\sqmapi.dll
C:\Users\Zach\AppData\Local\Temp\tbu0ylht.lm0BingAdsEditor.exe
C:\Users\Zach\AppData\Local\Temp\tbuTor.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleCrashHandler.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleCrashHandler64.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleUpdate.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleUpdateBroker.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleUpdateOnDemand.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\GoogleUpdateSetup.exe
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdate.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_am.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ar.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_bg.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_bn.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ca.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_cs.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_da.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_de.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_el.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_en-GB.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_en.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_es-419.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_es.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_et.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_fa.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_fi.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_fil.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_fr.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_gu.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_hi.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_hr.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_hu.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_id.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_is.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_it.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_iw.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ja.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_kn.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ko.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_lt.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_lv.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ml.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_mr.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ms.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_nl.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_no.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_pl.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_pt-BR.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_pt-PT.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ro.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ru.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_sk.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_sl.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_sr.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_sv.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_sw.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ta.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_te.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_th.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_tr.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_uk.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_ur.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_vi.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_zh-CN.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\goopdateres_zh-TW.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\npGoogleUpdate3.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\psmachine.dll
C:\Users\Zach\AppData\Local\Temp\{C5A1B112-AF50-4438-BF1F-35EEF10319C2}\psuser.dll
C:\Users\Zach\AppData\Local\Temp\{40a23b0a-f47a-4767-8cf1-6c48dea9c93b}\.ba1\wixstdba.dll
C:\Users\Zach\AppData\Local\Temp\joiC361.tmp\lmiscrhook32-Clone001.dll
C:\Users\Zach\AppData\Local\Temp\joiC361.tmp\lmiscrhook64-Clone002.dll
C:\Users\Zach\AppData\Local\Temp\clear.fiClient\cabarc.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-22 19:27

==================== End Of Log ============================



#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 29 August 2013 - 12:10 PM

Hi,

 

There are a couple of entries that should be gotten rid of, and assuming all goes well, we're very close to being done. :)

 

Farbar Recovery Scan Tool

 

I need you to run a fix with FRST.

 

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    FF Extension: Define Ext - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Extensions\gystqfr@ylgga.com
    FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Let me know how the computer is running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 29 August 2013 - 07:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by Zach at 2013-08-29 17:21:18 Run:2
Running from C:\Users\Zach\Desktop\Logs
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Define Ext - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Extensions\gystqfr@ylgga.com
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
*****************

C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\6j6djsbm.default\Extensions\gystqfr@ylgga.com => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com => Moved successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.

==== End of Fixlog ====



#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:39 AM

Posted 30 August 2013 - 01:23 PM

Hi,

 

Please delete the tools and their logs we used while cleaning up your PC from your desktop, since we don't need them anymore.

 

Congrats, your computer looks free of malware! :woot:

However, here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. For new software version updates, I recommend FileHippo Update Checker. However, FH doesn't find all updates, so be sure and manually check for updates, too.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include not opening emails from people you don't know, especially if it has an attachment. Files, especially those with a .exe, .com, .bat and .scr extension should never be trusted unless you know for a fact you can trust the source. You should also be careful with these files even from friends, since their email might actually not be from them.

You should also clean out your System Restore points. SR is used to restore your computer to an earlier time if it's damaged, and since many of your old restore points are probably infected, let's clean out your old points and create a new, clean one.
 

  • Go to Start > Programs > Accessories > System Tools > System Restore.
  • Select Create a new restore point, then click the Next button.
  • Give the point a name, then click Create.
  • Go to Start > Run... and enter cleanmgr.
  • Once the utility opens, click the More Options tab, and under System Restore, click Clean up..., then say Yes.

Happy surfing! :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 zachisbest

zachisbest
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 30 August 2013 - 09:16 PM

Thanks. All is so much better.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users