Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connect Suddenly 80-90% slower!


  • This topic is locked This topic is locked
16 replies to this topic

#1 mpt145

mpt145

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 02 September 2013 - 08:23 PM

Hi guys,

 

this is been a major thorne in my side for over a week now.

 

Sometimes it's worse than others.. but basically my computer's internet connection speed is suddenly and dramatically slower.

All of the other computers on my home network are fine.  Just this computer.

 

I used to get download speeds between 600-900 Kb/s  now if it's a good day I get like 100-200 Kb/s... but sometimes it's so bad

I only get 10-30 Kb/s!!!  It's so bad and so slow I can't even hardly use the internet... playing online games is not out of the question.

 

I've run several virus scans but can't really find anything. 

 

I'm using Windows 7 - 64 bit sp1 and I have a very fast computer with 16GB RAM.

I'm on a wireless network, but the other computers on the network are fine.

 

please advise.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 07 September 2013 - 08:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506512 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 09 September 2013 - 12:43 AM

Yeah, I still need help.

 

read the post from a week ago, nothings changed.

I don't have orginals windows disc.

 

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Seven at 19:38:33 on 2013-09-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.15849.13353 [GMT -10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} -
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} -
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} -
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} -
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
uRun: [ASRockXTU] <no file>
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe
mRun: [XFastUsb] "C:\Program Files (x86)\XFastUsb\XFastUsb.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Seven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{2B732425-D1AC-489F-876B-1D9D4B74EF4D} : NameServer = 192.168.1.1
TCP: Interfaces\{2B732425-D1AC-489F-876B-1D9D4B74EF4D} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{5DB94730-52E9-4CC4-9A29-E05933C826A8} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{64695011-CCC3-4D9B-A6B8-6F93A6833A2D} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{90457221-519E-450B-BC72-D25623377D8B} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{A2C325CE-90B5-4CD1-AA0E-A7AA83AC1E87} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{BE254A87-FF09-4169-B7C5-E42000285EC0} : DHCPNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{F25F42B7-27CE-41D5-B50F-BAFA2F7930E5} : DHCPNameServer = 207.69.188.186 207.69.188.187
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe /hide
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Seven\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Seven\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-18 18:16; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-4-11 31016]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-6-30 108832]
R0 mrdd;Marvell Removable Disk Control Driver;C:\Windows\System32\drivers\mrdd.sys [2010-2-28 22568]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-5-11 178728]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-29 56208]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\System32\drivers\Si3124r5.sys [2010-4-13 340008]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-6-30 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-6-30 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-6-30 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-6-30 117024]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2011-6-8 15368]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-3 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-1 304472]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2011-6-8 15936]
R1 xlkfs;xlkfs;C:\Windows\System32\drivers\xlkfs.sys [2012-5-4 30456]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-30 3783672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-1 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-1 66904]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-1-12 44768]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-8 21992]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-11 13592]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-9-29 2139400]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-6-19 386344]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-8 2656280]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-30 367200]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-8 317440]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;C:\Windows\System32\drivers\netr7364.sys [2013-6-30 716800]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-2-3 134760]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-3-25 66336]
S2 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/19 08:14:31;C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-9 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2011-6-9 32320]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-6 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-2 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-5-19 393728]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\SciTE.exe="D:\Program Files\Scintilla Text Editor\SciTE.exe" "%1" [UserChoice]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2050-07-29 01:07:22    --------    d-----w-    C:\Users\Seven\AppData\Roaming\TechSmith
2050-07-29 01:04:43    --------    d-----w-    C:\Users\Seven\AppData\Roaming\iZotope
2050-07-29 01:03:12    --------    d-----w-    C:\Program Files\Common Files\VST3
2050-07-29 01:03:11    --------    d-----w-    C:\Program Files (x86)\Common Files\VST3
2050-07-29 01:03:10    --------    d-----w-    C:\Program Files\Vstplugins
2050-07-29 01:03:09    --------    d-----w-    C:\Program Files (x86)\Vstplugins
2050-07-29 01:03:08    --------    d-----w-    C:\Program Files (x86)\iZotope
2050-07-29 01:03:08    --------    d-----w-    C:\Program Files (x86)\Common Files\Digidesign
2013-09-03 00:32:12    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-09-03 00:32:12    --------    d-----w-    C:\Windows\System32\Wat
2013-09-02 23:50:33    --------    d-----w-    C:\ProgramData\SummerSoft
2013-09-02 23:46:39    --------    d-----w-    C:\ProgramData\InstallMate
2013-08-28 10:02:49    --------    d-----w-    C:\Users\Seven\AppData\Roaming\PDAppFlex
2013-08-28 09:42:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Sonic Shared
2013-08-28 09:42:42    --------    d-----w-    C:\Program Files (x86)\My Company Name
2013-08-28 07:07:33    --------    d-----w-    C:\Users\Seven\AppData\Roaming\Malwarebytes
2013-08-28 07:07:27    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-08-28 07:07:27    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-28 07:07:27    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 07:07:20    --------    d-----w-    C:\Users\Seven\AppData\Local\Programs
2013-08-27 07:02:17    --------    d-----w-    C:\Users\Seven\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-25 19:07:29    --------    dc----w-    C:\AdwCleaner
2013-08-25 18:55:53    --------    d-----w-    C:\Windows\ERUNT
2013-08-25 18:33:11    --------    dc----w-    C:\_OTL
2013-08-21 09:43:14    --------    d-----w-    C:\Program Files (x86)\Compact Wireless-G USB Adapter Wireless Network Monitor
2013-08-21 08:09:08    --------    d-----w-    C:\Users\Seven\AppData\Local\ElevatedDiagnostics
2013-08-21 07:59:09    --------    d-----w-    C:\Program Files\CCleaner
2013-08-21 07:23:01    --------    d-----w-    C:\Program Files\SAMSUNG
2013-08-21 07:22:46    --------    d-----w-    C:\ProgramData\Samsung
2013-08-21 07:08:52    --------    d-----w-    C:\Program Files (x86)\Intel Android Device USB driver
2013-08-20 16:53:22    --------    d-----w-    C:\Program Files (x86)\DGMPG
2013-08-19 04:13:39    --------    d-----w-    C:\Users\Seven\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-08-15 07:02:08    --------    d-----w-    C:\Users\Seven\AppData\Local\Logitech® Webcam Software
2013-08-15 06:58:06    53248    ----a-r-    C:\Users\Seven\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-08-15 04:36:38    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-15 04:22:37    --------    d-----w-    C:\Program Files (x86)\Activision
2013-08-15 04:21:43    --------    d-sh--w-    C:\Windows\ftpcache
2013-08-14 16:33:53    224256    ----a-w-    C:\Windows\System32\wintrust.dll
.
==================== Find3M  ====================
.
2013-09-03 00:32:14    833024    ----a-w-    C:\Windows\SysWow64\user32.dll
2013-09-03 00:32:14    419840    ----a-w-    C:\Windows\System32\systemcpl.dll
2013-09-03 00:32:14    14848    ----a-w-    C:\Windows\System32\slwga.dll
2013-09-03 00:32:14    13824    ----a-w-    C:\Windows\SysWow64\slwga.dll
2013-09-03 00:32:14    1008640    ----a-w-    C:\Windows\System32\user32.dll
2013-08-21 01:25:02    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 01:25:02    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-10 20:15:28    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 20:15:28    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-10 20:15:28    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-01 05:29:34    716800    ----a-w-    C:\Windows\System32\drivers\netr7364.sys
2013-06-30 20:33:58    367200    ----a-w-    C:\Windows\System32\drivers\afcdp.sys
2013-06-30 20:33:55    1462560    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2013-06-30 20:33:54    183224    ----a-w-    C:\Windows\System32\drivers\tib_mounter.sys
2013-06-30 20:33:54    161568    ----a-w-    C:\Windows\System32\drivers\vididr.sys
2013-06-30 20:33:54    1120032    ----a-w-    C:\Windows\System32\drivers\tib.sys
2013-06-30 20:33:53    117024    ----a-w-    C:\Windows\System32\drivers\vidsflt.sys
2013-06-30 20:33:50    233760    ----a-w-    C:\Windows\System32\drivers\snapman.sys
2013-06-30 20:33:50    108832    ----a-w-    C:\Windows\System32\drivers\fltsrv.sys
2013-06-30 01:31:03    971360    ----a-w-    C:\Windows\System32\drivers\timntr.sys
2013-06-15 04:35:40    1111552    ----a-w-    C:\Windows\System32\rdpcorets.dll
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2008-12-11 02:14:40    4411392    ----a-w-    C:\Program Files (x86)\mplayerc.exe
.
============= FINISH: 19:38:44.69 ===============
 
 

Attached Files


Edited by mpt145, 09 September 2013 - 12:44 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 09 September 2013 - 09:12 AM

Greetings mpt145 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure your issue is malware related but we will take a look. We have a lot to take care of in this first post. Please consider and do these things for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • MiniToolBox log
  • FSS log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 10 September 2013 - 12:19 PM

Hi Gary,

 

thx for the help. nice sig.  here are the logs you requested.

 

I ran AdwCleaner twice because i thought I had to run it for each item checked and when I ran it the second time I found the entries that it cleaned for the browswers came back... so I cleaned them twice... still came back...

so after that I just ran the other tools you requested.

 

thx.

 

# AdwCleaner v3.003 - Report created 10/09/2013 at 06:44:16
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Seven - SEVEN64-PC
# Running from : C:\Users\Seven\Desktop\Malware Removal\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\wscontb

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1390 octets] - [25/08/2013 09:07:36]
AdwCleaner[R1].txt - [1155 octets] - [10/09/2013 06:42:05]
AdwCleaner[S0].txt - [1471 octets] - [25/08/2013 09:08:57]
AdwCleaner[S1].txt - [1040 octets] - [10/09/2013 06:44:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1100 octets] ##########

 

Second run

# AdwCleaner v3.003 - Report created 10/09/2013 at 06:48:08
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Seven - SEVEN64-PC
# Running from : C:\Users\Seven\Desktop\Malware Removal\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1390 octets] - [25/08/2013 09:07:36]
AdwCleaner[R1].txt - [1155 octets] - [10/09/2013 06:42:05]
AdwCleaner[R2].txt - [1152 octets] - [10/09/2013 06:47:00]
AdwCleaner[S0].txt - [1471 octets] - [25/08/2013 09:08:57]
AdwCleaner[S1].txt - [1180 octets] - [10/09/2013 06:44:16]
AdwCleaner[S2].txt - [1074 octets] - [10/09/2013 06:48:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1134 octets] ##########
 
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Ultimate x64
Ran by Seven on Tue 09/10/2013 at  6:53:29.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Seven\AppData\Roaming\mozilla\firefox\profiles\xlrz96d1.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/10/2013 at  6:58:13.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Seven (administrator) on 10-09-2013 at 07:05:54
Running from "C:\Users\Seven\Desktop\Malware Removal"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Hamachi Network Interface = Hamachi (Connected)
Compact Wireless-G USB Adapter = Wireless Network Connection 7 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 8 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Seven64-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : earthlink.com

Wireless LAN adapter Wireless Network Connection 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #4
   Physical Address. . . . . . . . . : 00-1E-E5-2A-5F-87
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 7:

   Connection-specific DNS Suffix  . : earthlink.com
   Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #3
   Physical Address. . . . . . . . . : 00-1E-E5-2A-5F-86
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fd9a:4bd:11af:4cc1%22(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 10, 2013 6:49:01 AM
   Lease Expires . . . . . . . . . . : Wednesday, September 11, 2013 6:49:01 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 503324389
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-1D-1E-EF-00-22-15-0A-C0-23
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-1C-D0-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::191c:d0cd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e97d:5d7d:184:c869%26(Preferred)
   IPv4 Address. . . . . . . . . . . : 25.28.208.205(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 10, 2013 6:48:59 AM
   Lease Expires . . . . . . . . . . : Wednesday, September 10, 2014 6:51:06 AM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 679115049
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-1D-1E-EF-00-22-15-0A-C0-23
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.earthlink.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3cd5:1933:bf34:eaf9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3cd5:1933:bf34:eaf9%29(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{D9510280-B580-434D-A7CE-84C06255D87A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AA7BBD4F-1D92-472E-8A1A-48B19FE9A021}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  74.125.228.1
      74.125.228.14
      74.125.228.9
      74.125.228.6
      74.125.228.2
      74.125.228.4
      74.125.228.3
      74.125.228.5
      74.125.228.7
      74.125.228.0
      74.125.228.8


Pinging google.com [74.125.228.1] with 32 bytes of data:
Reply from 74.125.228.1: bytes=32 time=135ms TTL=47
Reply from 74.125.228.1: bytes=32 time=133ms TTL=47

Ping statistics for 74.125.228.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 133ms, Maximum = 135ms, Average = 134ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Address:  206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=92ms TTL=48
Reply from 206.190.36.45: bytes=32 time=92ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 92ms, Maximum = 92ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 37...00 1e e5 2a 5f 87 ......Microsoft Virtual WiFi Miniport Adapter #4
 22...00 1e e5 2a 5f 86 ......Compact Wireless-G USB Adapter #3
 26...7a 79 19 1c d0 cd ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 29...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1    25.28.208.205   9256
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     25
         25.0.0.0        255.0.0.0         On-link     25.28.208.205   9256
    25.28.208.205  255.255.255.255         On-link     25.28.208.205   9256
   25.255.255.255  255.255.255.255         On-link     25.28.208.205   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    281
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     25.28.208.205   9256
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     25.28.208.205   9256
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 26   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 29     58 2001::/32                On-link
 29    306 2001:0:4137:9e76:3cd5:1933:bf34:eaf9/128
                                    On-link
 26    276 2620:9b::/96             On-link
 26    276 2620:9b::191c:d0cd/128   On-link
 26    276 fe80::/64                On-link
 22    281 fe80::/64                On-link
 29    306 fe80::/64                On-link
 29    306 fe80::3cd5:1933:bf34:eaf9/128
                                    On-link
 26    276 fe80::e97d:5d7d:184:c869/128
                                    On-link
 22    281 fe80::fd9a:4bd:11af:4cc1/128
                                    On-link
  1    306 ff00::/8                 On-link
 29    306 ff00::/8                 On-link
 26    276 ff00::/8                 On-link
 22    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-10-26 00:29:47.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:47.199
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:41.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:41.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
 
 

 

 

Farbar Service Scanner Version: 05-09-2013
Ran by Seven (administrator) on 10-09-2013 at 07:10:21
Running from "C:\Users\Seven\Desktop\Malware Removal"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Seven (administrator) on SEVEN64-PC on 10-09-2013 07:11:24
Running from C:\Users\Seven\Desktop\Malware Removal
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(tzuk) C:\Program Files\Sandboxie\SbieCtrl.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(ASRock) C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [VIRTU] - C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe [2593056 2012-01-05] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [463248 2009-12-16] (The Eraser Project)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [570600 2010-02-03] (tzuk)
HKCU\...\Run: [Windows Shutdown Assistant] - [x]
HKCU\...\Run: [Google Update] - C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-24] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: F - F:\oe_open.exe contents.htm
MountPoints2: I - I:\setup.exe
MountPoints2: {2c9e3f0b-2500-11df-b5db-806e6f6e6963} - D:\setup.exe
MountPoints2: {6c7a9654-94d6-11e0-880d-806e6f6e6963} - D:\ASRSetup.exe
MountPoints2: {6d0026c0-9417-11e0-90c7-806e6f6e6963} - E:\setup.exe
MountPoints2: {7b8a9002-9250-11e0-8182-806e6f6e6963} - D:\autorun.exe
MountPoints2: {f569a4a4-940a-11e0-9557-806e6f6e6963} - D:\setup.exe
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [3744552 2011-11-28] (AVAST Software)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe [90112 2008-11-13] (MAGIX AG)
HKLM-x32\...\Run: [XFastUsb] - C:\Program Files (x86)\XFastUsb\XFastUsb.exe [5019360 2012-04-11] (FNet Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [F5D7050v3] - C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll [186656 2012-01-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll [156960 2012-01-05] (Lucidlogix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553542500} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 207.69.188.186 207.69.188.187
Tcpip\..\Interfaces\{2B732425-D1AC-489F-876B-1D9D4B74EF4D}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Seven\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Seven\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Seven\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Seven\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\searchplugins\mp3-search.xml
FF SearchPlugin: C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\searchplugins\youtube-ssl.xml
FF Extension: No Name - C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\xlrz96d1.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR Extension: (Google Search) - C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM-x32\...\Chrome\Extension: [bedaeeioemfhlgafklfgcaaomodicijb] - C:\ProgramData\wxDownload\bedaeeioemfhlgafklfgcaaomodicijb.crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] ()
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2011-09-19] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768 2011-11-28] (AVAST Software)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [94440 2010-02-03] (tzuk)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66904 2011-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [591192 2011-11-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [304472 2011-11-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58712 2011-11-28] (AVAST Software)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-02-09] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-06-08] (FNet Co., Ltd.)
R0 mrdd; C:\Windows\System32\DRIVERS\mrdd.sys [22568 2008-11-11] (Marvell Semiconductor, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [134760 2010-02-03] (tzuk)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 Si3124r5; C:\Windows\System32\DRIVERS\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2010-04-13] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2010-04-13] (Silicon Image, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-06-11] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-06-30] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-06-30] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-06-30] (Acronis International GmbH)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
U3 aypz2kcx; C:\Windows\System32\Drivers\aypz2kcx.sys [0 ] (Silicon Image, Inc)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x]
R3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 EtronHub3; System32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [x]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2050-07-28 15:04 - 2050-07-28 15:04 - 00000000 ____D C:\Users\Seven\AppData\Roaming\iZotope
2050-07-28 15:03 - 2050-07-28 15:03 - 00001230 _____ C:\Users\Public\Desktop\iZotope RX.lnk
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Users\Seven\Documents\iZotope RX 2 Presets
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Users\Seven\Documents\iZotope
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files\Vstplugins
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files\Common Files\VST3
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files (x86)\iZotope
2013-09-10 07:11 - 2013-09-10 07:11 - 00000000 ___DC C:\FRST
2013-09-04 21:34 - 2013-09-04 21:36 - 00000000 ____D C:\Users\Seven\Desktop\FSM
2013-09-03 06:03 - 2013-09-03 06:03 - 00120200 _____ C:\Users\Seven\AppData\Roaming\GDIPFONTCACHEV1.DAT
2013-09-02 13:50 - 2013-09-02 13:50 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-02 13:46 - 2013-09-02 13:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 13:00 - 2013-09-02 13:00 - 06664704 _____ (Hazar & Co.) C:\Users\Seven\Desktop\RemoveWAT.exe
2013-09-02 10:14 - 2013-09-02 10:19 - 00000000 ____D C:\Users\Seven\Desktop\New folder
2013-08-28 07:27 - 2013-08-28 07:27 - 145762520 _____ C:\Users\Seven\AppData\Local\ACCCx2_1_1_220.zip.aamdownload
2013-08-28 07:27 - 2013-08-28 07:27 - 00001732 _____ C:\Users\Seven\AppData\Local\ACCCx2_1_1_220.zip.aamdownload.aamd
2013-08-28 00:02 - 2013-08-28 00:02 - 00000000 ____D C:\Users\Seven\AppData\Roaming\PDAppFlex
2013-08-27 23:42 - 2013-08-27 23:42 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Malwarebytes
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 21:07 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-26 22:29 - 2013-08-28 08:43 - 00001525 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-08-26 21:29 - 2013-08-26 21:29 - 00000000 ____D C:\Users\Seven\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
2013-08-26 21:02 - 2013-08-26 21:02 - 00000000 ____D C:\Users\Seven\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-25 09:09 - 2013-09-02 14:28 - 00003018 _____ C:\Windows\PFRO.log
2013-08-25 09:07 - 2013-09-10 06:50 - 00000000 ___DC C:\AdwCleaner
2013-08-25 08:55 - 2013-08-25 08:55 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 08:33 - 2013-08-25 08:33 - 00000000 ___DC C:\_OTL
2013-08-21 00:23 - 2013-09-10 07:10 - 00000000 ____D C:\Users\Seven\Desktop\Malware Removal
2013-08-20 23:43 - 2013-08-20 23:43 - 00001361 _____ C:\Windows\SysWOW64\WLAN.INI
2013-08-20 23:43 - 2013-08-20 23:43 - 00000000 ____D C:\Program Files (x86)\Compact Wireless-G USB Adapter Wireless Network Monitor
2013-08-20 23:12 - 2013-08-24 17:10 - 00000000 ____D C:\Users\Seven\Desktop\WOD
2013-08-20 22:07 - 2013-09-10 06:49 - 00019311 _____ C:\Windows\setupact.log
2013-08-20 22:07 - 2013-08-20 22:07 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 21:59 - 2013-08-20 21:59 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 21:59 - 2013-08-20 21:59 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 21:23 - 2013-08-20 21:23 - 00000000 ____D C:\Program Files\SAMSUNG
2013-08-20 21:22 - 2013-08-20 21:22 - 00000000 ____D C:\ProgramData\Samsung
2013-08-20 21:08 - 2013-08-20 21:08 - 00000000 ____D C:\Program Files (x86)\Intel Android Device USB driver
2013-08-20 06:57 - 2013-08-20 06:57 - 00001327 _____ C:\Users\Seven\Desktop\DGIndex.exe - Shortcut.lnk
2013-08-20 06:53 - 2013-08-20 06:57 - 00000000 ____D C:\Program Files (x86)\DGMPG
2013-08-18 18:13 - 2013-08-18 18:13 - 00000000 ____D C:\Users\Seven\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-08-17 15:41 - 2013-08-18 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 21:39 - 2013-08-15 21:39 - 00001883 _____ C:\Users\Seven\Desktop\Wolverine.exe - Shortcut.lnk
2013-08-14 21:02 - 2013-08-14 21:02 - 00000000 ____D C:\Users\Seven\AppData\Local\Logitech® Webcam Software
2013-08-14 20:58 - 2013-08-14 20:58 - 00008987 _____ C:\Windows\system32\lvcoinst.log
2013-08-14 20:58 - 2013-08-14 20:58 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Leadertech
2013-08-14 20:58 - 2013-08-14 20:58 - 00000000 ____D C:\ProgramData\LogiShrd
2013-08-14 20:57 - 2013-08-14 20:58 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-08-14 20:57 - 2013-08-14 20:58 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-08-14 20:57 - 2013-08-14 20:57 - 00001631 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2013-08-14 18:37 - 2013-08-14 18:37 - 00000000 ____D C:\Users\Seven\Documents\Wolverine
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Program Files (x86)\Activision
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 __SHD C:\Windows\ftpcache
2013-08-14 07:44 - 2013-07-25 19:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 07:44 - 2013-07-25 19:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 07:44 - 2013-07-25 19:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 07:44 - 2013-07-25 19:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 07:44 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 07:44 - 2013-07-25 17:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 07:44 - 2013-07-25 17:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 07:44 - 2013-07-25 17:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 07:44 - 2013-07-25 17:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 07:44 - 2013-07-25 17:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 07:44 - 2013-07-25 17:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 07:44 - 2013-07-25 16:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 07:44 - 2013-07-25 16:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 07:44 - 2013-07-25 15:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 06:33 - 2013-07-24 23:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 06:33 - 2013-07-24 22:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 06:33 - 2013-07-18 15:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 06:33 - 2013-07-18 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 06:33 - 2013-07-08 20:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 06:33 - 2013-07-08 19:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 06:33 - 2013-07-08 19:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 06:33 - 2013-07-08 19:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 06:33 - 2013-07-08 19:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 06:33 - 2013-07-08 19:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 06:33 - 2013-07-08 19:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 06:33 - 2013-07-08 19:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 06:33 - 2013-07-08 19:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 06:33 - 2013-07-08 19:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 06:33 - 2013-07-08 18:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 06:33 - 2013-07-08 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 06:33 - 2013-07-08 18:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 06:33 - 2013-07-08 18:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 06:33 - 2013-07-08 18:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 06:33 - 2013-07-08 18:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 06:33 - 2013-07-08 18:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 06:33 - 2013-07-08 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 06:33 - 2013-07-08 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 06:33 - 2013-07-08 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 06:33 - 2013-07-08 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 06:33 - 2013-07-05 20:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 06:33 - 2013-06-14 18:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 06:33 - 2013-06-14 18:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2050-07-28 15:07 - 2012-01-10 10:26 - 00000000 ____D C:\Users\Seven\Documents\Camtasia Studio
2050-07-28 15:04 - 2050-07-28 15:04 - 00000000 ____D C:\Users\Seven\AppData\Roaming\iZotope
2050-07-28 15:03 - 2050-07-28 15:03 - 00001230 _____ C:\Users\Public\Desktop\iZotope RX.lnk
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Users\Seven\Documents\iZotope RX 2 Presets
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Users\Seven\Documents\iZotope
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files\Vstplugins
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files\Common Files\VST3
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2050-07-28 15:03 - 2050-07-28 15:03 - 00000000 ____D C:\Program Files (x86)\iZotope
2013-09-10 07:11 - 2013-09-10 07:11 - 00000000 ___DC C:\FRST
2013-09-10 07:10 - 2013-08-21 00:23 - 00000000 ____D C:\Users\Seven\Desktop\Malware Removal
2013-09-10 06:54 - 2009-07-13 19:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 06:52 - 2010-02-28 23:12 - 01768722 _____ C:\Windows\WindowsUpdate.log
2013-09-10 06:50 - 2013-08-25 09:07 - 00000000 ___DC C:\AdwCleaner
2013-09-10 06:49 - 2013-08-20 22:07 - 00019311 _____ C:\Windows\setupact.log
2013-09-10 06:49 - 2013-07-07 15:53 - 00000000 ____D C:\Users\Seven\AppData\Local\LogMeIn Hamachi
2013-09-10 06:49 - 2012-01-29 18:44 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 06:49 - 2009-07-13 19:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 06:48 - 2011-04-04 23:39 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-10 06:44 - 2009-07-13 18:45 - 00020288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 06:44 - 2009-07-13 18:45 - 00020288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 06:42 - 2013-04-22 06:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 06:38 - 2012-01-29 18:44 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 06:29 - 2013-06-24 08:46 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001UA.job
2013-09-09 22:05 - 2011-11-02 14:27 - 00000000 ____D C:\Users\Seven\AppData\Local\TSVNCache
2013-09-09 22:04 - 2010-03-01 00:22 - 00000000 ____D C:\Users\Seven\AppData\Local\Eraser
2013-09-09 22:01 - 2013-06-24 08:46 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001Core.job
2013-09-09 08:33 - 2010-02-28 23:08 - 00000000 ____D C:\Users\Seven
2013-09-04 21:36 - 2013-09-04 21:34 - 00000000 ____D C:\Users\Seven\Desktop\FSM
2013-09-04 10:25 - 2011-06-13 00:21 - 00000000 ____D C:\Users\Seven\AppData\Roaming\vlc
2013-09-04 10:25 - 2008-07-17 22:13 - 00001516 _____ C:\Windows\xlkfs.dat
2013-09-04 10:25 - 2008-07-17 22:13 - 00000094 _____ C:\Windows\xlkfs.ini
2013-09-03 06:03 - 2013-09-03 06:03 - 00120200 _____ C:\Users\Seven\AppData\Roaming\GDIPFONTCACHEV1.DAT
2013-09-02 15:47 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 14:32 - 2011-04-06 07:52 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-09-02 14:32 - 2011-04-06 07:52 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-09-02 14:32 - 2011-04-06 07:51 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-09-02 14:32 - 2011-04-06 07:51 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-09-02 14:32 - 2011-04-06 07:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-09-02 14:28 - 2013-08-25 09:09 - 00003018 _____ C:\Windows\PFRO.log
2013-09-02 13:50 - 2013-09-02 13:50 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-02 13:50 - 2013-09-02 13:46 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-02 13:00 - 2013-09-02 13:00 - 06664704 _____ (Hazar & Co.) C:\Users\Seven\Desktop\RemoveWAT.exe
2013-09-02 12:51 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\Registration
2013-09-02 10:19 - 2013-09-02 10:14 - 00000000 ____D C:\Users\Seven\Desktop\New folder
2013-09-01 12:38 - 2013-04-14 17:45 - 00000000 ____D C:\Users\Seven\Desktop\Guitar
2013-08-30 07:01 - 2010-02-28 23:12 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Mozilla
2013-08-28 14:45 - 2013-07-29 20:50 - 00000021 _____ C:\Windows\SurCode.INI
2013-08-28 10:33 - 2009-07-13 18:45 - 05044032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 10:25 - 2013-07-29 20:55 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-08-28 10:23 - 2011-06-12 21:14 - 00000000 ____D C:\Users\Seven\AppData\Local\CrashDumps
2013-08-28 08:49 - 2010-03-01 07:52 - 00120200 _____ C:\Users\Seven\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-28 08:43 - 2013-08-26 22:29 - 00001525 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-08-28 08:22 - 2011-04-05 07:01 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 08:21 - 2013-07-29 20:02 - 00000000 ____D C:\Program Files\Adobe
2013-08-28 08:20 - 2011-04-05 07:01 - 00000000 ____D C:\Users\Seven\AppData\Local\Adobe
2013-08-28 07:27 - 2013-08-28 07:27 - 145762520 _____ C:\Users\Seven\AppData\Local\ACCCx2_1_1_220.zip.aamdownload
2013-08-28 07:27 - 2013-08-28 07:27 - 00001732 _____ C:\Users\Seven\AppData\Local\ACCCx2_1_1_220.zip.aamdownload.aamd
2013-08-28 00:02 - 2013-08-28 00:02 - 00000000 ____D C:\Users\Seven\AppData\Roaming\PDAppFlex
2013-08-27 23:42 - 2013-08-27 23:42 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-08-27 23:23 - 2013-07-29 20:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Malwarebytes
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-27 19:46 - 2010-02-28 23:51 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2013-08-26 22:58 - 2012-04-01 12:16 - 00000000 ____D C:\Users\Seven\AppData\Roaming\uTorrent
2013-08-26 21:29 - 2013-08-26 21:29 - 00000000 ____D C:\Users\Seven\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
2013-08-26 21:29 - 2011-04-04 22:46 - 00000000 ____D C:\Users\Seven\AppData\Local\Sony
2013-08-26 21:02 - 2013-08-26 21:02 - 00000000 ____D C:\Users\Seven\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-26 21:02 - 2013-07-29 20:58 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-08-25 08:55 - 2013-08-25 08:55 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 08:33 - 2013-08-25 08:33 - 00000000 ___DC C:\_OTL
2013-08-24 21:02 - 2011-08-10 17:13 - 00000125 ___SH C:\ProgramData\.zreglib
2013-08-24 19:54 - 2011-06-28 07:32 - 00000000 ____D C:\Users\Seven\AppData\Roaming\dvdcss
2013-08-24 17:10 - 2013-08-20 23:12 - 00000000 ____D C:\Users\Seven\Desktop\WOD
2013-08-23 23:24 - 2013-06-14 20:02 - 00001140 _____ C:\Users\Seven\Desktop\New Text Document.txt
2013-08-21 09:05 - 2011-12-04 20:33 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Media Player Classic
2013-08-20 23:43 - 2013-08-20 23:43 - 00001361 _____ C:\Windows\SysWOW64\WLAN.INI
2013-08-20 23:43 - 2013-08-20 23:43 - 00000000 ____D C:\Program Files (x86)\Compact Wireless-G USB Adapter Wireless Network Monitor
2013-08-20 23:43 - 2010-02-28 23:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-20 22:07 - 2013-08-20 22:07 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 22:03 - 2011-12-04 20:19 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Winamp
2013-08-20 22:02 - 2011-06-14 07:09 - 00000000 ____D C:\Windows\Minidump
2013-08-20 22:02 - 2010-02-28 20:59 - 00000000 ____D C:\Windows\Panther
2013-08-20 21:59 - 2013-08-20 21:59 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-08-20 21:59 - 2013-08-20 21:59 - 00000000 ____D C:\Program Files\CCleaner
2013-08-20 21:23 - 2013-08-20 21:23 - 00000000 ____D C:\Program Files\SAMSUNG
2013-08-20 21:22 - 2013-08-20 21:22 - 00000000 ____D C:\ProgramData\Samsung
2013-08-20 21:08 - 2013-08-20 21:08 - 00000000 ____D C:\Program Files (x86)\Intel Android Device USB driver
2013-08-20 15:25 - 2013-04-22 06:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 15:25 - 2012-04-25 12:02 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 15:25 - 2011-07-05 06:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 07:11 - 2011-04-04 22:58 - 00001142 _____ C:\Users\Public\Desktop\MAGIX Movie Edit Pro 17 Plus Download Version.lnk
2013-08-20 06:57 - 2013-08-20 06:57 - 00001327 _____ C:\Users\Seven\Desktop\DGIndex.exe - Shortcut.lnk
2013-08-20 06:57 - 2013-08-20 06:53 - 00000000 ____D C:\Program Files (x86)\DGMPG
2013-08-19 09:15 - 2010-02-28 23:15 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Adobe
2013-08-19 07:48 - 2011-04-05 07:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-18 18:21 - 2009-07-13 16:34 - 00004372 _____ C:\Windows\system32\Drivers\etc\Hosts-adobe
2013-08-18 18:13 - 2013-08-18 18:13 - 00000000 ____D C:\Users\Seven\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-08-18 13:18 - 2012-01-10 10:38 - 00007168 _____ C:\Users\Seven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-18 10:52 - 2012-05-09 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 07:10 - 2013-08-17 15:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 22:36 - 2010-02-28 23:10 - 00000000 ___RD C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-15 21:39 - 2013-08-15 21:39 - 00001883 _____ C:\Users\Seven\Desktop\Wolverine.exe - Shortcut.lnk
2013-08-14 21:02 - 2013-08-14 21:02 - 00000000 ____D C:\Users\Seven\AppData\Local\Logitech® Webcam Software
2013-08-14 20:58 - 2013-08-14 20:58 - 00008987 _____ C:\Windows\system32\lvcoinst.log
2013-08-14 20:58 - 2013-08-14 20:58 - 00000000 ____D C:\Users\Seven\AppData\Roaming\Leadertech
2013-08-14 20:58 - 2013-08-14 20:58 - 00000000 ____D C:\ProgramData\LogiShrd
2013-08-14 20:58 - 2013-08-14 20:57 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-08-14 20:58 - 2013-08-14 20:57 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-08-14 20:57 - 2013-08-14 20:57 - 00001631 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2013-08-14 18:37 - 2013-08-14 18:37 - 00000000 ____D C:\Users\Seven\Documents\Wolverine
2013-08-14 18:22 - 2013-08-14 18:22 - 00000000 ____D C:\Program Files (x86)\Activision
2013-08-14 18:21 - 2013-08-14 18:21 - 00000000 __SHD C:\Windows\ftpcache
2013-08-14 08:11 - 2013-05-15 20:41 - 00000000 ____D C:\Windows\rescache
2013-08-14 07:41 - 2013-07-28 17:31 - 00000000 ____D C:\Windows\system32\MRT

Files to move or delete:
====================
C:\Users\Seven\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Seven\AppData\Local\Temp\bassmod.dll
C:\Users\Seven\AppData\Local\Temp\Tsu3CE778EC.dll
C:\Users\Seven\AppData\Local\Temp\Tsu492B7663.dll
C:\Users\Seven\AppData\Local\Temp\Tsu5520BD76.dll
C:\Users\Seven\AppData\Local\Temp\TsuF451E775.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 09:08

==================== End Of Log ============================
 
 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Seven at 2013-09-10 07:11:40
Running from C:\Users\Seven\Desktop\Malware Removal
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.1.3)
1&1 EasyLogin (x32)
3DMark05 (x32 Version: 1.2.0)
7-Zip 4.65 (x32)
ABC (remove only) (x32)
Absolute Uninstaller 2.8.0.636 (x32)
Acronis Disk Director Suite (x32 Version: 10.0.2160)
Acronis Disk Director 11 Home (x32 Version: 11.0.2121)
ActiveState Komodo Edit 6.1.1 (x32 Version: 6.1.1)
Activision(R) (x32 Version: 1.00.0000)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Premiere Pro CS6 (x32 Version: 6.0)
Adobe Premiere Pro CS6 Functional Content (x32 Version: 6.0.0)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AnyDVD (x32 Version: 7.2.0.0)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.3.127)
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.71 (x32)
ASRock InstantBoot v1.26 (x32)
ASRock XFast RAM v2.0.9
avast! Free Antivirus (x32 Version: 6.0.1367.0)
Belkin 54Mbps Wireless Network Adapter (x32 Version: 3.00.07)
bl (x32 Version: 1.0.0)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3)
CameraHelperMsi (x32 Version: 13.51.815.0)
Camtasia Studio 8 (x32 Version: 8.0.2.918)
CCleaner (Version: 4.04)
Citrix Online Launcher (x32 Version: 1.0.110)
CloneDVD2 (x32)
Compact Wireless-G USB Adapter (x32)
CPUID CPU-Z 1.57.1
CyberLink DVD Menu Template Pack (x32 Version: 2.0)
CyberLink MediaEspresso (x32 Version: 6.0.1203_33054)
CyberLink PowerDirector (Version: 9.0.0.2330)
CyberLink PowerDirector (x32 Version: 9.0.0.2330)
CyberLink PowerProducer (x32 Version: 5.5.3.2402)
CyberLink WaveEditor (x32 Version: 1.0.1.2318)
Diablo III (x32 Version: 1.0.8.16603)
DivX Converter (x32 Version: 7.1.0)
DivX Player (x32 Version: 7.2.0)
DivX Plus DirectShow Filters (x32)
DivX Setup (x32 Version: 2.6.1.8)
DivX Version Checker (x32 Version: 7.1.0.9)
dows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (Version: 09/29/2009 2.0.0.0)
Easy File Locker 1.4 (x32 Version: 1.4)
EasyBCD 2.0 (x32 Version: 2.0)
Eraser 5.8.8 (Version: Eraser 5.8.8)
erLT (x32 Version: 1.20.138.34)
EVGA Precision 2.0.2 (x32 Version: 2.0.2)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0)
Fraps (x32)
Fritz 13 (x32 Version: 13.0.0.0)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.5.3.14917)
Google Update Helper (x32 Version: 1.3.21.153)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
Host OpenAL (ADI) (x32)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel Android Device USB driver (Version: 1.1.5)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Intel(R) Rapid Storage Technology (x32 Version: 10.8.0.1003)
iZotope RX 2 (x32 Version: 2.02)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 30 (x32 Version: 6.0.300)
JavaFX 2.1.0 (x32 Version: 2.1.0)
join.me (HKCU Version: 1.9.2.216)
Logitech Webcam Software (x32 Version: 2.51)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
MAGIX Movie Edit Pro 17 Plus Download Version (x32 Version: 10.0.0.33)
MAGIX Music Maker MX Production Suite Download Version (Introductory videos) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download Version (x32 Version: 18.0.1.11)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.1.27)
MAGIX Video Sound Cleaning Lab Download Version (x32 Version: 1.0.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 61xx (x32 Version: 1.2.0.68)
marvell 91xx driver (x32 Version: 1.2.0.1003)
Marvell Miniport Driver (x32 Version: 11.10.5.3)
Media Player Codec Pack 4.1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office XP Professional with FrontPage (x32 Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Express Edition - ENU (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Express Edition - ENU (x32)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32 Version: 9.0.21022)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (x32)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
mufin player 2.0 (x32 Version: 2.0.3.680)
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0)
Netscape Navigator (9.0.0.6) (x32 Version: 9.0.0.6 (en-US))
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Alien vs. Triangles demo (x32 Version: 1.0)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Olympus Digital Wave Player (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.16 (x32 Version: 12.16.1860)
Path of Exile (x32 Version: 0.10.4.23841)
Path of Exile (x32 Version: 0.9.10.17473)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
PowerISO (x32)
Prezi Desktop (x32 Version: 4.5.1)
QuickTime (x32 Version: 7.69.80.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.450.0)
Sandboxie 3.44 (64-bit)
SmartSound Quicktracks 5 (x32 Version: 5.1.7)
StreamTransport version: 1.0.2.2171 (x32)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
THX TruStudio Pro (x32 Version: 1.0)
Torchlight 2 (x32 Version: 1.9.2.1)
TortoiseSVN 1.7.1.22161 (64 bit) (Version: 1.7.22161)
True Image 2013 (x32 Version: 16.0.6514)
True Image 2013 Plus Pack (x32 Version: 16.0.6514)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
uTorrentControl2 Toolbar (x32 Version: 6.8.5.1)
VC Runtimes MSI (x32 Version: 9.0.21022)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Vegas Movie Studio HD Platinum 10.0 (x32 Version: 10.0.179)
VIRTU 1.2.112 (Version: 1.2.112)
VLC media player 2.0.1 (Version: 2.0.1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Winamp (x32 Version: 5.622 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Shutdown Assistant V1.0.3 (x32 Version: 1.0.3)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
WxDownload Expansion (Version: 1.0)
wxDownload Fast 0.6.0 (x32)
XFast LAN v6.61 (Version: 6.61)
XFastUSB (x32 Version: 3.02.28)
X-Lite 3.0 (x32)
X-Men Origins - Wolverine(TM) (x32 Version: 1.00.0000)
XnView 1.98.2 (x32 Version: 1.98.2)
Xtreme SuitePro ActiveX v13.0.0 (30 Day Trial) (x32 Version: 13.0.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 16:34 - 2013-08-25 08:33 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {36D2C824-AF6C-4E4A-AB95-DB6228E37819} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe
Task: {4F87B719-DDB7-488B-ABEC-7F8991F79AF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001Core => C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {503ABD77-6234-4E36-B8DC-B4E5ADA73EF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001UA => C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {626DC468-0F23-4F25-8316-B24FA0EF6172} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {6990F571-5C6A-46B0-A5C1-8A387F44EEB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {843CB917-4546-4E54-AAF2-F30E40E34BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {932A1E10-9F48-4128-B932-B68A3269ACA0} - System32\Tasks\zASRockInstantBoot => C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe [2010-11-09] (ASRock)
Task: {AAA4C83F-7202-4D89-87E8-A5690D241F4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C086ADC7-5C35-480C-B441-27F33AF4DCA3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-12-03] (CyberLink)
Task: {D0EA90B5-5549-4F49-8A07-2FECB006BA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {FE1BF924-0922-4C68-A04E-CB3F690B840A} - System32\Tasks\{2F4D4F47-E0A0-4FC2-8640-F904F80E9530} => E:\Program Files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\MovieEdit.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001Core.job => C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284622540-2790889296-3846233822-1001UA.job => C:\Users\Seven\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-26 00:32 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2011-06-08 18:34 - 2011-04-09 16:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-03-01 00:21 - 2009-12-16 02:12 - 00377232 _____ (-) C:\Windows\system32\Eraser.dll
2011-06-13 10:20 - 2011-06-13 10:20 - 00075544 _____ (http://tortoisesvn.net) C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
2011-10-22 11:11 - 2011-10-22 11:11 - 00046360 _____ (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2011-10-22 11:11 - 2011-10-22 11:11 - 00476440 _____ (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
2011-10-22 11:11 - 2011-10-22 11:11 - 00054552 _____ (Free Software Foundation) C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
2011-10-22 11:11 - 2011-10-22 11:11 - 00088856 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-03-27 22:37 - 2013-03-27 22:37 - 02818800 _____ (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2010-02-03 00:40 - 2010-02-03 00:40 - 00307944 _____ (tzuk) C:\Program Files\Sandboxie\SbieDll.dll
2010-02-03 00:40 - 2010-02-03 00:40 - 01377000 _____ (tzuk) C:\Program Files\Sandboxie\SbieMsg.dll
2009-07-13 14:22 - 2009-07-13 15:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2010-03-01 00:21 - 2009-12-16 02:12 - 00103824 _____ (-) C:\Windows\System32\erasext.dll
2010-03-01 00:21 - 2009-12-16 02:12 - 00377232 _____ (-) C:\Windows\System32\Eraser.dll
2011-04-04 21:41 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-09 16:42 - 2007-02-13 12:53 - 00040960 ____N (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtctResource.dll
2013-08-14 07:51 - 2013-08-14 07:51 - 00491520 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\914b102327a5f48542af50a6e5c1f8ab\IAStorUtil.ni.dll
2013-07-11 08:29 - 2013-07-11 08:29 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9806320368a8f23f1f6c5de66ebb29d0\IAStorCommon.ni.dll
2011-01-17 16:19 - 2011-12-29 20:35 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-07-28 13:09 - 2011-07-28 13:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-04-11 08:28 - 2010-05-31 17:38 - 00159744 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\en-US\THXAudio.resources.dll
2012-04-11 08:28 - 2009-08-31 16:55 - 00197632 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXLgcy.dll
2012-04-11 08:28 - 2009-09-08 10:01 - 00237056 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\CTLoadRs.dll
2012-04-11 08:28 - 2008-03-19 16:18 - 00065536 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\CTSUSDKu.dll
2012-04-11 08:28 - 2010-05-19 18:43 - 00267264 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\CTSetAPO.dll
2012-04-11 08:28 - 2010-05-20 10:00 - 00421888 ____N (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\CTAudEp.dll
2012-04-11 08:28 - 2010-06-08 13:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-03-27 18:40 - 2013-03-27 18:40 - 00121152 _____ (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2013-01-23 16:09 - 2013-01-23 16:09 - 00399680 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll
2013-03-27 21:23 - 2013-06-30 10:20 - 01323008 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll
2013-03-27 22:12 - 2013-03-27 22:12 - 13606896 _____ (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2013-03-27 21:31 - 2013-03-27 21:31 - 00028480 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-03-27 21:33 - 2013-03-27 21:33 - 00289088 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll
2013-03-27 21:58 - 2013-03-27 21:58 - 00072000 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2013-03-20 19:28 - 2013-03-20 19:28 - 00276800 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2013-03-14 17:51 - 2013-03-14 17:51 - 03566664 _____ (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\tdrpapi.dll
2013-01-10 13:31 - 2013-01-10 13:31 - 00342488 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter.dll
2013-01-10 13:45 - 2013-01-10 13:45 - 01752600 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\fox.dll
2013-01-10 13:41 - 2013-01-10 13:41 - 00034840 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\thread_pool.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-12-03 17:45 - 2010-12-03 17:45 - 00150624 ____N () C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM.dll
2013-08-17 15:41 - 2013-08-17 15:41 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-06-13 10:20 - 2011-06-13 10:20 - 00064792 _____ (http://tortoisesvn.net) C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
2011-10-22 10:16 - 2011-10-22 10:16 - 00040216 _____ (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2011-10-22 10:16 - 2011-10-22 10:16 - 00422680 _____ (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TortoiseSVN32.dll
2011-10-22 10:16 - 2011-10-22 10:16 - 00045848 _____ (Free Software Foundation) C:\Program Files\TortoiseSVN\bin\intl3_tsvn32.dll
2011-10-22 10:16 - 2011-10-22 10:16 - 00070424 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-03-27 22:36 - 2013-03-27 22:36 - 00726360 _____ (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll
2013-03-27 22:36 - 2013-03-27 22:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Seven:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:HURIKK5Rbq0XrGwGi26
AlternateDataStreams: C:\ProgramData\Microsoft:NB043A3tlOlWLNCtYJr2
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:KKb2rvYTOhZFyAkWRSsHI
AlternateDataStreams: C:\Users\Seven\Cookies:YKBzhgywXBGSetyoFnchjinqP0d
AlternateDataStreams: C:\Users\Seven\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Seven\Templates:gs5sys
AlternateDataStreams: C:\Users\Seven\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Seven\Documents\desktop.ini:gs5sys


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-10-26 00:29:47.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:47.199
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:41.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-26 00:29:41.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 15848.55 MB
Available physical RAM: 13278.05 MB
Total Pagefile: 17940.74 MB
Available Pagefile: 15072.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Seven64) (Fixed) (Total:119.19 GB) (Free:29.83 GB) NTFS
Drive g: (2TB_Apps) (Fixed) (Total:292.97 GB) (Free:198.43 GB) NTFS
Drive h: (4TB_Storage) (Fixed) (Total:3432.83 GB) (Free:1462.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: AB98AE0A)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 119 GB) (Disk ID: 5782AE6F)
Partition 1: (Active) - (Size=55 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
 

 

OK I think that's it... thanks



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 10 September 2013 - 04:36 PM

Greetings,
 

nice sig.

:)

Let's do this next. No need to put your logs in the code box. Copy and paste is fine.

===================================================

Manually Importing a Registry Key (.reg) File

-------------------
  • Download the following file(s) and save it to your desktop

WinDefend.reg

  • Right click on the file and select Merge
  • Once you receive confirmation the information was successfully merged reboot your computer
  • Rerun Farbar Service Scanner and post the results
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Seven\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Seven\AppData\Local\Temp\bassmod.dll
C:\Users\Seven\AppData\Local\Temp\Tsu3CE778EC.dll
C:\Users\Seven\AppData\Local\Temp\Tsu492B7663.dll
C:\Users\Seven\AppData\Local\Temp\Tsu5520BD76.dll
C:\Users\Seven\AppData\Local\Temp\TsuF451E775.dll
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Seven:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:HURIKK5Rbq0XrGwGi26
AlternateDataStreams: C:\ProgramData\Microsoft:NB043A3tlOlWLNCtYJr2
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:KKb2rvYTOhZFyAkWRSsHI
AlternateDataStreams: C:\Users\Seven\Cookies:YKBzhgywXBGSetyoFnchjinqP0d
AlternateDataStreams: C:\Users\Seven\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Seven\Templates:gs5sys
AlternateDataStreams: C:\Users\Seven\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Seven\Documents\desktop.ini:gs5sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log
  • Farbar log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 11 September 2013 - 03:14 AM

OK. Done.  Scan's were not done in safe mode.

 

 

Farbar Service Scanner Version: 05-09-2013
Ran by Seven (administrator) on 10-09-2013 at 22:08:29
Running from "C:\Users\Seven\Desktop\Malware Removal"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013
Ran by Seven at 2013-09-10 22:11:31 Run:1
Running from C:\Users\Seven\Desktop\Malware Removal
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Seven\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Seven\AppData\Local\Temp\bassmod.dll
C:\Users\Seven\AppData\Local\Temp\Tsu3CE778EC.dll
C:\Users\Seven\AppData\Local\Temp\Tsu492B7663.dll
C:\Users\Seven\AppData\Local\Temp\Tsu5520BD76.dll
C:\Users\Seven\AppData\Local\Temp\TsuF451E775.dll
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Seven:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Microsoft:HURIKK5Rbq0XrGwGi26
AlternateDataStreams: C:\ProgramData\Microsoft:NB043A3tlOlWLNCtYJr2
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:gs5sys
AlternateDataStreams: C:\Users\Seven\Cookies:KKb2rvYTOhZFyAkWRSsHI
AlternateDataStreams: C:\Users\Seven\Cookies:YKBzhgywXBGSetyoFnchjinqP0d
AlternateDataStreams: C:\Users\Seven\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Seven\Templates:gs5sys
AlternateDataStreams: C:\Users\Seven\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Seven\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Seven\Documents\desktop.ini:gs5sys
*****************

C:\Users\Seven\AppData\Local\Temp\AdobeApplicationManager.exe => Moved successfully.
C:\Users\Seven\AppData\Local\Temp\bassmod.dll => Moved successfully.
C:\Users\Seven\AppData\Local\Temp\Tsu3CE778EC.dll => Moved successfully.
C:\Users\Seven\AppData\Local\Temp\Tsu492B7663.dll => Moved successfully.
C:\Users\Seven\AppData\Local\Temp\Tsu5520BD76.dll => Moved successfully.
C:\Users\Seven\AppData\Local\Temp\TsuF451E775.dll => Moved successfully.
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Seven => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Microsoft => ":HURIKK5Rbq0XrGwGi26" ADS removed successfully.
C:\ProgramData\Microsoft => ":NB043A3tlOlWLNCtYJr2" ADS removed successfully.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Seven\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Seven\Cookies" => ":gs5sys" ADS not found.
"C:\Users\Seven\Cookies" => ":KKb2rvYTOhZFyAkWRSsHI" ADS not found.
"C:\Users\Seven\Cookies" => ":YKBzhgywXBGSetyoFnchjinqP0d" ADS not found.
"C:\Users\Seven\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Seven\Templates" => ":gs5sys" ADS not found.
C:\Users\Seven\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Seven\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Seven\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Seven\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Seven\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Seven\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

==== End of Fixlog ====

 

 

 

After I merged the reg file I opened windows defender and updated it... I knew that it had somehow been disabled... I'm glad that's fixed.  However, after fixing it my internet was very slow... don't know if it's related or not.

 

download speed is painfully slow still... about 30-40 Kb/sec... should be 700+ 

 

thank you


Edited by mpt145, 11 September 2013 - 03:17 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 11 September 2013 - 09:34 AM

Greetings,

Part of the registry information for Windows Defender was missing. Running the reg fix took care of that.

I would like you to disable Hamachi through Device Manager. If possible, please connect your computer directly to the modem and see if anything changes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 11 September 2013 - 11:35 AM

Greetings,

Part of the registry information for Windows Defender was missing. Running the reg fix took care of that.

I would like you to disable Hamachi through Device Manager. If possible, please connect your computer directly to the modem and see if anything changes.

 

Yeah... LogMeIn Hamachi is software... not hardware it is a VPN that I set up between my home computers and work computers.. I've used it for the last 5 years with no problems.

moreover, it is installed on several computers in my home network that connect to my router.

 

connecting directly to the router is a logical diagnostic move except for one thing... the 4 other computers in my house that all connect to the same router do not have these problems... I guess I forgot to mention that.

Every other computer can connect with plently speed to the internet through my router.. it's just this particular computer that has the issue.

 

Is there still a need to bypass the router?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 11 September 2013 - 11:39 AM

Yes, I understand but I need to rule that out before we start tinkering with your computer. It doesn't make a lot of sense that bypassing would make any difference but stranger things have happened. I just want to be sure you still experience the issue even with a direct connect.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 11 September 2013 - 06:21 PM

OK... well... I'll look into that... but I don't have a ethernet cable long enough to hook up directly to my computer where it's at so I don't know how soon I can do it.

 

EDIT:  I have one at work.. but I won't be able to check until tomorrow night =/


Edited by mpt145, 11 September 2013 - 06:23 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 11 September 2013 - 06:31 PM

You can try connecting wirelessly without Hamachi. I am just wondering if that program on your computer is causing issues.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 12 September 2013 - 11:47 AM

PROBLEM SOLVED :guitar:

 

I had been suspicious that this was a configuration issue for a while... I had started by trying to fix it from that angle... when nothing helped I though it must be malware.

 

The problem had been intermittent and was very flickle and last night was crippling... so bad I could harldly load a web page.

 

I had already tried disconnecting my hamachi and miniport driver and then I was all set to try getting a wired connection to my router....

 

but then the obvious hit me...  if that works its a hardware issue and my wireless network adapter is shot! that would explain why the other

computers on my network weren't effected!

 

So, I Just swapped out my USB wireless network adapter and BAM - super lightning fast speed back again... plugged the old busted on in there and

I was back to 10-30 KB/sec... swap it for a good one 600+ Kb/sec...

 

It's sooooo obvious I feel really stupid for not thinking of that earlier. thanks for the help.

 

PROBLEM SOLVED! :guitar:


Edited by mpt145, 12 September 2013 - 11:47 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,577 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:30 AM

Posted 12 September 2013 - 12:07 PM

That is fine news. Is there anything else you might need assistance with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 mpt145

mpt145
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 13 September 2013 - 02:32 AM

good to go.

 

thx! :bananas:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users