Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • This topic is locked This topic is locked
21 replies to this topic

#1 Damian007

Damian007

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 04 January 2014 - 02:36 PM

Hello everyone.  My question is about RogueKiller and GEHR programs.  When I run these, they crash.  RogueKiller stops when it gets to the second scan at the part where external hives are being checked.  If I disconnect a usb drive, RogueKiller completes without crashing.  The other program just crashes. Am I infected?  RogueKiller does find pups but crashes.  When the usb drive is disconnected, RogueKiller successfully completes and never finds anything.  If I watch RogueKiller carefully, as soon as it finds pups on the second scan I stop it and am able to delete the pups.  However, if I rescan there are no pups yet RogueKiller still crashes.

 

When I restart RogueKiller and scan, I have to scan then watch the second scan for pups and again the pups appear.  It is cat and mouse to find them, stop the program, then delete them. GEHR simply crashes at some point during its scan and it gives me the blue screen of death.  I am running Win 7.

 

Any help, suggestions, etc. including moving this to a better thread if necessary would be appreciated. Also, I have run AdwCleaner, Combofix, Rkill, JRT, TDSSKiller, Malwarebytes Root Kit, etc. and only RogueKiller finds anything (pups).  I apologize if I have GEHR wrong as a name for the other program.  It is a scanning program. 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 09 January 2014 - 02:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519631 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 January 2014 - 03:34 PM



Hello Damian007

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 04:25 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2012 8:35:34 PM
System Uptime: 1/16/2014 10:44:31 AM (30 hours ago)
.
Motherboard: Hewlett-Packard |  | 167C
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 647 GiB total, 143.218 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 39 GiB total, 19.584 GiB free.
F: is FIXED (FAT32) - 12 GiB total, 0.012 GiB free.
G: is CDROM ()
I: is FIXED (NTFS) - 1863 GiB total, 532.649 GiB free.
O: is FIXED (NTFS) - 932 GiB total, 0.323 GiB free.
R: is FIXED (NTFS) - 298 GiB total, 4.499 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: psc 2500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: hp
Name: psc 2500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0001
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9 #2
PNP Device ID: ROOT\NET\0001
Service: tap0901
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&5DBC8DB&2&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&5DBC8DB&2&2
Service: BthPan
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Shrew Soft Lightweight Filter
Device ID: ROOT\LEGACY_VFLT\0000
Manufacturer:
Name: Shrew Soft Lightweight Filter
PNP Device ID: ROOT\LEGACY_VFLT\0000
Service: vflt
.
==== System Restore Points ===================
.
RP574: 1/8/2014 6:01:06 AM - Windows Update
RP575: 1/12/2014 2:25:03 AM - Windows Update
RP576: 1/13/2014 1:57:30 PM - Installed PlayOn
RP577: 1/15/2014 9:51:19 AM - Windows Update
RP578: 1/16/2014 3:00:26 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Ad Muncher v4.93.33707
Adguard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
Air Playit 2.0.0
Aiseesoft Total Video Converter Platinum 7.1.8
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 7.5
ArcSoft MediaConverter 8
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
Argazki Galeria
ASUS Ai Charger
Atheros Driver Installation Program
Audio Converter
BBC iPlayer Desktop
Bonjour
CallClerk
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CloneCD
CloneDVD2
CloneDVDmobile
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools
Energy Star Digital Logo
English CWE Toolbar
ESET Online Scanner v3
Evernote v. 4.2.2
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Galeria de Fotos
Galeria fotogràfica
Galerie de photos
Galería de fotos
Game Jackal v4.1.1.7 (64 bit)
Game Jackal v5.2.0.0 (64 bit)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Auto
HP Connection Manager
HP Customer Experience Enhancements
HP DayStarter
HP Documentation
HP ESU for Microsoft Windows 7
HP ProtectTools Security Manager
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Webcam Driver
HP Wireless Assistant
iCloud
IdentaFone Pro
IDT Audio
iExplorer 3.2.5.0
Intel® Control Center
Intel® Identity Protection Technology 1.0.71.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iPhone Configuration Utility
iTunes
Java 7 Update 7 (64-bit)
Java Auto Updater
Java™ 6 Update 31
JMicron Flash Media Controller Driver
Lernout & Hauspie TruVoice American English TTS Engine
LSI USB 2.0 Soft Modem
MailWasherPro
Malwarebytes Anti-Malware version 1.75.0.1300
Mezzmo
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Speech SDK 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works 6-9 Converter
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Thunderbird 12.0.1 (x86 en-US)
MPC-HC 1.6.8
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nitro Pro 8
Online Plug-in
Panda Cloud Cleaner
PDF Complete Special Edition
PeerBlock 1.2 (r693)
PFPortChecker 1.0.39
Photo Common
Photo Gallery
Picasa 3
PingPlotter Freeware
PlayOn
Printer Pro Desktop
Privacy Manager for HP ProtectTools
PrivateTunnel
Qualcomm Atheros Bluetooth Suite (64)
QuickTime
Realtek Ethernet Controller All-In-One Windows Driver
Riverpoint Writer
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
Sophos Anti-Rootkit 1.5.23
swMSM
Synaptics Pointing Device Driver
Talking Caller ID V6
Theft Recovery for HP ProtectTools
Total Video Converter 3.71 100812
Total Video2Dvd 3.30
True Image 2013
TunnelBear 1.0.38
Ultracopier 1.0.1.11
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Validity Fingerprint Sensor Driver
VC80CRTRedist - 8.0.50727.6195
VIP Access SDK x64(1.0.0.50)
VirtualCloneDrive
VLC media player 2.1.2
VLC Setup Helper
VLC Streamer 4.23
VueScan x64
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WiRNS
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
1/17/2014 9:22:09 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
1/16/2014 3:45:27 AM, Error: Service Control Manager [7034]  - The WiRNS service terminated unexpectedly.  It has done this 1 time(s).
1/16/2014 3:45:24 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the HPDayStarterService service.
1/16/2014 3:44:29 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/16/2014 3:43:24 AM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
1/16/2014 3:42:50 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/16/2014 3:40:01 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
1/16/2014 3:38:01 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
1/16/2014 10:47:54 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SAVRKBootTasks vflt
1/16/2014 10:47:53 AM, Error: RemoteAccess [20106]  - Unable to add the interface {D6D3698D-1CFF-412B-95EF-72271B4CC0C6} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
1/16/2014 10:47:53 AM, Error: RemoteAccess [20106]  - Unable to add the interface {D6D3698D-1CFF-412B-95EF-72271B4CC0C6} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
1/16/2014 10:47:53 AM, Error: RemoteAccess [20106]  - Unable to add the interface {188CD475-7A52-45F2-84E8-B49CAC31F91B} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
1/16/2014 10:47:53 AM, Error: RemoteAccess [20106]  - Unable to add the interface {1542AF77-FB75-46A9-9FA9-39521717DACA} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
1/16/2014 10:47:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (120000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
1/16/2014 10:47:29 AM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/16/2014 1:43:15 PM, Error: RemoteAccess [20106]  - Unable to add the interface {C7D3DB54-E085-4968-9971-FB3726FF2320} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
1/13/2014 2:01:17 PM, Error: Service Control Manager [7030]  - The MediaMall Server service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================

 

and

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_31
Run by Damian at 16:19:20 on 2014-01-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8126.4260 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Adguard\AdguardSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\WiRNS\WiRNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\WiRNS\WiRNSMon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Conceiva\Mezzmo\Mezzmo.exe
C:\Users\Damian\wopt021\WLAN Optimizer.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Digiarty\Air_Playit\airplayit.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe
C:\Program Files (x86)\Adguard\Adguard.exe
C:\Program Files\Ultracopier\ultracopier.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\TypeItIn\TypeItIn.exe
C:\Program Files (x86)\CallClerk\CallClerk.exe
C:\Program Files\Digiarty\Air_Playit\AirPS.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\windva\WinDVA2.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Ad Muncher\AdMunch.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
uRun: [Mezzmo] C:\Program Files (x86)\Conceiva\Mezzmo\Mezzmo.exe
uRun: [WLAN Optimizer] C:\Users\Damian\wopt021\WLAN Optimizer.exe
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
uRun: [GoogleChromeAutoLaunch_3F2E34BF7A244698209604940BA7FE5B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
uRun: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe /autorun
uRun: [Adguard] C:\Program Files (x86)\Adguard\Adguard.exe
uRun: [ultracopier] "C:\Program Files\Ultracopier\ultracopier.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CALLCL~1.LNK - C:\Program Files (x86)\CallClerk\CallClerk.exe
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DVARCH~1.LNK - C:\dvarchive\DVArchive.jar
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VLCSTR~1.LNK - C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
StartupFolder: C:\Users\Damian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDVA~1.LNK - C:\windva\WinDVA2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: CallClerk Dial - C:\Users\Damian\AppData\Roaming\CallClerk\callclerk.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: PlayOn - C:\Program Files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B} : NameServer = 192.168.0.1
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B}\4416D69616E672370207C61697C6963747 : DHCPNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{2CADCD38-AAD2-4A7D-B1D7-26F5F57DFD3C} : DHCPNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{7AA7D9C2-3E1C-46EB-B105-A09C5E773A61} : DHCPNameServer = 198.224.188.236 198.224.189.236
TCP: Interfaces\{BB19B170-6755-44E7-8F71-E94E240E0412} : DHCPNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{C7D3DB54-E085-4968-9971-FB3726FF2320} : NameServer = 192.168.0.1
TCP: Interfaces\{F773C453-0BAF-46B8-A533-26217AEE86A0} : DHCPNameServer = 8.8.8.8
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {56bc31de-97ab-4563-8599-ad5d4e9800f9} - <orphaned>
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-Run: [WiRNSMon] C:\WiRNS\WiRNSMon.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\windows\System32\drivers\fltsrv.sys [2012-12-18 155272]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tib_mounter;Acronis TIB Mounter;C:\windows\System32\drivers\tib_mounter.sys [2012-12-18 1093256]
R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2012-12-18 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\windows\System32\drivers\vidsflt.sys [2012-12-18 166024]
R1 adgnetworktdi;adgnetworktdi;C:\windows\System32\drivers\adgnetworktdi.sys [2013-12-7 59504]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 Adguard Service;Adguard Service;C:\Program Files (x86)\Adguard\AdguardSvc.exe [2013-11-20 120344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-7-22 89600]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-12-18 3696632]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-9-14 216192]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GJService;Game Jackal Server;C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [2012-4-20 3547648]
R2 GJServiceV5;Game Jackal Server v5;C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe [2013-8-6 4502200]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-9-24 31040]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-26 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2014-1-6 5863216]
R2 Mezzmo;Mezzmo;C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2013-12-4 4450088]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [2012-10-12 24064]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-4 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2013-1-27 498352]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-26 2656536]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-7-19 2714232]
R2 WiRNS;WiRNS;C:\WiRNS\WiRNS.exe [2011-8-17 147456]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-9-14 323584]
R3 afcdp;afcdp;C:\windows\System32\drivers\afcdp.sys [2012-12-18 367200]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-9-26 42816]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2013-1-12 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2013-1-12 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2013-1-12 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2013-1-12 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2013-1-12 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2013-1-12 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2013-1-12 135832]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2013-1-12 575128]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-15 317440]
R3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-29 29720]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-1-11 175928]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 MaplomL;MaplomL;C:\windows\System32\drivers\maploml.sys [2012-4-20 60472]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-3-31 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-4-8 22600]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-7-23 872152]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tapoas;TAP-Win32 Adapter OAS;C:\windows\System32\drivers\tapoas.sys [2012-7-15 30720]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S1 vflt;Shrew Soft Lightweight Filter;C:\windows\System32\drivers\vfilter.sys [2010-9-2 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 AESTAud;IDT AE Audio Service;C:\windows\System32\drivers\AESTAu64.sys [2012-6-8 146048]
S3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\windows\System32\drivers\AthDfu.sys [2012-8-19 55448]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-9-5 1420192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-10-31 91352]
S3 MEMSWEEP2;MEMSWEEP2;C:\windows\System32\F3B2.tmp [2013-12-29 6144]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 PSKMAD;PSKMAD;C:\windows\System32\drivers\PSKMAD.sys [2013-12-30 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456]
S3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-20 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vnet;Shrew Soft Virtual Adapter;C:\windows\System32\drivers\virtualnet.sys [2010-9-2 17408]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-31 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-17 15:59:45 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C62BA50B-DB33-4C1B-BF3D-B708F176DB68}\mpengine.dll
2014-01-15 21:47:29 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 11:15:03 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-01-15 11:15:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-01-15 11:15:03 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-01-15 11:15:03 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-01-15 11:15:03 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-01-15 11:15:03 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-15 11:15:03 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-01-15 11:15:03 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2014-01-15 11:15:02 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2014-01-13 18:58:43 -------- d-----w- C:\Program Files (x86)\Common Files\ffdshowEx
2014-01-08 19:09:12 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-30 23:02:09 -------- d-----w- C:\Program Files\iPod
2013-12-30 23:02:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 23:02:08 -------- d-----w- C:\Program Files\iTunes
2013-12-30 23:02:08 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-30 17:45:36 22752 ----a-w- C:\windows\System32\PCloudBroom64.exe
2013-12-30 17:24:50 47632 ----a-w- C:\windows\System32\drivers\PSKMAD.sys
2013-12-30 17:23:35 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-12-30 15:12:59 91648 ----a-w- C:\windows\System32\drivers\USBSTOR.SYS.bak
2013-12-30 14:23:17 -------- d-----w- C:\FRST
2013-12-30 03:04:20 -------- d-----w- C:\Program Files\CCleaner
2013-12-30 00:23:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-30 00:10:59 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-29 23:55:21 98816 ----a-w- C:\windows\sed.exe
2013-12-29 23:55:21 256000 ----a-w- C:\windows\PEV.exe
2013-12-29 23:55:21 208896 ----a-w- C:\windows\MBR.exe
2013-12-29 23:55:14 -------- d-----w- C:\ComboFix
2013-12-29 20:26:30 18816 ------w- C:\windows\SysWow64\SAVRKBootTasks.sys
2013-12-29 18:08:28 6144 ------w- C:\windows\System32\F3B2.tmp
2013-12-29 18:05:05 6144 ------w- C:\windows\System32\DBEC.tmp
2013-12-29 00:10:57 -------- d-----w- C:\env0
2013-12-21 16:08:49 6144 ------w- C:\windows\System32\8A51.tmp
2013-12-21 16:07:53 6144 ------w- C:\windows\System32\B037.tmp
2013-12-21 05:19:26 -------- d-----w- C:\MGtools
2013-12-20 21:48:34 6144 ------w- C:\windows\System32\9D4A.tmp
2013-12-20 21:47:47 6144 ------w- C:\windows\System32\E83D.tmp
2013-12-20 21:47:39 -------- d-----w- C:\Program Files (x86)\Sophos
.
==================== Find3M  ====================
.
2013-12-10 19:37:25 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 19:37:25 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-07 19:24:54 280 ----a-w- C:\windows\SysWow64\d3dx9_11.dll.tmp
2013-12-07 19:24:53 280 ----a-w- C:\windows\SysWow64\drivers\vwifikerneldrv.sys
2013-11-26 14:46:14 138152 ----a-w- C:\windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46:14 138152 ----a-w- C:\windows\System32\drivers\AnyDVD.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-25 01:16:47 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll
2013-11-25 01:16:41 92 ----a-w- C:\windows\System32\calibration.bin
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-31 18:38:17 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-10-30 08:52:50 169712 ----a-w- C:\windows\SysWow64\SynTPCom.dll
2013-10-30 08:52:48 549104 ----a-w- C:\windows\System32\drivers\SynTP.sys
2013-10-30 08:52:48 422640 ----a-w- C:\windows\System32\SynTPCo19.dll
2013-10-30 08:52:48 252144 ----a-w- C:\windows\System32\SynTPAPI.dll
2013-10-30 08:52:42 723184 ----a-w- C:\windows\System32\SynCOM.dll
2013-10-30 08:52:42 400624 ----a-w- C:\windows\SysWow64\SynCom.dll
2013-10-30 08:52:36 161880 ----a-w- C:\windows\System32\pca-manta.bin
2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-29 20:04:44 60472 ----a-w- C:\windows\System32\drivers\maploml.sys
2013-10-29 20:04:24 35384 ----a-w- C:\windows\System32\drivers\maplom.sys
.
============= FINISH: 16:20:01.48 ===============

 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 January 2014 - 05:03 PM



Hello Damian007

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 07:23 PM

Adwcleaner report

 

# AdwCleaner v3.017 - Report created 17/01/2014 at 19:15:15
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Damian - DAMIAN-HP
# Running from : C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTXEHAX6\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1178 octets] - [28/08/2013 13:39:18]
AdwCleaner[R10].txt - [1971 octets] - [31/10/2013 18:25:00]
AdwCleaner[R11].txt - [2093 octets] - [01/11/2013 16:11:03]
AdwCleaner[R12].txt - [4492 octets] - [04/11/2013 08:06:29]
AdwCleaner[R13].txt - [2337 octets] - [09/11/2013 09:42:59]
AdwCleaner[R14].txt - [2459 octets] - [11/11/2013 14:34:09]
AdwCleaner[R15].txt - [2580 octets] - [16/11/2013 20:46:16]
AdwCleaner[R16].txt - [2863 octets] - [22/11/2013 16:28:39]
AdwCleaner[R17].txt - [2825 octets] - [23/11/2013 19:25:15]
AdwCleaner[R18].txt - [3054 octets] - [26/11/2013 09:14:45]
AdwCleaner[R19].txt - [3069 octets] - [03/12/2013 23:34:16]
AdwCleaner[R1].txt - [886 octets] - [30/08/2013 13:18:34]
AdwCleaner[R20].txt - [3187 octets] - [06/12/2013 08:15:02]
AdwCleaner[R21].txt - [3309 octets] - [13/12/2013 22:01:27]
AdwCleaner[R22].txt - [3435 octets] - [15/12/2013 14:02:55]
AdwCleaner[R23].txt - [3557 octets] - [18/12/2013 10:41:59]
AdwCleaner[R24].txt - [3679 octets] - [20/12/2013 11:25:04]
AdwCleaner[R25].txt - [3797 octets] - [20/12/2013 15:19:21]
AdwCleaner[R26].txt - [3923 octets] - [29/12/2013 12:48:39]
AdwCleaner[R27].txt - [4045 octets] - [30/12/2013 08:54:41]
AdwCleaner[R28].txt - [4167 octets] - [08/01/2014 12:36:43]
AdwCleaner[R29].txt - [4290 octets] - [11/01/2014 09:06:26]
AdwCleaner[R2].txt - [1237 octets] - [04/09/2013 11:25:04]
AdwCleaner[R30].txt - [4475 octets] - [15/01/2014 13:22:15]
AdwCleaner[R31].txt - [4597 octets] - [17/01/2014 19:14:30]
AdwCleaner[R3].txt - [1125 octets] - [07/09/2013 10:23:44]
AdwCleaner[R4].txt - [1422 octets] - [20/09/2013 11:50:29]
AdwCleaner[R5].txt - [1432 octets] - [21/09/2013 07:20:10]
AdwCleaner[R6].txt - [1484 octets] - [03/10/2013 11:47:08]
AdwCleaner[R7].txt - [2444 octets] - [16/10/2013 10:20:54]
AdwCleaner[R8].txt - [3868 octets] - [24/10/2013 05:36:19]
AdwCleaner[R9].txt - [3756 octets] - [25/10/2013 23:31:22]
AdwCleaner[S0].txt - [1251 octets] - [28/08/2013 13:46:22]
AdwCleaner[S10].txt - [2034 octets] - [31/10/2013 18:27:07]
AdwCleaner[S11].txt - [2156 octets] - [01/11/2013 16:12:09]
AdwCleaner[S12].txt - [4556 octets] - [04/11/2013 12:49:53]
AdwCleaner[S13].txt - [2400 octets] - [09/11/2013 09:43:57]
AdwCleaner[S14].txt - [2522 octets] - [11/11/2013 14:34:42]
AdwCleaner[S15].txt - [2643 octets] - [16/11/2013 20:47:31]
AdwCleaner[S16].txt - [2929 octets] - [22/11/2013 16:29:12]
AdwCleaner[S17].txt - [2887 octets] - [23/11/2013 19:25:45]
AdwCleaner[S18].txt - [3079 octets] - [26/11/2013 09:15:23]
AdwCleaner[S19].txt - [3131 octets] - [03/12/2013 23:35:03]
AdwCleaner[S1].txt - [946 octets] - [30/08/2013 13:19:31]
AdwCleaner[S20].txt - [3249 octets] - [06/12/2013 08:16:07]
AdwCleaner[S21].txt - [3371 octets] - [13/12/2013 22:02:08]
AdwCleaner[S22].txt - [3497 octets] - [15/12/2013 14:04:25]
AdwCleaner[S23].txt - [3619 octets] - [18/12/2013 10:43:30]
AdwCleaner[S24].txt - [3741 octets] - [20/12/2013 11:25:42]
AdwCleaner[S25].txt - [3859 octets] - [20/12/2013 15:19:53]
AdwCleaner[S26].txt - [3985 octets] - [29/12/2013 12:51:58]
AdwCleaner[S27].txt - [4107 octets] - [30/12/2013 08:55:16]
AdwCleaner[S28].txt - [4229 octets] - [08/01/2014 12:37:48]
AdwCleaner[S29].txt - [4352 octets] - [11/01/2014 09:34:08]
AdwCleaner[S2].txt - [1303 octets] - [04/09/2013 11:26:27]
AdwCleaner[S30].txt - [4537 octets] - [15/01/2014 13:23:36]
AdwCleaner[S31].txt - [4098 octets] - [17/01/2014 19:15:15]
AdwCleaner[S3].txt - [598 octets] - [07/09/2013 10:24:42]
AdwCleaner[S4].txt - [1485 octets] - [20/09/2013 11:51:36]
AdwCleaner[S5].txt - [1494 octets] - [21/09/2013 07:20:59]
AdwCleaner[S6].txt - [1546 octets] - [03/10/2013 11:48:08]
AdwCleaner[S7].txt - [2408 octets] - [16/10/2013 10:22:14]
AdwCleaner[S8].txt - [3938 octets] - [24/10/2013 05:39:13]
AdwCleaner[S9].txt - [3818 octets] - [25/10/2013 23:32:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S31].txt - [4578 octets] ##########



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 17 January 2014 - 08:46 PM


Hello Damian007

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 09:49 PM

JRT log  and the computer seems to be running fine.  I can't figure out why Roguekiller finds pups but crashes before it finishes.  I have not run Rouguekiller because I have been following your cues.  Now that I have the JRT log in, let me say thank you.  I am onto Combofix for my next post.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Damian on Fri 01/17/2014 at 19:24:39.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/17/2014 at 19:46:33.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 10:23 PM

ComboFix 14-01-16.03 - Damian 01/17/2014  21:53:18.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8126.3718 [GMT -5:00]
Running from: c:\users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QO1D30A2\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Damian\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-18 to 2014-01-18  )))))))))))))))))))))))))))))))
.
.
2014-01-18 03:12 . 2014-01-18 03:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-18 03:12 . 2014-01-18 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-18 02:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC4CE987-AA4F-4964-B51D-4EE773E9A380}\mpengine.dll
2014-01-15 21:47 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 11:15 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:15 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:15 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:15 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:15 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:15 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:15 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 11:15 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:15 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-13 18:58 . 2014-01-13 18:58 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2014-01-08 19:09 . 2014-01-08 19:09 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files\iPod
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files\iTunes
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files (x86)\iTunes
2013-12-30 17:45 . 2013-04-08 20:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2013-12-30 17:24 . 2013-04-29 13:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-12-30 17:23 . 2013-12-30 17:23 -------- d-----w- c:\program files (x86)\Panda Security
2013-12-30 15:12 . 2013-12-30 15:32 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-30 14:23 . 2013-12-30 14:23 -------- d-----w- C:\FRST
2013-12-30 03:04 . 2013-12-30 03:04 -------- d-----w- c:\program files\CCleaner
2013-12-30 00:10 . 2013-12-30 00:10 -------- d-----w- c:\program files (x86)\ESET
2013-12-29 20:26 . 2011-08-25 14:37 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2013-12-29 18:08 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\F3B2.tmp
2013-12-29 18:05 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\DBEC.tmp
2013-12-29 00:10 . 2013-12-29 00:10 -------- d-----w- C:\env0
2013-12-21 16:08 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\8A51.tmp
2013-12-21 16:07 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\B037.tmp
2013-12-21 05:19 . 2013-12-21 05:40 -------- d-----w- C:\MGtools
2013-12-20 21:48 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\9D4A.tmp
2013-12-20 21:47 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\E83D.tmp
2013-12-20 21:47 . 2013-12-20 21:47 -------- d-----w- c:\program files (x86)\Sophos
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:01 . 2012-03-31 19:46 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-21 05:40 . 2013-12-21 05:19 320250 ----a-w- C:\MGlogs.zip
2013-12-10 19:37 . 2013-12-10 18:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 19:37 . 2012-09-05 15:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-07 19:24 . 2013-12-07 19:24 280 ----a-w- c:\windows\SysWow64\d3dx9_11.dll.tmp
2013-12-07 19:24 . 2013-12-07 19:24 280 ----a-w- c:\windows\SysWow64\drivers\vwifikerneldrv.sys
2013-11-26 14:46 . 2013-11-26 14:46 138152 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46 . 2013-11-26 14:46 138152 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2013-11-26 11:54 . 2013-12-11 08:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 08:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 08:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 08:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 08:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 08:02 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 08:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 08:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 08:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 08:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 08:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 08:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 08:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 08:02 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 08:02 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 08:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 08:02 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 08:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 08:02 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 08:02 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 08:02 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 08:02 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 08:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 08:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-25 01:16 . 2013-11-25 01:17 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-11-25 01:16 . 2013-11-25 01:16 92 ----a-w- c:\windows\system32\calibration.bin
2013-11-23 18:26 . 2013-12-10 22:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 22:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2012-03-31 12:49 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-16 14:13 . 2013-11-16 14:13 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-16 14:13 . 2013-11-16 14:13 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-16 14:13 . 2013-11-16 14:13 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-16 14:13 . 2013-11-16 14:13 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-16 14:13 . 2013-11-16 14:13 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-16 14:13 . 2013-11-16 14:13 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-16 14:13 . 2013-11-16 14:13 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-16 14:13 . 2013-11-16 14:13 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-16 14:13 . 2013-11-16 14:13 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-16 14:13 . 2013-11-16 14:13 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-16 14:13 . 2013-11-16 14:13 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-16 14:13 . 2013-11-16 14:13 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-16 14:13 . 2013-11-16 14:13 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-16 14:13 . 2013-11-16 14:13 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-16 14:13 . 2013-11-16 14:13 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-16 14:13 . 2013-11-16 14:13 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-16 14:13 . 2013-11-16 14:13 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-16 14:13 . 2013-11-16 14:13 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-16 14:13 . 2013-11-16 14:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-16 14:13 . 2013-11-16 14:13 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-16 14:13 . 2013-11-16 14:13 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-16 14:13 . 2013-11-16 14:13 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-16 14:13 . 2013-11-16 14:13 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-16 14:13 . 2013-11-16 14:13 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-16 14:13 . 2013-11-16 14:13 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-16 14:13 . 2013-11-16 14:13 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-16 14:13 . 2013-11-16 14:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-16 14:13 . 2013-11-16 14:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-16 14:13 . 2013-11-16 14:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-16 14:13 . 2013-11-16 14:13 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-16 14:13 . 2013-11-16 14:13 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-16 14:13 . 2013-11-16 14:13 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-16 14:13 . 2013-11-16 14:13 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-16 14:13 . 2013-11-16 14:13 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-16 14:13 . 2013-11-16 14:13 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-16 14:13 . 2013-11-16 14:13 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-16 14:13 . 2013-11-16 14:13 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-16 14:13 . 2013-11-16 14:13 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-16 14:13 . 2013-11-16 14:13 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-16 14:13 . 2013-11-16 14:13 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-16 14:13 . 2013-11-16 14:13 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-16 14:13 . 2013-11-16 14:13 413696 ----a-w- c:\windows\system32\html.iec
2013-11-16 14:13 . 2013-11-16 14:13 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-16 14:13 . 2013-11-16 14:13 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-16 14:13 . 2013-11-16 14:13 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-16 14:13 . 2013-11-16 14:13 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-16 14:13 . 2013-11-16 14:13 235520 ----a-w- c:\windows\system32\url.dll
2013-11-16 14:13 . 2013-11-16 14:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-16 14:13 . 2013-11-16 14:13 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-16 14:13 . 2013-11-16 14:13 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-16 14:13 . 2013-11-16 14:13 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-16 14:13 . 2013-11-16 14:13 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-16 14:13 . 2013-11-16 14:13 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-16 14:13 . 2013-11-16 14:13 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-16 14:13 . 2013-11-16 14:13 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-16 14:13 . 2013-11-16 14:13 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-10 22:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 22:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 18:38 . 2013-10-31 18:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-30 08:52 . 2013-10-30 08:52 169712 ----a-w- c:\windows\SysWow64\SynTPCom.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
2014-01-03 13:53 287008 ----a-w- c:\program files (x86)\MediaMall\toolbar\pobho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}"= "c:\program files (x86)\MediaMall\toolbar\pobho.dll" [2014-01-03 287008]
.
[HKEY_CLASSES_ROOT\clsid\{9a87e478-a2bd-44c4-9f8c-d3989a5271b1}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn.1]
[HKEY_CLASSES_ROOT\TypeLib\{88FE9B5B-A645-45FD-B44A-9822B996C7C8}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mezzmo"="c:\program files (x86)\Conceiva\Mezzmo\Mezzmo.exe" [2013-12-05 12493096]
"WLAN Optimizer"="c:\users\Damian\wopt021\WLAN Optimizer.exe" [2009-08-07 109056]
"PlayOn"="c:\program files (x86)\MediaMall\PlayOn.exe" [2014-01-06 63808]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2014-01-16 93096]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-15 2513992]
"Digiarty_Software_AirPlayit"="c:\program files\Digiarty\Air_Playit\airplayit.exe" [2012-02-28 10468672]
"GoogleChromeAutoLaunch_3F2E34BF7A244698209604940BA7FE5B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Hobbyist Software VLC Streamer"="c:\program files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2013-10-23 1608008]
"PrinterProDesktop"="c:\program files (x86)\Printer Pro Desktop\PrinterProDesktop.exe" [2012-02-02 2132992]
"Adguard"="c:\program files (x86)\Adguard\Adguard.exe" [2013-11-21 1746968]
"ultracopier"="c:\program files\Ultracopier\ultracopier.exe" [2013-12-10 1115136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6010264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2012-07-10 169528]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2012-07-13 595144]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-09-05 184736]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-08 302961]
.
c:\users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CallClerk.lnk - c:\program files (x86)\CallClerk\CallClerk.exe [2012-11-16 3202616]
DVArchive - Shortcut.lnk - c:\dvarchive\DVArchive.jar [2012-5-28 4640139]
MailWasherPro.exe - Shortcut.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2013-10-31 5759816]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]
VLC Streamer Helper.lnk - c:\program files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [2013-10-25 1608008]
WinDVA2 - Shortcut.lnk - c:\windva\WinDVA2.exe [2012-6-26 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]
TypeItIn.lnk - c:\program files (x86)\TypeItIn\TypeItIn.exe [2012-5-24 1284152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 nibyhaxd;nibyhaxd;c:\windows\system32\drivers\nibyhaxd.sys;c:\windows\SYSNATIVE\drivers\nibyhaxd.sys [x]
R1 oahauakq;oahauakq;c:\windows\system32\drivers\oahauakq.sys;c:\windows\SYSNATIVE\drivers\oahauakq.sys [x]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
R1 zajrhkzv;zajrhkzv;c:\windows\system32\drivers\zajrhkzv.sys;c:\windows\SYSNATIVE\drivers\zajrhkzv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAu64.sys;c:\windows\SYSNATIVE\drivers\AESTAu64.sys [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F3B2.tmp;c:\windows\SYSNATIVE\F3B2.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 adgnetworktdi;adgnetworktdi;c:\windows\system32\drivers\adgnetworktdi.sys;c:\windows\SYSNATIVE\drivers\adgnetworktdi.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 Adguard Service;Adguard Service;c:\program files (x86)\Adguard\AdguardSvc.exe;c:\program files (x86)\Adguard\AdguardSvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GJService;Game Jackal Server;c:\program files (x86)\SlySoft\Game Jackal v4\Server.exe;c:\program files (x86)\SlySoft\Game Jackal v4\Server.exe [x]
S2 GJServiceV5;Game Jackal Server v5;c:\program files (x86)\SlySoft\Game Jackal v5\Server.exe;c:\program files (x86)\SlySoft\Game Jackal v5\Server.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
S2 Mezzmo;Mezzmo;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 WiRNS;WiRNS;c:\wirns\WiRNS.exe;c:\wirns\WiRNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MaplomL;MaplomL; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 23:41 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 19:37]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 18:46]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 18:46]
.
2014-01-12 c:\windows\Tasks\HPCeeScheduleForDAMIAN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-01-16 c:\windows\Tasks\HPCeeScheduleForDamian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
2014-01-03 13:53 310560 ----a-w- c:\program files (x86)\MediaMall\toolbar\pobho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}"= "c:\program files (x86)\MediaMall\toolbar\pobho64.dll" [2014-01-03 310560]
.
[HKEY_CLASSES_ROOT\CLSID\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn.1]
[HKEY_CLASSES_ROOT\TypeLib\{88FE9B5B-A645-45FD-B44A-9822B996C7C8}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WiRNSMon"="c:\wirns\WiRNSMon.exe" [2013-01-04 118784]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-15 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-15 392472]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403328]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-22 1664000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-13 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: CallClerk Dial - file://c:\users\Damian\AppData\Roaming\CallClerk\callclerk.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: PlayOn - file://c:\program files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - c:\program files (x86)\MediaMall\toolbar\pobho.dll
Trusted Zone: excelsior.edu\ecmail
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B}: NameServer = 192.168.0.1
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B}\4416D69616E672370207C61697C6963747: DhcpNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{C7D3DB54-E085-4968-9971-FB3726FF2320}: NameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{56bc31de-97ab-4563-8599-ad5d4e9800f9} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F3B2.tmp"
.
Completion time: 2014-01-17  22:20:22
ComboFix-quarantined-files.txt  2014-01-18 03:20
.
Pre-Run: 160,413,216,768 bytes free
Post-Run: 171,907,592,192 bytes free
.
- - End Of File - - 7A5144F6A2AA26723BBBE6B588D2E396
 



#10 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 10:38 PM

I would appreciate any help or suggestions or observations.  Surprisingly the last step, my own, was to try RogueKiller again and this time it found six pups *BUT* it did not crash; it ran straight through and finished.  So, joy to the world!  For whatever reason, after about a month of it crashing, the latest version and my laptop agree on working together.   When I ask for help or suggestions or observations, I mean if you saw anything in the logs worth noting, please share.  I am not an expert interpreting the results.  Thanks!  Also, I appreciate your staying with me through this to here, the happy ending.



#11 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 17 January 2014 - 10:40 PM

And my screen saver and my media server software is streaming perfectly on the gigabit connection to the TV (wired).



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 18 January 2014 - 12:59 PM


Hello Damian007

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 19 January 2014 - 12:49 PM

Computer seems to be running fine, thank you.  Do you have any thoughts at this point about what was/is/if anything amiss?  Thanks!

 

Combofix log after running script:

 

ComboFix 14-01-16.03 - Damian 01/19/2014  12:16:15.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8126.3524 [GMT -5:00]
Running from: c:\users\Damian\Desktop\ComboFix.exe
Command switches used :: c:\users\Damian\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 17:32 . 2014-01-19 17:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-19 17:32 . 2014-01-19 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-19 00:28 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E08565F5-40E9-4DED-9C65-51D0E41A11E1}\mpengine.dll
2014-01-18 03:24 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-15 11:15 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:15 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:15 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:15 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:15 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:15 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:15 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 11:15 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:15 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-13 18:58 . 2014-01-13 18:58 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2014-01-08 19:09 . 2014-01-08 19:09 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files\iPod
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files\iTunes
2013-12-30 23:02 . 2013-12-30 23:02 -------- d-----w- c:\program files (x86)\iTunes
2013-12-30 17:45 . 2013-04-08 20:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2013-12-30 17:24 . 2013-04-29 13:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-12-30 17:23 . 2013-12-30 17:23 -------- d-----w- c:\program files (x86)\Panda Security
2013-12-30 14:23 . 2013-12-30 14:23 -------- d-----w- C:\FRST
2013-12-30 03:04 . 2013-12-30 03:04 -------- d-----w- c:\program files\CCleaner
2013-12-30 00:10 . 2013-12-30 00:10 -------- d-----w- c:\program files (x86)\ESET
2013-12-29 20:26 . 2011-08-25 14:37 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2013-12-29 18:08 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\F3B2.tmp
2013-12-29 18:05 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\DBEC.tmp
2013-12-29 00:10 . 2013-12-29 00:10 -------- d-----w- C:\env0
2013-12-21 16:08 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\8A51.tmp
2013-12-21 16:07 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\B037.tmp
2013-12-21 05:19 . 2013-12-21 05:40 -------- d-----w- C:\MGtools
2013-12-20 21:48 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\9D4A.tmp
2013-12-20 21:47 . 2011-08-25 14:33 6144 ------w- c:\windows\system32\E83D.tmp
2013-12-20 21:47 . 2013-12-20 21:47 -------- d-----w- c:\program files (x86)\Sophos
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:01 . 2012-03-31 19:46 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-21 05:40 . 2013-12-21 05:19 320250 ----a-w- C:\MGlogs.zip
2013-12-10 19:37 . 2013-12-10 18:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 19:37 . 2012-09-05 15:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-07 19:24 . 2013-12-07 19:24 280 ----a-w- c:\windows\SysWow64\d3dx9_11.dll.tmp
2013-12-07 19:24 . 2013-12-07 19:24 280 ----a-w- c:\windows\SysWow64\drivers\vwifikerneldrv.sys
2013-11-26 14:46 . 2013-11-26 14:46 138152 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46 . 2013-11-26 14:46 138152 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2013-11-26 11:54 . 2013-12-11 08:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 08:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 08:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 08:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 08:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 08:02 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 08:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 08:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 08:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 08:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 08:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 08:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 08:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 08:02 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 08:02 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 08:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 08:02 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 08:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 08:02 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 08:02 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 08:02 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 08:02 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 08:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 08:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-25 01:16 . 2013-11-25 01:17 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-11-25 01:16 . 2013-11-25 01:16 92 ----a-w- c:\windows\system32\calibration.bin
2013-11-23 18:26 . 2013-12-10 22:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 22:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2012-03-31 12:49 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-16 14:13 . 2013-11-16 14:13 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-16 14:13 . 2013-11-16 14:13 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-16 14:13 . 2013-11-16 14:13 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-16 14:13 . 2013-11-16 14:13 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-16 14:13 . 2013-11-16 14:13 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-16 14:13 . 2013-11-16 14:13 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-16 14:13 . 2013-11-16 14:13 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-16 14:13 . 2013-11-16 14:13 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-16 14:13 . 2013-11-16 14:13 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-16 14:13 . 2013-11-16 14:13 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-16 14:13 . 2013-11-16 14:13 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-16 14:13 . 2013-11-16 14:13 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-16 14:13 . 2013-11-16 14:13 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-16 14:13 . 2013-11-16 14:13 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-16 14:13 . 2013-11-16 14:13 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-16 14:13 . 2013-11-16 14:13 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-16 14:13 . 2013-11-16 14:13 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-16 14:13 . 2013-11-16 14:13 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-16 14:13 . 2013-11-16 14:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-16 14:13 . 2013-11-16 14:13 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-16 14:13 . 2013-11-16 14:13 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-16 14:13 . 2013-11-16 14:13 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-16 14:13 . 2013-11-16 14:13 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-16 14:13 . 2013-11-16 14:13 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-16 14:13 . 2013-11-16 14:13 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-16 14:13 . 2013-11-16 14:13 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-16 14:13 . 2013-11-16 14:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-16 14:13 . 2013-11-16 14:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-16 14:13 . 2013-11-16 14:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-16 14:13 . 2013-11-16 14:13 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-16 14:13 . 2013-11-16 14:13 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-16 14:13 . 2013-11-16 14:13 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-16 14:13 . 2013-11-16 14:13 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-16 14:13 . 2013-11-16 14:13 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-16 14:13 . 2013-11-16 14:13 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-16 14:13 . 2013-11-16 14:13 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-16 14:13 . 2013-11-16 14:13 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-16 14:13 . 2013-11-16 14:13 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-16 14:13 . 2013-11-16 14:13 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-16 14:13 . 2013-11-16 14:13 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-16 14:13 . 2013-11-16 14:13 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-16 14:13 . 2013-11-16 14:13 413696 ----a-w- c:\windows\system32\html.iec
2013-11-16 14:13 . 2013-11-16 14:13 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-16 14:13 . 2013-11-16 14:13 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-16 14:13 . 2013-11-16 14:13 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-16 14:13 . 2013-11-16 14:13 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-16 14:13 . 2013-11-16 14:13 235520 ----a-w- c:\windows\system32\url.dll
2013-11-16 14:13 . 2013-11-16 14:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-16 14:13 . 2013-11-16 14:13 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-16 14:13 . 2013-11-16 14:13 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-16 14:13 . 2013-11-16 14:13 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-16 14:13 . 2013-11-16 14:13 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-16 14:13 . 2013-11-16 14:13 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-16 14:13 . 2013-11-16 14:13 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-16 14:13 . 2013-11-16 14:13 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-16 14:13 . 2013-11-16 14:13 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-16 14:13 . 2013-11-16 14:13 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-10 22:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 22:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 18:38 . 2013-10-31 18:38 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-30 08:52 . 2013-10-30 08:52 169712 ----a-w- c:\windows\SysWow64\SynTPCom.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
2014-01-03 13:53 287008 ----a-w- c:\program files (x86)\MediaMall\toolbar\pobho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}"= "c:\program files (x86)\MediaMall\toolbar\pobho.dll" [2014-01-03 287008]
.
[HKEY_CLASSES_ROOT\clsid\{9a87e478-a2bd-44c4-9f8c-d3989a5271b1}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn.1]
[HKEY_CLASSES_ROOT\TypeLib\{88FE9B5B-A645-45FD-B44A-9822B996C7C8}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mezzmo"="c:\program files (x86)\Conceiva\Mezzmo\Mezzmo.exe" [2013-12-05 12493096]
"WLAN Optimizer"="c:\users\Damian\wopt021\WLAN Optimizer.exe" [2009-08-07 109056]
"PlayOn"="c:\program files (x86)\MediaMall\PlayOn.exe" [2014-01-06 63808]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2014-01-16 93096]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-15 2513992]
"Digiarty_Software_AirPlayit"="c:\program files\Digiarty\Air_Playit\airplayit.exe" [2012-02-28 10468672]
"GoogleChromeAutoLaunch_3F2E34BF7A244698209604940BA7FE5B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Hobbyist Software VLC Streamer"="c:\program files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" [2013-10-23 1608008]
"PrinterProDesktop"="c:\program files (x86)\Printer Pro Desktop\PrinterProDesktop.exe" [2012-02-02 2132992]
"Adguard"="c:\program files (x86)\Adguard\Adguard.exe" [2013-11-21 1746968]
"ultracopier"="c:\program files\Ultracopier\ultracopier.exe" [2013-12-10 1115136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6010264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2012-07-10 169528]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2012-07-13 595144]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2012-08-13 547984]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-09-05 184736]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-08 302961]
.
c:\users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CallClerk.lnk - c:\program files (x86)\CallClerk\CallClerk.exe [2012-11-16 3202616]
DVArchive - Shortcut.lnk - c:\dvarchive\DVArchive.jar [2012-5-28 4640139]
MailWasherPro.exe - Shortcut.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2013-10-31 5759816]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]
VLC Streamer Helper.lnk - c:\program files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [2013-10-25 1608008]
WinDVA2 - Shortcut.lnk - c:\windva\WinDVA2.exe [2012-6-26 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]
TypeItIn.lnk - c:\program files (x86)\TypeItIn\TypeItIn.exe [2012-5-24 1284152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 nibyhaxd;nibyhaxd;c:\windows\system32\drivers\nibyhaxd.sys;c:\windows\SYSNATIVE\drivers\nibyhaxd.sys [x]
R1 oahauakq;oahauakq;c:\windows\system32\drivers\oahauakq.sys;c:\windows\SYSNATIVE\drivers\oahauakq.sys [x]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
R1 zajrhkzv;zajrhkzv;c:\windows\system32\drivers\zajrhkzv.sys;c:\windows\SYSNATIVE\drivers\zajrhkzv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 Mezzmo;Mezzmo;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [x]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAu64.sys;c:\windows\SYSNATIVE\drivers\AESTAu64.sys [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F3B2.tmp;c:\windows\SYSNATIVE\F3B2.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 adgnetworktdi;adgnetworktdi;c:\windows\system32\drivers\adgnetworktdi.sys;c:\windows\SYSNATIVE\drivers\adgnetworktdi.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 Adguard Service;Adguard Service;c:\program files (x86)\Adguard\AdguardSvc.exe;c:\program files (x86)\Adguard\AdguardSvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GJService;Game Jackal Server;c:\program files (x86)\SlySoft\Game Jackal v4\Server.exe;c:\program files (x86)\SlySoft\Game Jackal v4\Server.exe [x]
S2 GJServiceV5;Game Jackal Server v5;c:\program files (x86)\SlySoft\Game Jackal v5\Server.exe;c:\program files (x86)\SlySoft\Game Jackal v5\Server.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 WiRNS;WiRNS;c:\wirns\WiRNS.exe;c:\wirns\WiRNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MaplomL;MaplomL; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 23:41 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 19:37]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 18:46]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 18:46]
.
2014-01-12 c:\windows\Tasks\HPCeeScheduleForDAMIAN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-01-16 c:\windows\Tasks\HPCeeScheduleForDamian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
2014-01-03 13:53 310560 ----a-w- c:\program files (x86)\MediaMall\toolbar\pobho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}"= "c:\program files (x86)\MediaMall\toolbar\pobho64.dll" [2014-01-03 310560]
.
[HKEY_CLASSES_ROOT\CLSID\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn.1]
[HKEY_CLASSES_ROOT\TypeLib\{88FE9B5B-A645-45FD-B44A-9822B996C7C8}]
[HKEY_CLASSES_ROOT\PlayOnBHO.PlayOnAddIn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WiRNSMon"="c:\wirns\WiRNSMon.exe" [2013-01-04 118784]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-15 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-15 392472]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403328]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-22 1664000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-13 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: CallClerk Dial - file://c:\users\Damian\AppData\Roaming\CallClerk\callclerk.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: PlayOn - file://c:\program files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - c:\program files (x86)\MediaMall\toolbar\pobho.dll
Trusted Zone: excelsior.edu\ecmail
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B}: NameServer = 192.168.0.1
TCP: Interfaces\{188CD475-7A52-45F2-84E8-B49CAC31F91B}\4416D69616E672370207C61697C6963747: DhcpNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{C7D3DB54-E085-4968-9971-FB3726FF2320}: NameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{56bc31de-97ab-4563-8599-ad5d4e9800f9} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F3B2.tmp"
.
Completion time: 2014-01-19  12:40:31
ComboFix-quarantined-files.txt  2014-01-19 17:40
ComboFix2.txt  2014-01-18 03:20
.
Pre-Run: 170,311,962,624 bytes free
Post-Run: 169,482,096,640 bytes free
.
- - End Of File - - D2039D9EC25BA8629D4632667009EA35
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 19 January 2014 - 01:11 PM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • µTorrent
      Java 7 Update 7 (64-bit)
      Java™ 6 Update 31


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java
  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Damian007

Damian007
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 20 January 2014 - 12:07 AM

Computer seems fine.  Java programs uninstalled.  Java reinstalled.  Here is mbam log results.  Will do Hijack this tomorrow

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Damian :: DAMIAN-HP [administrator]

Protection: Enabled

1/19/2014 9:07:26 PM
mbam-log-2014-01-19 (21-07-26).txt

Scan type: Full scan (C:\|E:\|F:\|I:\|O:\|Q:\|R:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 647012
Time elapsed: 2 hour(s), 55 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\MPC-HC\Lang\mpcresources.he.dll (PUP.Optional.Multiplug) -> Quarantined and deleted successfully.

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users