Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC slow, mouse movement stutters, web pages slow


  • This topic is locked This topic is locked
24 replies to this topic

#1 Testing12

Testing12

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 07 February 2014 - 02:13 PM

PC responds slowly at times. Mouse movement stutters, or stops completely. Web pages come up slower than they used to and file transfers are slower as well.
In short, my Intel Core i7-2600 @ 3.40 GHz with 8 GB RAM has some (one or more) programs running in the background that I cannot find.

I ran an Eset online scan (found 2 problems) and ran Malwarebytes twice and still have issues.

I am hoping you can help solve the computer problems I am having.

Following is the DDS.txt file and attached is the zipped Attach.txt file.

Thanks in advanced.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Owner at 9:59:26 on 2014-02-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.6363 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.7.254 192.168.1.1
TCP: Interfaces\{02FF2C77-5323-4ADC-9C3A-3E8C3E434787} : DHCPNameServer = 192.168.7.254 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-10-29 164520]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-29 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-11-2 270704]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 HPFXFAX;HPFXFAX;C:\Windows\System32\drivers\hpfx64fax.sys [2007-7-16 23064]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-9 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-9 181760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-30 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-16 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-26 19456]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2008-9-8 15360]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-26 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-26 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2013-7-10 14464]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;C:\Windows\System32\drivers\zmghpau.sys [2011-2-18 50176]
.
=============== Created Last 30 ================
.
2014-02-07 16:19:54 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{698C50E5-6261-4F82-BCF8-C02483CFDFCC}\mpengine.dll
2014-02-07 15:35:52 -------- d-----w- C:\Windows\ERUNT
2014-02-07 14:02:28 -------- d-----w- C:\AdwCleaner
2014-02-06 14:01:08 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 23:23:34 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-03 23:22:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-28 17:16:48 -------- d-----w- C:\ProgramData\SecTaskMan
2014-01-28 17:16:42 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2014-01-26 21:30:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 21:30:59 -------- d-----w- C:\Program Files\iTunes
2014-01-26 21:30:59 -------- d-----w- C:\Program Files\iPod
2014-01-26 21:30:59 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-23 18:12:40 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8530070-027F-4FA6-A57C-DB93BF98430F}\gapaengine.dll
2014-01-20 15:53:12 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-01-20 15:52:24 -------- d-----w- C:\Program Files\AMD
2014-01-18 15:37:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-01-18 15:37:41 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-18 15:37:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-18 15:37:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 15:30:07 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2014-01-17 19:43:10 -------- d-----w- C:\Program Files\CCleaner
2014-01-17 16:08:37 -------- d-----w- C:\Program Files\Western Digital
2014-01-17 16:08:01 -------- d-----w- C:\ProgramData\Package Cache
2014-01-15 10:31:31 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 10:31:31 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 10:31:31 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 10:31:31 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 10:31:31 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 10:31:31 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 10:31:31 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 10:31:31 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 10:31:30 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-14 04:39:21 -------- d-----w- C:\Users\Owner\AppData\Local\Western Digital
2014-01-14 04:39:18 -------- d-----w- C:\Users\Owner\AppData\Local\Western_Digital_Technolog
2014-01-14 04:39:02 -------- d-----w- C:\Program Files\Common Files\Western Digital
2014-01-14 04:38:50 -------- d-----w- C:\Program Files (x86)\Western Digital
2014-01-14 04:38:50 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2014-01-14 04:38:07 -------- d-----w- C:\ProgramData\Western Digital
.
==================== Find3M  ====================
.
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-15 11:02:59 942592 ----a-w- C:\Windows\System32\jsIntl.dll
2013-12-15 03:55:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 03:55:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 00:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-07 00:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH:  9:59:34.08 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 10 February 2014 - 02:21 PM

Hi Testing12,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

Now let's get started...

You said you've already ran ESET Online Scanner and MalwareBytes. Can you paste the content of the ESET logfile in your next reply and attach the Malwarebytes logfiles please?
To obtain the logfile from MalwareBytes you can start the program and go to the Logs tab. You may attach the results of both scans.

For the ESET Online scan log: it should be located at the following location, unless you saved it elsewhere: C:\Program Files\ESET\EsetOnlineScanner\log.txt

Last but not least, I saw in your log a reference to AdwCleaner. Did you use that as well? If so, please attach its logfile also.

 


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#3 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 10 February 2014 - 06:30 PM

Hi Mako,
Thank you very much for your assistance.

 

Below is the ESET logfile you requested.

 

Also, attached is the Malwarebytes logfile.

 

I actually found 3 AdwCleaner [Rx].txt files and 2 AdwCleaner [Sx].txt files. I’ve attached them as well.

 

Within the AdwCleaner folder is a Quarantine subfolder inside of which is Quarantine.txt. I’m including this also.

 

I hope this is everything you need.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=13375
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 06:22:35
# local_time=2013-03-13 11:22:35 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777214 100 100 10719186 59954625 0 0
# scanned=93806
# found=0
# cleaned=0
# scan_time=484
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=16982
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-07 01:31:20
# local_time=2014-02-07 05:31:20 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17406639 143323330 0 0
# scanned=170023
# found=1
# cleaned=0
# scan_time=939
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\CCleaner\ccsetup323.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=16982
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-07 01:56:09
# local_time=2014-02-07 05:56:09 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17408128 143324819 0 0
# scanned=184098
# found=2
# cleaned=2
# scan_time=1142
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="D:\CCleaner\ccsetup323.exe"
sh=9EAF9565EB7350AFD009D1F8EE0DB943A2F60B79 ft=1 fh=784b312b59c2bea0 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="D:\MyDownloads\WinZip\WinZip170.exe"

Attached Files



#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 11 February 2014 - 12:30 PM

Greetings Testing12,

======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    filesrcm;
    startupall;
    chromelook;
    firefoxlook;
    uninstall-list;
    torpigcheck;
    services-list;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 11 February 2014 - 12:56 PM

Mako,
Following is the logfile from Zoek.exe:

 

Zoek.exe v5.0.0.0 Updated 10-February-2014
Tool run by Owner on Tue 02/11/2014 at  9:51:54.00.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/11/2014 9:53:02 AM Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [CTAudSvcService] - Creative Audio Service - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
R2 - [Intel® PROSet Monitoring Service] - Intel® PROSet Monitoring Service - C:\Windows\system32\IProsetMonitor.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [WDBackup] - WD Backup - "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe"
R2 - [WDDriveService] - WD Drive Manager - "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [Creative Audio Engine Licensing Service] - Creative Audio Engine Licensing Service - "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe"
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [LBTServ] - Logitech Bluetooth Service - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "C:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S4 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Owner\AppData\Local\Temp ====
2014-02-07 15:35:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-04 20:08:12 F792361B25DC12DD0A343CFA34D3BCD3 346000 ----a-w- C:\Users\Owner\AppData\Local\Temp\Creative Cloud Helper.exe
====== C:\Windows\SysWOW64 =====
2014-02-10 15:51:03 ED1543644C11CD56F374F3CDCD5A685F 692616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 15:51:03 675BCED636193DA8BCCDF2D9594EF4E8 71048 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-03 23:22:40 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-01-18 15:37:40 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-01-15 10:31:31 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 10:31:31 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 10:31:31 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 10:31:31 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 10:31:31 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 10:31:31 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 10:31:31 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 10:31:30 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
2014-01-14 04:40:22 -------- d-----w- C:\Windows\Sysnative\Tasks\Western Digital
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-07 18:53:43 -------- d-----w- C:\Program Files\7-Zip
2014-01-26 21:30:59 -------- d-----w- C:\Program Files\iTunes
2014-01-26 21:30:59 -------- d-----w- C:\Program Files\iPod
2014-01-20 15:52:24 -------- d-----w- C:\Program Files\AMD
2014-01-17 16:08:37 -------- d-----w- C:\Program Files\Western Digital
2014-01-14 04:39:02 -------- d-----w- C:\Program Files\Common Files\Western Digital
======= C:\PROGRA~2 =====
2014-01-26 21:30:59 -------- d-----w- C:\PROGRA~2\iTunes
2014-01-20 15:53:12 -------- d-----w- C:\PROGRA~2\AMD AVT
2014-01-14 04:38:50 -------- d-----w- C:\PROGRA~2\Western Digital
2014-01-14 04:38:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Western Digital
======= C: =====
====== C:\Users\Owner\AppData\Roaming ======
2014-01-23 18:05:15 7FE39D060135E16E5057E6D787FAEBCB 7606 ----a-w- C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-01-18 15:30:07 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2014-01-14 04:39:21 -------- d-----w- C:\Users\Owner\AppData\Local\Western Digital
====== C:\Users\Owner ======
2014-02-07 18:53:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-28 17:16:48 -------- d-----w- C:\ProgramData\SecTaskMan
2014-01-26 21:31:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-01-26 21:30:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-20 15:53:43 -------- d-----w- C:\ProgramData\ATI
2014-01-20 15:53:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-01-17 16:08:01 -------- d-----w- C:\ProgramData\Package Cache
2014-01-14 04:38:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-01-14 04:38:07 -------- d-----w- C:\ProgramData\Western Digital

====== C: exe-files ==
2014-02-10 15:51:03 ED1543644C11CD56F374F3CDCD5A685F 692616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 15:35:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-04 20:08:12 F792361B25DC12DD0A343CFA34D3BCD3 346000 ----a-w- C:\Users\Owner\AppData\Local\Temp\Creative Cloud Helper.exe
=== C: other files ==
2014-02-07 15:35:32 DFB8D08F2FD68D58239045B366D68CE2 10261 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\JRT.bat
2014-02-07 15:35:32 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\modules.bat
2014-02-07 15:35:32 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\chrome.bat
2014-02-07 15:35:32 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\FWPolicy.bat
2014-02-07 15:35:32 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\ask.bat
2014-02-07 15:35:32 AE697BC275F5B52FB9E1164F14FB18F8 151936 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\firefox.bat
2014-02-07 15:35:32 8C7709AE609C5235976C4567E810D4B8 154424 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\misc.bat
2014-02-07 15:35:32 868D0E22DC055BA214D7EC71600F2CFA 16063 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\get.bat
2014-02-07 15:35:32 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\ev_clear.bat
2014-02-07 15:35:32 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\iexplore.bat
2014-02-07 15:35:32 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\runvalues.bat
2014-02-07 15:35:32 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\delorphans.bat
2014-02-07 15:35:32 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\prelim.bat
2014-02-07 15:35:32 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\searchlnk.bat
2014-02-07 15:35:32 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\TDL4.bat
2014-02-07 15:35:32 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\medfos.bat
2014-02-07 15:35:32 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Owner\AppData\Local\Temp\jrt\delfolders.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"CTxfiHlp"="CTXFIHLP.EXE"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
"WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Color LaserJet CM1312 MFP Series Fax]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Color LaserJet CM1312 MFP Series Fax"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxprintersrv.exe \"HP Color LaserJet CM1312 MFP Series Fax\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MDS_Menu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MDS_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\MediaShow4\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\MediaShow4\" UpdateWithCreateOnce \"Software\\CyberLink\\MediaShow\\4.1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateLBPShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateP2GoShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService]

==== Startup Folders ======================

2012-12-10 11:06:57 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Folders in C:\ProgramData 0-6 Months Old ======================

2014-01-14 04:38:07 -------- d-----w- C:\ProgramData\Western Digital
2014-01-17 16:08:01 -------- d-----w- C:\ProgramData\Package Cache
2014-01-18 15:37:41 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-20 15:53:43 -------- d-----w- C:\ProgramData\ATI
2014-01-26 21:30:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-28 17:16:48 -------- d-----w- C:\ProgramData\SecTaskMan
2014-02-03 23:23:34 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [01/17/2014 08:53 AM]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[10/05/2012 11:13 PM]
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[12/20/2013 10:04 PM]

==== Uninstall List x64 ======================

64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}]
7-Zip 9.20 (x64 edition) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0920-000001000000}]
Adobe Acrobat XI Pro [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23D3F585-AE29-4670-8E3E-64A0EFB29240}]
Adobe Acrobat XI Pro [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-000000000006}]
Adobe Creative Cloud [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Creative Cloud]
Adobe Extension Manager CC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}]
Adobe Flash Player 12 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Photoshop CC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}]
Adobe Photoshop Lightroom 5.3 64-bit [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2DD71ACB-552D-402C-9529-7906ACB95C30}]
AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCC4426F-0296-D30D-729C-E76C8E7252C7}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
AMD Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}]
AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}]
AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A44D35BC-F2DF-00E9-79BF-34967DF0E4E8}]
AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}]
AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
BufferChm  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{687FEF8A-8597-40b4-832C-297EA3F35817}]
Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB79256B-C0E0-40C6-8EB7-BDD796203581}]
Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1194740D-0DB8-A508-31BA-E722597B4516}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}]
ccc-utility64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92352C97-C657-DB89-5F3A-E8C3789D9C89}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D3A11D0-D925-FA0F-43F3-242E49975CD2}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E297492A-E114-CAE0-502E-5F36C386DD30}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6533A85-ED92-F897-2B68-58AC3BD87F94}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6343B6BA-F97F-B336-9ED8-FFD43776E84D}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{046B79EE-7ED3-37A4-621A-FE297EF484C2}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A128A816-FD3F-990E-DD80-E1735BD718AE}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBAC163A-588E-1E5A-3CE8-826E9A449244}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B88F2045-CF9A-996C-1670-6F7D65F1D18A}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6071CB80-DABC-B10D-F244-7F410FB3B150}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EF39A9F-6A57-9706-86A5-9312D9ED8016}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4172E797-CE12-AC47-05B7-0E48BDB33E75}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4428AEE6-FA5E-2913-8D12-B410E85E11AA}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F1289D68-1C48-930F-51CF-577BDB371252}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95545E55-3309-1929-FF41-2908A9706742}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Creative Audio Control Panel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AudioCS]
Creative Smart Recorder [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart Recorder]
Creative Software AutoUpdate [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Creative Software AutoUpdate]
Creative Sound Blaster Properties x64 Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Creative Sound Blaster Properties x64 Edition]
Creative WaveStudio 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WaveStudio 7]
CyberLink LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
CyberLink LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
CyberLink LG Burning Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}]
CyberLink LG Burning Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}]
CyberLink MediaShow [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80E158EA-7181-40FE-A701-301CE6BE64AB}]
CyberLink MediaShow [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}]
DeviceDiscovery  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}]
DeviceManagementQFolder  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}]
eReg  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}]
G-Series_ASIO64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80028C50-2FFD-11E0-82F6-00269E8DC781}]
HP Color LaserJet CM1312 MFP Series 5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}]
HP Imaging Device Functions 10.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
hppCLJCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}]
hppFaxDrvCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7985C7FA-B151-4BA7-B19E-1577A7B527F1}]
hppFaxUtilityCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}]
hppFonts  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{995F2783-8311-49BF-833E-DB659774B4F6}]
hppManualsCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}]
hppQFolderCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}]
hppScanToCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}]
hppSendFaxCM1312  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}]
Intel® Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}]
Intel® Network Connections 16.1.53.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{645AE9CF-AF1B-4FBB-9B9D-17A23D03AF10}]
Intel® Network Connections 16.1.53.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}]
Lightroom 5.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bcd38e7-1f9a-4536-8cd4-96448263f367}]
LightScribe System Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{705B639E-FAAF-40D7-AD58-C445321C7C3F}]
Logitech SetPoint 6.50 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\sp6]
Malwarebytes Anti-Malware version 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Office Home and Student 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.SingleImage]
Microsoft Publisher 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PUBLISHERR]
Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E102B843-786A-4F58-AF75-6504570E207B}]
Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15134cb0-b767-4960-a911-f2d16ae54797}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{22154f09-719a-4619-bb71-5b3356999fbf}]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MSXML 4.0 SP2 Parser and SDK [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}]
OpenAL  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OpenAL]
PDF Settings CC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5442DAB8-7177-49E1-8B22-09A049EA5996}]
Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}]
Security Task Manager 1.8g [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager]
TrayApp  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5ACE69F0-A3E8-44eb-88C1-0A841E700180}]
WD Drive Utilities [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}]
WD Quick View [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{507B1304-194A-4204-A9D9-9BAAF51EF760}]
WD SmartWare [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}]
WD SmartWare Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ba99df5b-3e46-419e-81e2-544352772fda}]
WebReg  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CCB9B81A-167F-4832-B305-D2A0430840B3}]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/11/2014 at  9:53:59.53 ======================



#6 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 11 February 2014 - 05:18 PM

Hello,
 
Nothing weird there... let's move on.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#7 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 11 February 2014 - 05:41 PM

Below is the FRST.txt file as well as the Addition.txt file you asked for.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Owner (administrator) on OWNER-PC on 11-02-2014 14:39:08
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-20] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8C0F61755420CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.7.254 192.168.1.1

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] ()
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [50176 2011-02-18] (ZOOM)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-11 14:39 - 2014-02-11 14:39 - 00009679 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-11 14:38 - 2014-02-11 14:39 - 00000000 ____D () C:\FRST
2014-02-11 14:35 - 2014-02-11 14:35 - 02151424 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-11 09:52 - 2014-02-11 09:53 - 00035504 _____ () C:\zoek-results.log
2014-02-11 09:51 - 2014-02-11 09:51 - 00000000 ____D () C:\zoek_backup
2014-02-11 09:47 - 2014-02-11 09:47 - 01283584 _____ () C:\Users\Owner\Desktop\zoek.exe
2014-02-10 07:51 - 2014-02-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 07:51 - 2014-02-10 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 17:51 - 2014-02-07 17:51 - 00000629 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-02-07 10:53 - 2014-02-07 10:53 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-07 09:59 - 2014-02-07 09:59 - 00022282 _____ () C:\Users\Owner\Desktop\dds.txt
2014-02-07 09:59 - 2014-02-07 09:59 - 00006944 _____ () C:\Users\Owner\Desktop\attach.txt
2014-02-07 08:07 - 2014-02-07 08:07 - 00000334 _____ () C:\Windows\PFRO.log
2014-02-07 07:35 - 2014-02-07 07:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 06:02 - 2014-02-10 15:20 - 00000000 ____D () C:\AdwCleaner
2014-02-07 06:01 - 2014-02-07 06:38 - 00002380 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-04 11:58 - 2014-02-04 11:58 - 00163362 _____ () C:\Users\Owner\Documents\bookmark.htm
2014-02-03 15:23 - 2014-02-03 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-03 15:22 - 2014-02-03 15:28 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-02-03 15:22 - 2014-02-03 15:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-28 09:16 - 2014-01-28 09:22 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-01-28 09:16 - 2014-01-28 09:16 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-01-26 13:31 - 2014-01-26 13:31 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 13:30 - 2014-01-26 13:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 13:30 - 2014-01-26 13:31 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 13:30 - 2014-01-26 13:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 13:30 - 2014-01-26 13:30 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 10:05 - 2014-01-28 10:26 - 00007606 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-01-20 07:53 - 2014-01-20 07:53 - 00055445 _____ () C:\Windows\SysWOW64\CCCInstall_201401200753072877.log
2014-01-20 07:53 - 2014-01-20 07:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-20 07:53 - 2014-01-20 07:53 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-20 07:52 - 2014-01-20 07:52 - 00000000 ____D () C:\Program Files\AMD
2014-01-19 01:00 - 2014-02-10 07:52 - 00001503 _____ () C:\Windows\setupact.log
2014-01-19 01:00 - 2014-01-19 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-18 11:12 - 2014-02-11 08:03 - 01323517 _____ () C:\Windows\WindowsUpdate.log
2014-01-18 07:37 - 2014-01-18 07:37 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 07:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-17 11:43 - 2014-01-17 11:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 11:43 - 2014-01-17 11:43 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-17 11:43 - 2014-01-17 11:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-17 08:08 - 2014-01-20 07:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-17 08:08 - 2014-01-17 08:08 - 00000000 ____D () C:\Program Files\Western Digital
2014-01-15 02:31 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 02:31 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 02:31 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 02:31 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 20:40 - 2014-01-13 20:40 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-01-13 20:39 - 2014-02-10 07:52 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-01-13 20:39 - 2014-01-17 08:08 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\Western_Digital_Technolog
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\Western Digital
2014-01-13 20:38 - 2014-01-17 08:08 - 00000000 ____D () C:\ProgramData\Western Digital
2014-01-13 20:38 - 2014-01-17 08:08 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-01-13 20:38 - 2014-01-13 20:38 - 00001117 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk

==================== One Month Modified Files and Folders =======

2014-02-11 14:39 - 2014-02-11 14:39 - 00009679 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-02-11 14:39 - 2014-02-11 14:38 - 00000000 ____D () C:\FRST
2014-02-11 14:35 - 2014-02-11 14:35 - 02151424 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-02-11 09:53 - 2014-02-11 09:52 - 00035504 _____ () C:\zoek-results.log
2014-02-11 09:51 - 2014-02-11 09:51 - 00000000 ____D () C:\zoek_backup
2014-02-11 09:47 - 2014-02-11 09:47 - 01283584 _____ () C:\Users\Owner\Desktop\zoek.exe
2014-02-11 08:03 - 2014-01-18 11:12 - 01323517 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 07:52 - 2012-10-31 08:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-02-11 05:48 - 2012-10-31 03:52 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-02-10 15:20 - 2014-02-07 06:02 - 00000000 ____D () C:\AdwCleaner
2014-02-10 07:59 - 2009-07-13 20:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 07:59 - 2009-07-13 20:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 07:52 - 2014-01-19 01:00 - 00001503 _____ () C:\Windows\setupact.log
2014-02-10 07:52 - 2014-01-13 20:39 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-02-10 07:52 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-10 07:51 - 2014-02-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 07:51 - 2014-02-10 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 17:51 - 2014-02-07 17:51 - 00000629 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-02-07 10:53 - 2014-02-07 10:53 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-07 09:59 - 2014-02-07 09:59 - 00022282 _____ () C:\Users\Owner\Desktop\dds.txt
2014-02-07 09:59 - 2014-02-07 09:59 - 00006944 _____ () C:\Users\Owner\Desktop\attach.txt
2014-02-07 08:07 - 2014-02-07 08:07 - 00000334 _____ () C:\Windows\PFRO.log
2014-02-07 07:35 - 2014-02-07 07:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 06:38 - 2014-02-07 06:01 - 00002380 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-02-04 13:44 - 2012-11-04 19:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Smart Recorder
2014-02-04 12:16 - 2013-06-19 20:08 - 00001297 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-04 11:58 - 2014-02-04 11:58 - 00163362 _____ () C:\Users\Owner\Documents\bookmark.htm
2014-02-03 15:28 - 2014-02-03 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-03 15:28 - 2014-02-03 15:22 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-02-03 15:22 - 2014-02-03 15:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-28 10:26 - 2014-01-23 10:05 - 00007606 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-01-28 09:22 - 2014-01-28 09:16 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-01-28 09:16 - 2014-01-28 09:16 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-01-26 13:31 - 2014-01-26 13:31 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 13:31 - 2014-01-26 13:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 13:31 - 2014-01-26 13:30 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 13:31 - 2014-01-26 13:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 13:30 - 2014-01-26 13:30 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 13:30 - 2012-11-02 19:01 - 00000000 ____D () C:\ProgramData\Apple
2014-01-23 10:01 - 2009-07-13 21:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-20 07:53 - 2014-01-20 07:53 - 00055445 _____ () C:\Windows\SysWOW64\CCCInstall_201401200753072877.log
2014-01-20 07:53 - 2014-01-20 07:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-20 07:53 - 2014-01-20 07:53 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-01-20 07:53 - 2012-10-29 17:20 - 00000000 ____D () C:\ProgramData\AMD
2014-01-20 07:53 - 2009-07-13 21:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-20 07:52 - 2014-01-20 07:52 - 00000000 ____D () C:\Program Files\AMD
2014-01-20 07:52 - 2014-01-17 08:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-20 07:52 - 2012-10-29 17:19 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-19 01:00 - 2014-01-19 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-18 23:33 - 2010-11-20 19:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 07:37 - 2014-01-18 07:37 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-18 07:37 - 2014-01-18 07:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 11:48 - 2012-10-29 15:08 - 00000000 ____D () C:\Windows\Panther
2014-01-17 11:43 - 2014-01-17 11:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 11:43 - 2014-01-17 11:43 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-17 11:43 - 2014-01-17 11:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-17 09:55 - 2013-01-24 15:05 - 00000000 ____D () C:\Program Files (x86)\Datacolor
2014-01-17 09:49 - 2012-10-29 14:35 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-17 08:51 - 2013-06-20 00:14 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-01-17 08:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-17 08:08 - 2014-01-17 08:08 - 00000000 ____D () C:\Program Files\Western Digital
2014-01-17 08:08 - 2014-01-13 20:39 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-01-17 08:08 - 2014-01-13 20:38 - 00000000 ____D () C:\ProgramData\Western Digital
2014-01-17 08:08 - 2014-01-13 20:38 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-01-16 03:48 - 2013-01-19 05:33 - 00000000 ____D () C:\Program Files\Adobe
2014-01-15 03:16 - 2009-07-13 20:45 - 05147616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:00 - 2013-07-26 01:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2012-10-29 15:12 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 20:40 - 2014-01-13 20:40 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\Western_Digital_Technolog
2014-01-13 20:39 - 2014-01-13 20:39 - 00000000 ____D () C:\Users\Owner\AppData\Local\Western Digital
2014-01-13 20:38 - 2014-01-13 20:38 - 00001117 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2014-01-13 19:34 - 2013-08-08 07:12 - 00000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CC Prefs

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-08 00:45

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Owner at 2014-02-11 14:39:20
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (x32 Version: 11.0.06 - Adobe Systems)
Adobe Creative Cloud (x32 Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Extension Manager CC (x32 Version: 7.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CC (x32 Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (Version: 5.3.1 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.23 - Piriform)
Creative Audio Control Panel (x32 Version: 2.00 - Creative Technology Limited)
Creative Smart Recorder (x32 Version:  - )
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version:  - )
Creative WaveStudio 7 (x32 Version: 7.14 - Creative Technology Limited)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink LG Burning Tool (x32 Version: 6.2.4619 - CyberLink Corp.)
CyberLink LG Burning Tool (x32 Version: 6.2.4619 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version:  - )
G-Series_ASIO64 (Version: 1.0.2 - ZOOM)
HP Color LaserJet CM1312 MFP Series 5.1 (Version: 5.1 - HP)
HP Imaging Device Functions 10.0 (Version: 10.0 - HP)
hppCLJCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden
hppFaxDrvCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1312 (x32 Version: 005.001.00137 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppManualsCM1312 (x32 Version: 005.001.00145 - Hewlett-Packard) Hidden
hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM1312 (x32 Version: 005.001.00140 - Hewlett-Packard) Hidden
hppSendFaxCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0 - Intel)
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0 - Intel) Hidden
iTunes (Version: 11.1.4.62 - Apple Inc.)
Lightroom 5.0 (x32 Version: 5.0 - Adobe Systems Incorporated)
LightScribe System Software (x32 Version: 1.18.18.1 - LightScribe)
Logitech SetPoint 6.50 (Version: 6.50.152 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Publisher 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (x32 Version:  - )
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Security Task Manager 1.8g (x32 Version: 1.8g - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
WD Drive Utilities (x32 Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden

==================== Restore Points  =========================

25-01-2014 18:12:17 Windows Update
28-01-2014 17:53:56 RegClean Pro Tue, Jan 28, 14  09:53
29-01-2014 19:17:09 Windows Update
02-02-2014 02:20:30 Windows Update
05-02-2014 14:01:20 Windows Update
07-02-2014 18:53:37 Installed 7-Zip 9.20 (x64 edition)
09-02-2014 01:54:50 Windows Update
11-02-2014 17:52:58 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03C337F4-C8A2-4303-B120-62D6A8EBD004} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {C8F223F6-E070-4223-BAFD-D0B19DEA1703} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {EBAE3FD0-17DE-45F4-8981-E505B51FA9FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2014-01-31 16:45 - 2014-01-31 16:45 - 00643952 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-10-06 00:15 - 2012-10-06 00:15 - 01976632 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2014-01-15 11:02 - 2014-01-15 11:02 - 04697456 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-29 16:20 - 2009-07-02 06:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-05-05 18:56 - 2010-05-05 18:56 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2009-12-15 12:46 - 2009-12-15 12:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 12:49 - 2009-12-15 12:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-02 14:26 - 2014-02-02 14:26 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2012-10-30 09:47 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-02-02 14:26 - 2014-02-02 14:26 - 00742808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libglesv2.dll
2014-02-02 14:26 - 2014-02-02 14:26 - 00136600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\startupreg: HP Color LaserJet CM1312 MFP Series Fax => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 00:30:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2014 03:06:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2014 07:52:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 07:45:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 00:30:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/09/2014 00:59:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 00:31:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 00:30:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/08/2014 00:30:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (02/09/2014 00:32:30 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (02/09/2014 07:02:58 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/07/2014 05:56:00 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/11/2014 00:30:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/10/2014 03:06:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/10/2014 07:52:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 07:45:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 00:30:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/09/2014 00:59:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 00:31:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 00:30:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/08/2014 00:30:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8169.43 MB
Available physical RAM: 5805.59 MB
Total Pagefile: 16337.04 MB
Available Pagefile: 13865.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:383.6 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:578.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 37C730C0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F6662D22)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 12 February 2014 - 08:45 AM

Hello Testing12,

I see lots of references to other malware removal programs in your logfiles (Rkill, JRT, Mbar,...). Have you been using these tools before you've started this thread? Anyhow, I can't stress enough that, in order for this to work, it's crucial you do not run any other tools unless instructed.

:step1: ====TDSSKiller====

Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach the log to your next reply.

 

:step2: ====HitmanPro====

Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif
  • 2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

    Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

    3.Click on the next button. You must agree with the terms of EULA. (if asked)

    4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

    5.Click on the next button.

    6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

    7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

    8.Click on the next button.

    9.Click on the "Save Log" button.

    10.Save that file to your desktop and post the content of that file in your next reply.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#9 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 12 February 2014 - 10:04 AM

Hi Mako,
Prior to starting this thread, I attempted to fix the problem(s) myself. I had a look at various info here on bleepingcomputer within the forums and tried some of the programs.
At this point, I cannot recall all of the programs I ran (3 or 4 of them), but you appear to have seen them from the logfiles.
Sorry for not having disclosed this info in the original post.
 
Let me state most sincerely that since posting the original message in this thread, I have run only the programs you have requested and no other virus/malware type programs.
Also, I have attemped to follow your instructions to the letter as swiftly as possible.
 
Below is the Hitman logfile and attached is the TDSSKiller logfile.

Note, I have deleted the word "code" encased in square brackets at the beginning of the logfile because it causes IPB (the forum software used here on bleeplingcomputer) to render the rest of the text in a code box, which I believe you do not want.
As you can see, the closing [/code] remains intact at the end of the logfile.
 

HitmanPro 3.7.9.212

www.hitmanpro.com
   Computer name . . . . : OWNER-PC

   Windows . . . . . . . : 6.1.1.7601.X64/8

   User name . . . . . . : Owner-PC\Owner

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free
   Scan date . . . . . . : 2014-02-12 06:48:36

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 34s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0

   Traces  . . . . . . . : 35
   Objects scanned . . . : 1,431,499

   Files scanned . . . . : 44,089

   Remnants scanned  . . : 384,808 files / 1,002,602 keys
Cookies _____________________________________________________________________
   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\0CNZ5DTF.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\1H7LD0T9.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\1KOA6Z6D.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\3FDRHX0C.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\4DQM0PHO.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\6IA13P40.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\7MP5GRCT.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\8TM5LW7N.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\969TZ423.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\CEHNTU11.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\D0C3L0WX.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\D7I8W6J9.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\E363UNWV.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\HAGWUU4B.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\IYEE5HMO.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\J9XDLYL6.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\L9A6KI28.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\LA1N5OY2.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\LTRVIEBU.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\M619JUNQ.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\MG1979QH.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\MHVGRM85.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\MTBSQ7Q0.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\OF9GBI3Q.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\QEN7PO87.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\RDEFJYU8.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\SD7CZEKW.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\UKGSVWNX.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\USB8LCQH.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\W9V5O9DB.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\WQD4DZQM.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\XXUJWWJ7.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\YK576HYT.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\YOYZUJ0G.txt

   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\YZPZUD19.txt


[/code]

Attached Files


Edited by Testing12, 12 February 2014 - 10:25 AM.


#10 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 12 February 2014 - 12:07 PM

Greetings,
 
Thanks for the clarification! It's not a bad thing to do and try some things on your own; it's just I like to know what's happening with the computer. The date the files were made gave me the assumption you've used them prior to this thread. :)
 
Again nothing strange here...

:step1: ====ESET Online Scanner====

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step2: ====aswMBR====

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#11 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 12 February 2014 - 03:14 PM

OK, here are the ESET and aswMBR logfiles:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=13375
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-13 06:22:35
# local_time=2013-03-13 11:22:35 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777214 100 100 10719186 59954625 0 0
# scanned=93806
# found=0
# cleaned=0
# scan_time=484
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=16982
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-07 01:31:20
# local_time=2014-02-07 05:31:20 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17406639 143323330 0 0
# scanned=170023
# found=1
# cleaned=0
# scan_time=939
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\CCleaner\ccsetup323.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=16982
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-07 01:56:09
# local_time=2014-02-07 05:56:09 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17408128 143324819 0 0
# scanned=184098
# found=2
# cleaned=2
# scan_time=1142
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application (deleted - quarantined)" ac=C fn="D:\CCleaner\ccsetup323.exe"
sh=9EAF9565EB7350AFD009D1F8EE0DB943A2F60B79 ft=1 fh=784b312b59c2bea0 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="D:\MyDownloads\WinZip\WinZip170.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=679e176738894546a0bf6552f11495d5
# engine=17045
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-12 07:11:09
# local_time=2014-02-12 11:11:09 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17859028 143775719 0 0
# scanned=190041
# found=0
# cleaned=0
# scan_time=2394



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-12 11:57:35
-----------------------------
11:57:35.433 OS Version: Windows x64 6.1.7601 Service Pack 1
11:57:35.433 Number of processors: 8 586 0x2A07
11:57:35.434 ComputerName: OWNER-PC UserName: Owner
11:57:35.891 Initialize success
12:03:28.280 AVAST engine defs: 14021202
12:05:43.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:05:43.638 Disk 0 Vendor: Samsung_SSD_840_Series DXT06B0Q Size: 476940MB BusType: 11
12:05:43.639 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:05:43.641 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 11
12:05:43.646 Disk 0 MBR read successfully
12:05:43.647 Disk 0 MBR scan
12:05:43.650 Disk 0 Windows 7 default MBR code
12:05:43.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:05:43.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
12:05:43.703 Disk 0 scanning C:\Windows\system32\drivers
12:05:47.793 Service scanning
12:05:57.644 Modules scanning
12:05:57.648 Disk 0 trace - called modules:
12:05:57.653 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:05:57.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800778a790]
12:05:57.659 3 CLASSPNP.SYS[fffff880018c243f] -> nt!IofCallDriver -> [0xfffffa8007553040]
12:05:57.662 5 ACPI.sys[fffff88000d6c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007554060]
12:05:58.066 AVAST engine scan C:\Windows
12:05:58.822 AVAST engine scan C:\Windows\system32
12:07:22.971 AVAST engine scan C:\Windows\system32\drivers
12:07:32.415 AVAST engine scan C:\Users\Owner
12:09:44.342 AVAST engine scan C:\ProgramData
12:10:12.564 Scan finished successfully
12:10:32.526 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
12:10:32.546 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#12 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 12 February 2014 - 04:24 PM

Hello again,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#13 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 12 February 2014 - 05:13 PM

Hi Mako,

Below is the ComboFix logfile:

 

ComboFix 14-02-12.01 - Owner 02/12/2014  13:45:36.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.5609 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-12 to 2014-02-12  )))))))))))))))))))))))))))))))
.
.
2014-02-12 21:47 . 2014-02-12 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-12 19:54 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64229CCF-050D-419B-8708-92988A107C77}\mpengine.dll
2014-02-12 14:46 . 2014-02-12 14:51 -------- d-----w- c:\programdata\HitmanPro
2014-02-11 22:38 . 2014-02-11 22:39 -------- d-----w- C:\FRST
2014-02-11 17:51 . 2014-02-11 17:51 -------- d-----w- C:\zoek_backup
2014-02-10 16:03 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-10 15:51 . 2014-02-10 15:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-10 15:51 . 2014-02-10 15:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-07 18:53 . 2014-02-07 18:53 -------- d-----w- c:\program files\7-Zip
2014-02-07 15:35 . 2014-02-07 15:35 -------- d-----w- c:\windows\ERUNT
2014-02-07 14:02 . 2014-02-10 23:20 -------- d-----w- C:\AdwCleaner
2014-02-03 23:23 . 2014-02-03 23:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-03 23:22 . 2014-02-03 23:22 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-28 17:16 . 2014-01-28 17:22 -------- d-----w- c:\programdata\SecTaskMan
2014-01-28 17:16 . 2014-01-28 17:16 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-01-26 21:30 . 2014-01-26 21:31 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 21:30 . 2014-01-26 21:31 -------- d-----w- c:\program files\iTunes
2014-01-26 21:30 . 2014-01-26 21:31 -------- d-----w- c:\program files (x86)\iTunes
2014-01-26 21:30 . 2014-01-26 21:30 -------- d-----w- c:\program files\iPod
2014-01-23 18:12 . 2013-12-16 16:24 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8530070-027F-4FA6-A57C-DB93BF98430F}\gapaengine.dll
2014-01-20 15:53 . 2014-01-20 15:53 -------- d-----w- c:\programdata\ATI
2014-01-20 15:53 . 2014-01-20 15:53 -------- d-----w- c:\program files (x86)\AMD AVT
2014-01-20 15:52 . 2014-01-20 15:52 -------- d-----w- c:\program files\AMD
2014-01-18 15:37 . 2014-01-18 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2014-01-18 15:37 . 2014-01-18 15:37 -------- d-----w- c:\programdata\Malwarebytes
2014-01-18 15:37 . 2014-01-18 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-18 15:37 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-18 15:30 . 2014-01-18 15:30 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2014-01-17 19:43 . 2014-01-17 19:43 -------- d-----w- c:\program files\CCleaner
2014-01-17 16:08 . 2014-01-17 16:08 -------- d-----w- c:\program files\Western Digital
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-15 11:00 . 2012-10-29 23:12 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-16 16:24 . 2012-11-28 16:51 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-15 11:03 . 2013-12-15 11:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-15 11:03 . 2013-12-15 11:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-15 11:03 . 2013-12-15 11:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-15 11:03 . 2013-12-15 11:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-15 11:03 . 2013-12-15 11:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-15 11:03 . 2013-12-15 11:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-15 11:03 . 2013-12-15 11:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-15 11:03 . 2013-12-15 11:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-15 11:03 . 2013-12-15 11:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-15 11:03 . 2013-12-15 11:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-15 11:03 . 2013-12-15 11:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-15 11:03 . 2013-12-15 11:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-15 11:03 . 2013-12-15 11:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-15 11:03 . 2013-12-15 11:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-15 11:03 . 2013-12-15 11:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-15 11:03 . 2013-12-15 11:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-15 11:03 . 2013-12-15 11:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-15 11:03 . 2013-12-15 11:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-15 11:03 . 2013-12-15 11:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-15 11:03 . 2013-12-15 11:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-15 11:03 . 2013-12-15 11:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-15 11:03 . 2013-12-15 11:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-15 11:03 . 2013-12-15 11:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-15 11:02 . 2013-12-15 11:02 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-15 11:02 . 2013-12-15 11:02 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-15 11:02 . 2013-12-15 11:02 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-15 11:02 . 2013-12-15 11:02 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-15 11:02 . 2013-12-15 11:02 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-15 11:02 . 2013-12-15 11:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-15 11:02 . 2013-12-15 11:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-15 11:02 . 2013-12-15 11:02 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-15 11:02 . 2013-12-15 11:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-15 11:02 . 2013-12-15 11:02 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-15 11:02 . 2013-12-15 11:02 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-15 11:02 . 2013-12-15 11:02 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-15 11:02 . 2013-12-15 11:02 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-15 11:02 . 2013-12-15 11:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-15 11:02 . 2013-12-15 11:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-15 11:02 . 2013-12-15 11:02 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-15 11:02 . 2013-12-15 11:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-15 11:02 . 2013-12-15 11:02 413696 ----a-w- c:\windows\system32\html.iec
2013-12-15 11:02 . 2013-12-15 11:02 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 11:02 . 2013-12-15 11:02 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-15 11:02 . 2013-12-15 11:02 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-15 11:02 . 2013-12-15 11:02 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-15 11:02 . 2013-12-15 11:02 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-15 11:02 . 2013-12-15 11:02 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-15 11:02 . 2013-12-15 11:02 235520 ----a-w- c:\windows\system32\url.dll
2013-12-15 11:02 . 2013-12-15 11:02 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-15 11:02 . 2013-12-15 11:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-15 11:02 . 2013-12-15 11:02 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-15 11:02 . 2013-12-15 11:02 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-15 11:02 . 2013-12-15 11:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-15 11:02 . 2013-12-15 11:02 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-15 11:02 . 2013-12-15 11:02 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-15 11:02 . 2013-12-15 11:02 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-15 11:02 . 2013-12-15 11:02 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-15 11:02 . 2013-12-15 11:02 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-15 11:02 . 2013-12-15 11:02 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-07 00:49 . 2013-12-07 00:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-07 00:44 . 2013-12-07 00:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2011-04-20 08:21 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2011-04-20 08:21 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2011-04-20 09:07 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2011-04-20 09:09 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2011-04-20 08:49 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2012-09-28 01:22 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2012-09-28 02:23 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2012-09-28 01:31 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2012-09-28 01:25 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-02-02 2239376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-11-02 5537136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-07 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys;c:\windows\SYSNATIVE\drivers\zmghpau.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 30335876
*NewlyCreated* - ASWMBR
*Deregistered* - 30335876
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-02-01 00:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-02-01 00:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-02-01 00:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-10-06 2409272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-11 472984]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.7.254 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4012204776-1559716260-621130386-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4012204776-1559716260-621130386-1000_Classes\CLSID\{7ee50b5d-d2de-5faa-aa85-392bd9800210}]
@DACL=(02 0000)
@="detect the version of extension manager"
"AppID"="{B415CD14-B45D-4BCA-B552-B06175C38606}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-12  13:48:49
ComboFix-quarantined-files.txt  2014-02-12 21:48
.
Pre-Run: 410,450,104,320 bytes free
Post-Run: 410,661,281,792 bytes free
.
- - End Of File - - C6100DA5BECD97122FF3AE603883A937
A36C5E4F47E84449FF07ED3517B43A31
 



#14 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:34 PM

Posted 13 February 2014 - 04:34 AM

Good morning,

I can't seem to find any traces of malware in your logfile. Could you give me some more information on the following points please?

  • What Internetbrowser do you use? (Firefox, Chrome, Internet Explorer,...)
     
  • Have you installed new software or hardware recently?
     
  • You said file transfers go slowly... what kind of transfer are we talking about? Is it files from or to a memory stick or moving files to different places on your hard drive? Or maybe online file transfers?

Please do the following to make sure no program is causing this trouble:

  • Go to Start > Run
  • Type msconfig and hit Enter
  • A window will pop-up. Go to the 'Startup' tab
  • Select 'Disable All' and click OK
  • Note: Remember or write down the items you have unchecked before selecting the 'Disable All' button. This way you will be able to return to the previous state with ease.
  • Reboot your computer

Are there any significant changes?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#15 Testing12

Testing12
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 13 February 2014 - 06:49 PM

Hi Mako,

First off let me say that my computer is running far better than it was. I am no longer experiencing many of the slow downs that were prevalent (mouse stuttering, slow page loading, nonresponsive typing, etc.). However, I am still weary and not fully trusting if you know what I mean. Let me ask you this: you say "you can't seem to find any traces of malware in your logfile." I note that you say 'logfile', without an 's'. Does that mean you couldn't find any trace of problems in any of the logfiles, or were you just referring to the ComboFix logfile?

Now to your questions:
 

1. What Internetbrowser do you use? (Firefox, Chrome, Internet Explorer,...)


Internet Explorer 11 version 11.0.2.

 

2. Have you installed new software or hardware recently?


Yes, I installed Adobe Creative Cloud about 8 months ago. This allows me to download and use any Adobe product in their catalog. With this ability, I installed Photoshop CC, Lightroom 5, Adobe Acrobat Pro and Adobe FormsCentral. I also about 2 weeks ago purchased a Western Digital "My Passport Ultra" portable 2 TB hard drive (for backup purposes). This installs its own backup type software. However, I was experiencing the computer issues prior this purchase.
That's it I believe.
 

3. You said file transfers go slowly... what kind of transfer are we talking about? Is it files from or to a memory stick or moving files to different places on your hard drive? Or maybe online file transfers?


I use AT&T here in southern California (Los Angeles area). Right now, the fastest connection they offer to my home is 3 Mbps. When I test it, I've been seeing ~2.83 Mbps during this 'slow down time', which is probably fairly normal. However, this is when I use a dedicated speed testing site, such as Speedtest.net by Ookla. Real-world apps seem to transfer much slower than that.
By the way, I just tested my system again at Speedtest.net (in preparation to answer this question) and got the following:

3303628920.png

That download speed of 2.94 Mbps is the fastest I've seen here, and while it's not much, it does seem something is a bit better (up from 2.83 Mbps where it had been).

To answer the rest of this question; the slow mouse and typing responses were noticeable system-wide. It was like the computer had me wait a moment or two to accomplish some other (unforeseen) task before it could do the one I was asking it to do. For instance, in Adobe Lightroom, editing photos, I'd have my left mouse button down, trying to 'paint' over a portion of a photo, and the mouse pointer wouldn't move, even though I was moving the mouse. Or, it would 'let go' of the selection I made even though I hadn't released the left mouse button. Something as simple as the solitaire program that comes with Windows experienced the same issues--trying to move a card with the left mouse button down and having the card jump back to its original location even though I hadn't released my finger off of the mouse button. Very frustrating.
I didn't think the file transfers on my system were slowing down (noticeably anyway), but just checking now, things seem to be quicker, more responsive.

In a nut shell, pretty much all of the computer experience was slower.

Again, it seems quicker and more responsive now, but I still seem to be experiencing a bit of a slow down. As I type this to you now, I note that at times, the cursor doesn't move even though I've not stopped typing--again, like its having to do something else, then it catches up again. I'm not a very quick typist, so we can rule that cause out. :-)
I never experienced slow downs of any kind with this system (even typing), so I suspect something is still amiss.

I'll run msconfig and disable all of the items in the Startup tab to test it out and let you know the results in my next message.

Thanks for sticking with me on this!

Edited by Testing12, 13 February 2014 - 06:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users