Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious and observed ‘svchost activity’


  • This topic is locked This topic is locked
14 replies to this topic

#1 bikeamtn

bikeamtn

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 03 April 2014 - 11:50 AM

Greetings; I have suspected and observed some ‘svchost activity’ that is alarming and have also noticed some undesirables after an AdwCleaner scan and I Do Not allow ad-Ware on my system (but just posted the Log.txt and have not deleted anything as of yet).

The only ‘add-on’ recently installed was ‘Disconnect’.

 

Your help would be appreciated.

Thanks

 

AdwCleaner LOG:

 

# AdwCleaner v3.023 - Report created 03/04/2014 at 10:25:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : DM - DM-ELITEBOOK
# Running from : C:\Users\DM\Downloads\Utilities\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Users\DM\AppData\Local\PackageAware
Folder Found C:\Users\DM\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\DM\AppData\Roaming\pdfforge

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65139152-0A8B-4016-A12D-12AAB38185F2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

-\\ Google Chrome v

[ File : C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2385 octets] - [03/04/2014 10:25:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2445 octets] ##########

 

 



BC AdBot (Login to Remove)

 


#2 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 03 April 2014 - 11:53 AM

Added;

 

Generally, JAVA is always Disabled in my system.

 

The following I would consider False POS flagged by AdwCleaner:

 

PDFForge - (PDF Maker):
C:\Users\DM\AppData\Roaming\pdfforge

 

SkypeIEPlugin.dll:
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

QuickTimeShellExt:
HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

QuickTimeShellExt:
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

X-Rite Device Services Software Updater:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65139152-0A8B-4016-A12D-12AAB38185F2}


Edited by bikeamtn, 03 April 2014 - 01:21 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 08 April 2014 - 11:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/529820 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 10 April 2014 - 12:11 AM

Hi: the issue (as 1st posted above) is still the same, no further action was done (awaiting for reply).
One added note; a large MS Security Update pack was done this moning and as part it said 'User Account Control' (UAC) was disabled so it was re-enabled but don't seem to think I had disabled it (use to in VISTA as it was problematic but not in Win-7)
 
Yes; I do have OEM OS disc's
 
Attached is 'Attach.Log'
Below is DDS.Log
 
Thanks
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16866
Run by DM at 23:27:39 on 2014-04-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3036.1524 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Disconnect\DisconnectServices.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Disconnect\awesomium_process
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\X-Rite\Devices\Services\xrdd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\bca2kcpan.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Disconnect\DisconnectSystemTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Disconnect\awesomium_process
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\avantvw.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uSearch Bar = Preserve
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Disconnect: {1F455988-C7FF-4121-95A0-F13CA1E0DE5B} - c:\program files\disconnect\DisconnectIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [updateMgr] "c:\program files\adobe\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
uRun: [AdobeBridge] <no file>
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCA2000] c:\windows\system32\bca2kcpan.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\discon~1.lnk - c:\program files\disconnect\DisconnectSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\i1prof~1.lnk - c:\program files\x-rite\i1profiler\i1ProfilerTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicks~1.lnk - c:\program files\plustek\opticfilm 7600i\QuickScan.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xrgamma.lnk - c:\program files\x-rite\i1profiler\XRGamma.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {658A4E36-A334-4C74-84E7-4B0CFE4181E5} - {658A4E36-A334-4C74-84E7-4B0CFE4181E5} - c:\program files\disconnect\disconnectBhoBtn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: google.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.177.7
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262} : DHCPNameServer = 192.168.177.7
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\2456C6B696E6E253143433 : DHCPNameServer = 192.168.177.7
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\2456C6B696E6E253143433F5537484A7 : DHCPNameServer = 192.168.177.7
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\2516D6164616 : DHCPNameServer = 172.20.100.1
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\43E6F6F6E656 : DHCPNameServer = 192.168.177.7
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\4505D234530343 : DHCPNameServer = 106.5.4.1
TCP: Interfaces\{86F6A9B7-435C-4C74-821D-5725BBA2C262}\A6F65616E64636F6275697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E424FDA3-4578-420E-A287-305F68FEB229} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E424FDA3-4578-420E-A287-305F68FEB229} : DHCPNameServer = 192.168.177.7
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-2-20 171680]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2014-3-17 22312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-15 176128]
R2 DisconnectServices;Disconnect REST Services;c:\program files\disconnect\DisconnectServices.exe [2014-3-11 83824]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-1-10 105760]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-12-18 5120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-11-25 2058776]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2012-9-8 10240]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2012-12-25 520576]
R2 xrdd.exe;X-Rite Device Services Manager;c:\program files\x-rite\devices\services\xrdd.exe [2013-7-2 82800]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-3-1 482176]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-11-25 221912]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-31 7122944]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-25 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;"c:\program files\common files\intuit\update service v4\intuitupdateservice.exe" --> c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BCA2000;Behringer BCA2000 V2.1.0.6;c:\windows\system32\drivers\BCA2000.SYS [2011-6-25 94624]
S3 BCA2000WDM;Behringer BCA2000WDM V2.1.0.6;c:\windows\system32\drivers\BCA2000WDM.SYS [2011-6-25 27328]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-25 29472]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2014-4-4 20328]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-12-25 11680]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-10-19 227600]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-26 14848]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-25 49152]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 synasusb;eLicenser;c:\windows\system32\drivers\synasusb.sys [2013-1-31 23696]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-26 49664]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-12-25 69024]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-12-25 13728]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-25 1343400]
S4 MopUPS;MopUPS;c:\program files\chloride power\mopups\ups.exe [2012-3-3 450560]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-09 13:38:37 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 13:38:37 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 13:38:37 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 13:38:37 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 13:38:35 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-04 20:28:01 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2014-04-04 20:28:01 -------- d-----w- c:\windows\Java
2014-04-04 20:27:56 -------- d-----w- c:\program files\CPUID
2014-04-03 15:24:52 -------- d-----w- C:\AdwCleaner
2014-04-01 01:21:30 -------- d-----w- c:\users\dm\HeathCareGov
2014-03-28 19:07:34 -------- d-----w- c:\program files\CrystalDiskInfo
2014-03-25 17:29:08 -------- d-----w- c:\users\dm\appdata\local\HHD Software
2014-03-18 01:30:02 22312 ----a-w- c:\windows\system32\drivers\rsdrv.sys
2014-03-13 09:21:01 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 09:21:00 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 09:21:00 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 09:21:00 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 09:20:59 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-11 22:26:05 -------- d-----w- c:\program files\Windows Imaging
2014-03-11 22:24:29 -------- d-----w- c:\program files\Windows AIK
2014-03-11 18:00:00 -------- d-----w- c:\programdata\Disconnect
2014-03-11 14:37:57 -------- d-----w- c:\program files\Disconnect
.
==================== Find3M  ====================
.
2014-03-13 05:10:47 1766400 ----a-w- c:\windows\system32\wininet.dll
2014-03-13 05:09:43 2877952 ----a-w- c:\windows\system32\jscript9.dll
2014-03-13 05:09:39 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-03-13 05:09:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-13 04:47:33 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-13 03:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-12 03:49:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 03:49:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-28 19:08:45 167048 ----a-w- c:\windows\HOTVIEW.EXE
2014-01-17 22:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 22:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS725032A9A364 rev.PC3OC70E -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82E1E000]<< >>UNKNOWN [0x8B7CA000]<< >>UNKNOWN [0x8B9E8000]<< >>UNKNOWN [0x8B9DF000]<< >>UNKNOWN [0x83231000]<< >>UNKNOWN [0x8B200000]<< >>UNKNOWN [0x8B407000]<< >>UNKNOWN [0x8B223000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82E54BBA] -> \Device\Harddisk0\DR0[0x8660C030]
\Driver\Disk[0x8660AC08] -> IRP_MJ_CREATE -> 0x8B7CE39F
3 [0x8B7CE59E] -> ntkrnlpa!IofCallDriver[0x82E54BBA] -> [0x8660B898]
\Driver\hpdskflt[0x865B68C8] -> IRP_MJ_CREATE -> 0x8B9E0EB2
5 [0x8B9E0F92] -> ntkrnlpa!IofCallDriver[0x82E54BBA] -> \Device\Ide\IdeDeviceP2T0L0-4[0x86102908]
\Driver\atapi[0x864DF2F8] -> IRP_MJ_CREATE -> 0x8B21A8CE
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:28:55.72 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2010 8:48:22 PM
System Uptime: 4/9/2014 7:46:12 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30DC
Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 297 GiB total, 157.858 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0.098 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 75 GiB total, 10.442 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Device ID: USB\VID_03F0&PID_171D\5&151D3890&0&1
Manufacturer: Broadcom
Name: HP Integrated Module with Bluetooth 2.0 Wireless Technology
PNP Device ID: USB\VID_03F0&PID_171D\5&151D3890&0&1
Service: BTHUSB
.
==== System Restore Points ===================
.
RP350: 3/11/2014 5:24:06 PM - Installed Windows Automated Installation Kit
RP351: 3/13/2014 4:21:05 AM - Windows Update
RP352: 3/13/2014 9:07:25 AM - Installed Disconnect
RP353: 3/13/2014 9:18:14 AM - Removed Disconnect
RP354: 3/13/2014 9:26:20 AM - Installed Disconnect
RP355: 3/20/2014 3:48:31 PM - Scheduled Checkpoint
RP356: 3/25/2014 12:28:46 PM - Installed HHD Software Hex Editor Neo 5.14
RP357: 4/1/2014 6:58:47 PM - Scheduled Checkpoint
RP358: 4/8/2014 9:08:57 PM - Scheduled Checkpoint
RP359: 4/9/2014 8:39:21 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Audition 2.0
Adobe Audition 3.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 5 Web Premium
Adobe Flash Player 12 ActiveX
Adobe Help Center 2.0
Adobe Media Player
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
Advanced PSD Repair v1.4
AGEIA PhysX v7.09.13
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avant Browser (remove only)
Bonjour
CanoScan Toolbox Ver4.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CrystalDiskInfo 6.1.9a
D3DX10
Disconnect
DivX Setup
DriveRack PA+ Updater
eLicenser Control
Eraser 6.0.8.2273
eReg
ESET NOD32 Antivirus
FileSearchEX
FLV Player
Google Chrome
Google Earth
Google Update Helper
HD Tune Pro 5.50
HHD Software Hex Editor Neo 5.14
HP 3D DriveGuard
HP ESU for Microsoft Windows 7
HP Integrated Module with Bluetooth wireless technology
HP Officejet Pro 8100 Basic Device Software
HP Product Detection
HP Quick Launch Buttons
HP Webcam
HP Webcam Application
i-Sound Recorder Pro 7.0.3.0
i1Profiler
Intel PROSet Wireless
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Intel® Active Management Technology
Internet Explorer (Enable DEP)
IrfanView (remove only)
iTunes
Java 7 Update 51
Java Auto Updater
K-Lite Codec Pack 9.2.0 (Basic)
LightScribe System Software
Logitech SetPoint 6.52
LSI HDA Modem
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Filter Pack 2.0
Microsoft LifeCam
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Pro Photo Tools
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixPad Audio Mixer
MobileMe Control Panel
MopUPS
Movie Maker
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Tag Tool
Nero 7 Essentials
neroxml
OpticFilm 7600i
PC Wizard 2010.1.96
PDF Settings CS5
PDFCreator
Photo Common
Photo Gallery
PhotoME
QLBCASL
Quicken 2005
QuickTime 7
RICOH Media Driver
Samsung ML-2150 Series PS
Samsung RAW Converter 4
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SilverFast UScan 6.6.2r5
Skype™ 6.11
SoundMAX
swMSM
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TouchCopy 12
TurboTax 2012
TurboTax 2012 waliper
TurboTax 2012 wfliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Typograf 5.1d
U232 P9/P25 10.2.98
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.8
Wacom Tablet
WavePad Sound Editor
WebTablet FB Plugin 32 bit
WinAce Archiver
Windows Automated Installation Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X-Rite Device Services Manager
.
==== Event Viewer Messages From Past Week ========
.
4/9/2014 7:49:34 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The system cannot find the file specified.
4/9/2014 7:47:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20
4/9/2014 7:47:24 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
4/9/2014 7:47:24 PM, Error: atikmdag [43029] - Display is not active
4/8/2014 7:55:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 11 April 2014 - 09:46 PM.
Posted Attach log


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 11 April 2014 - 09:42 PM

Greetings bikeamtn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 13 April 2014 - 02:12 PM

Hi Gary; Dave here, your help is appreciated.

 

FRST results

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014
Ran by DM (administrator) on DM-ELITEBOOK on 13-04-2014 12:33:39
Running from C:\Users\DM\Downloads\Utilities
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X-Rite Inc.) C:\Program Files\X-Rite\Devices\Services\xrdd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Behringer Spezielle Studiotechnik GmbH) C:\Windows\System32\bca2kcpan.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 

==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358936 2009-07-15] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2010-10-19] (Intel® Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCA2000] => C:\Windows\system32\bca2kcpan.exe [946176 2011-06-25] (Behringer Spezielle Studiotechnik GmbH)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [Google Update] => C:\Users\DM\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-06-16] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {4FE8B5B7-356C-4EEE-A507-D3D85DF61903} URL = http://www.hulu.com/search?query={searchTerms}&ref=os
SearchScopes: HKCU - {7126F721-9B8D-410C-97D7-AC17F35E9C18} URL = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
SearchScopes: HKCU - {C5D49D5F-032B-439F-B3B9-623F1C235154} URL = https://searchbeta.disconnect.me/searchTerms/search?query={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.177.7
Tcpip\..\Interfaces\{E424FDA3-4578-420E-A287-305F68FEB229}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\DM\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\DM\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-24]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-04-09]
 
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\DM\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\DM\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\DM\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\DM\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-27]
CHR Extension: (Google Drive) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-27]
CHR Extension: (YouTube) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Google Search) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (Logitech SetPoint) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-07-27]
CHR Extension: (Google Wallet) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-27]
CHR Extension: (Gmail) - C:\Users\DM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\DM\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
S4 MopUPS; C:\Program Files\Chloride Power\MopUPS\ups.exe [450560 2011-03-23] (Chloride Power)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2010-10-19] ()
S3 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [520576 2012-10-29] (Wacom Technology, Corp.)
R2 xrdd.exe; C:\Program Files\X-Rite\Devices\Services\xrdd.exe [82800 2013-07-02] (X-Rite Inc.)
S2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
S3 BCA2000; C:\Windows\System32\Drivers\BCA2000.SYS [94624 2011-06-25] (Behringer Spezielle Studiotechnik GmbH)
S3 BCA2000WDM; C:\Windows\System32\Drivers\BCA2000WDM.SYS [27328 2011-06-25] (Behringer Spezielle Studiotechnik GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [105760 2013-01-10] (ESET)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows ® Win 7 DDK provider)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7122944 2010-10-18] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
S3 synasusb; C:\Windows\System32\Drivers\synasusb.sys [23696 2011-12-14] (Steinberg Media Technologies GmbH)
S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp.sys [23296 2004-05-05] (Magic Control Technology Corp.)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [10240 2013-07-10] (Nicomsoft Ltd.)
S3 cpuz130; \??\C:\Users\DM\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [X]
U4 eabfiltr;
S3 NETw5s32; system32\DRIVERS\NETw5s32.sys [X]
S0 PxHelp20; system32\DRIVERS\PxHelp20.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 

==================== One Month Created Files and Folders ========
 
2014-04-13 12:31 - 2014-04-13 12:33 - 00000000 ____D () C:\FRST
2014-04-13 12:15 - 2014-04-13 12:16 - 00000000 ____D () C:\Users\DM\Documents\Bike Cycling
2014-04-11 14:55 - 2014-04-11 14:57 - 00000000 ____D () C:\Users\DM\Downloads\Browsers
2014-04-11 09:20 - 2014-04-11 09:20 - 00000385 _____ () C:\Users\DM\Documents\Support_Seagate-FreeAgent GoFlex.txt
2014-04-09 23:29 - 2014-04-09 23:29 - 00007203 _____ () C:\Users\DM\Desktop\attach.txt
2014-04-09 23:29 - 2014-04-09 23:28 - 00018944 _____ () C:\Users\DM\Desktop\dds.txt
2014-04-09 08:39 - 2014-03-13 00:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 08:39 - 2014-03-13 00:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 08:39 - 2014-03-13 00:10 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 08:39 - 2014-03-13 00:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 08:39 - 2014-03-13 00:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 08:39 - 2014-03-12 23:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 08:39 - 2014-03-12 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-09 08:38 - 2014-03-04 04:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:38 - 2014-02-03 21:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 08:38 - 2014-02-03 21:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 08:38 - 2014-02-03 21:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 08:38 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 08:38 - 2014-01-23 21:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 09:59 - 2014-04-04 10:15 - 00000000 ____D () C:\Users\Public\Lara-eMail
2014-04-03 20:10 - 2014-04-04 15:08 - 00000397 _____ () C:\Users\DM\Documents\Brotherhood of the Guitar.txt
2014-04-03 10:24 - 2014-04-03 10:26 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:14 - 2014-04-03 00:14 - 00001365 _____ () C:\Users\DM\Documents\Dogs from Sochi Rescued by US Shelter.txt
2014-04-02 20:54 - 2014-04-02 20:54 - 00000112 _____ () C:\Users\DM\Desktop\eBay Commerce Network.txt
2014-04-01 12:24 - 2014-04-01 12:28 - 00000000 ____D () C:\Users\DM\Downloads\FB Data
2014-03-31 20:21 - 2014-03-31 20:30 - 00000000 ____D () C:\Users\DM\HeathCareGov
2014-03-28 14:01 - 2014-04-13 12:33 - 00000000 ____D () C:\Users\DM\Downloads\Utilities
2014-03-28 12:24 - 2014-03-28 12:25 - 00000000 ____D () C:\Users\DM\Downloads\SeagateGoFlex
2014-03-27 16:48 - 2014-03-27 16:48 - 00000043 _____ () C:\Users\DM\Desktop\U-Verse-IP.txt
2014-03-26 16:10 - 2014-03-26 16:10 - 00000050 _____ () C:\Users\DM\Documents\Urban Word Usage.txt
2014-03-25 12:31 - 2014-03-25 12:31 - 00000000 __SHD () C:\Users\Public\DRM
2014-03-25 09:39 - 2014-03-25 09:41 - 00000000 ____D () C:\Users\DM\Downloads\EMET ToolKit
2014-03-22 16:27 - 2014-03-22 20:45 - 00000000 ____D () C:\Users\DM\Documents\DramClaims
2014-03-17 20:30 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrv.sys
2014-03-17 20:27 - 2014-03-17 20:28 - 00000000 ____D () C:\Users\DM\Downloads\Recovery
2014-03-16 01:34 - 2014-03-16 01:34 - 00000000 ____D () C:\Users\DM\Downloads\Always On Top
2014-03-15 09:34 - 2014-03-17 14:42 - 00000000 ____D () C:\Users\DM\Documents\Div-2014
 
==================== One Month Modified Files and Folders =======
 
2014-04-13 12:33 - 2014-04-13 12:31 - 00000000 ____D () C:\FRST
2014-04-13 12:33 - 2014-03-28 14:01 - 00000000 ____D () C:\Users\DM\Downloads\Utilities
2014-04-13 12:30 - 2013-05-26 08:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 12:23 - 2013-10-13 19:00 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec8706be705fd.job
2014-04-13 12:16 - 2014-04-13 12:15 - 00000000 ____D () C:\Users\DM\Documents\Bike Cycling
2014-04-13 12:03 - 2012-06-16 15:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000UA.job
2014-04-13 10:07 - 2010-11-26 16:01 - 00000000 ____D () C:\Users\DM\AppData\Local\Adobe
2014-04-13 10:04 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:04 - 2009-07-13 23:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:02 - 2010-11-24 21:40 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 09:59 - 2010-11-24 03:39 - 01201502 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 09:58 - 2013-08-19 13:55 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 09:58 - 2013-08-06 12:17 - 00001332 ____H () C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job
2014-04-13 09:57 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 09:57 - 2009-07-13 23:39 - 00172013 _____ () C:\Windows\setupact.log
2014-04-12 15:25 - 2013-01-27 14:03 - 00000132 _____ () C:\Users\DM\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-04-12 09:03 - 2012-06-16 15:09 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000Core.job
2014-04-12 08:23 - 2011-12-18 08:41 - 00007608 _____ () C:\Users\DM\AppData\Local\resmon.resmoncfg
2014-04-11 21:58 - 2011-02-06 08:55 - 00000000 ____D () C:\Users\DM\AppData\Local\CrashDumps
2014-04-11 17:12 - 2011-01-01 19:44 - 00000000 ____D () C:\Users\Public\Login
2014-04-11 15:03 - 2014-01-09 17:31 - 00000000 ____D () C:\Users\Public\2014 Purchases
2014-04-11 14:57 - 2014-04-11 14:55 - 00000000 ____D () C:\Users\DM\Downloads\Browsers
2014-04-11 14:14 - 2011-04-25 00:41 - 00000000 ____D () C:\Users\Public\TurboTax
2014-04-11 10:04 - 2013-01-27 14:50 - 00000000 ____D () C:\Program Files\SeaTools
2014-04-11 09:38 - 2011-04-19 20:13 - 00000000 ____D () C:\Users\DM\Documents\GCC
2014-04-11 09:28 - 2012-12-03 21:05 - 00000318 _____ () C:\Users\Public\Documents\GaryRyContacts.txt
2014-04-11 09:20 - 2014-04-11 09:20 - 00000385 _____ () C:\Users\DM\Documents\Support_Seagate-FreeAgent GoFlex.txt
2014-04-11 08:33 - 2014-03-11 09:37 - 00000000 ____D () C:\Program Files\Disconnect
2014-04-10 10:26 - 2011-01-01 19:28 - 00000000 ____D () C:\Users\Public\Resume
2014-04-10 08:00 - 2013-08-06 12:16 - 00000376 _____ () C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2014-04-09 23:43 - 2010-11-24 21:48 - 00000000 ____D () C:\Users\DM\AppData\Local\VirtualStore
2014-04-09 23:29 - 2014-04-09 23:29 - 00007203 _____ () C:\Users\DM\Desktop\attach.txt
2014-04-09 23:28 - 2014-04-09 23:29 - 00018944 _____ () C:\Users\DM\Desktop\dds.txt
2014-04-09 20:27 - 2011-01-01 19:31 - 00000000 ____D () C:\Users\Public\Articles
2014-04-09 17:36 - 2013-11-11 11:49 - 00000000 ____D () C:\Users\DM\Downloads\VG-Rip2.9.5.0
2014-04-09 13:36 - 2013-12-05 12:59 - 00000000 ____D () C:\Program Files\Avant Browser
2014-04-09 12:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-04-09 09:21 - 2013-09-26 17:52 - 00000000 ____D () C:\Users\DM\Documents\CyberCrimes
2014-04-09 08:50 - 2013-07-19 10:53 - 00000000 ____D () C:\Users\DM\Downloads\Avant Browser
2014-04-09 08:45 - 2010-11-25 21:56 - 00651644 _____ () C:\Windows\PFRO.log
2014-04-09 08:43 - 2009-07-13 21:04 - 00000499 _____ () C:\Windows\win.ini
2014-04-09 08:42 - 2013-07-12 16:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 08:40 - 2010-11-25 00:05 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 00:28 - 2011-01-01 19:33 - 00000000 ____D () C:\Users\Public\DCM_Web
2014-04-08 10:10 - 2014-02-25 11:53 - 00000000 ____D () C:\Users\DM\Documents\Behavior
2014-04-07 12:16 - 2013-01-13 13:45 - 00000000 ____D () C:\Users\DM\AlUn
2014-04-07 10:29 - 2011-04-03 11:55 - 00000000 ____D () C:\Users\DM\PPL
2014-04-06 20:06 - 2013-12-03 14:18 - 00000000 ____D () C:\Users\DM\Documents\Climate-Polution
2014-04-05 20:50 - 2011-10-29 11:16 - 00000132 _____ () C:\Users\DM\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-04-05 12:49 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 12:38 - 2012-02-08 08:43 - 00000000 ____D () C:\Users\Public\Products
2014-04-04 15:26 - 2011-08-05 22:17 - 00000000 ____D () C:\Users\Public\2011Purchases
2014-04-04 15:08 - 2014-04-03 20:10 - 00000397 _____ () C:\Users\DM\Documents\Brotherhood of the Guitar.txt
2014-04-04 10:15 - 2014-04-04 09:59 - 00000000 ____D () C:\Users\Public\Lara-eMail
2014-04-04 09:59 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-04-03 10:26 - 2014-04-03 10:24 - 00000000 ____D () C:\AdwCleaner
2014-04-03 00:14 - 2014-04-03 00:14 - 00001365 _____ () C:\Users\DM\Documents\Dogs from Sochi Rescued by US Shelter.txt
2014-04-02 23:27 - 2009-07-13 23:53 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-02 20:54 - 2014-04-02 20:54 - 00000112 _____ () C:\Users\DM\Desktop\eBay Commerce Network.txt
2014-04-02 17:37 - 2013-07-07 10:38 - 00000000 ____D () C:\Users\DM\SAR
2014-04-02 09:34 - 2013-04-12 23:23 - 00000090 _____ () C:\Windows\eFaxView.ini
2014-04-01 12:28 - 2014-04-01 12:24 - 00000000 ____D () C:\Users\DM\Downloads\FB Data
2014-03-31 20:30 - 2014-03-31 20:21 - 00000000 ____D () C:\Users\DM\HeathCareGov
2014-03-31 20:21 - 2010-11-24 21:48 - 00000000 ____D () C:\Users\DM
2014-03-30 09:33 - 2013-03-02 22:35 - 00000000 ____D () C:\Users\DM\Documents\PhoneScams
2014-03-29 08:53 - 2013-12-13 18:29 - 00000000 ____D () C:\Users\DM\Documents\Jobs-Economics
2014-03-28 12:25 - 2014-03-28 12:24 - 00000000 ____D () C:\Users\DM\Downloads\SeagateGoFlex
2014-03-27 16:48 - 2014-03-27 16:48 - 00000043 _____ () C:\Users\DM\Desktop\U-Verse-IP.txt
2014-03-26 23:15 - 2014-03-11 13:32 - 00001893 _____ () C:\Users\DM\Documents\CBS News_The Data Brokers- Selling your personal information.txt
2014-03-26 16:10 - 2014-03-26 16:10 - 00000050 _____ () C:\Users\DM\Documents\Urban Word Usage.txt
2014-03-25 12:31 - 2014-03-25 12:31 - 00000000 __SHD () C:\Users\Public\DRM
2014-03-25 09:41 - 2014-03-25 09:39 - 00000000 ____D () C:\Users\DM\Downloads\EMET ToolKit
2014-03-24 12:40 - 2013-08-26 10:58 - 00000000 ____D () C:\Users\Public\Jobs
2014-03-22 20:45 - 2014-03-22 16:27 - 00000000 ____D () C:\Users\DM\Documents\DramClaims
2014-03-21 15:31 - 2011-03-02 21:22 - 00000000 ____D () C:\Users\DM\AppData\Roaming\Canon
2014-03-17 20:28 - 2014-03-17 20:27 - 00000000 ____D () C:\Users\DM\Downloads\Recovery
2014-03-17 15:47 - 2013-08-24 09:09 - 00000000 ____D () C:\Users\DM\AppData\Roaming\vlc
2014-03-17 14:42 - 2014-03-15 09:34 - 00000000 ____D () C:\Users\DM\Documents\Divorce-2014
2014-03-16 01:34 - 2014-03-16 01:34 - 00000000 ____D () C:\Users\DM\Downloads\Always On Top
2014-03-15 11:52 - 2012-01-11 22:11 - 00000000 ____D () C:\Users\Public\2012 Purchases
 
Files to move or delete:
====================
C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job
 

Some content of TEMP:
====================
C:\Users\DM\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\DM\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\DM\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\DM\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DM\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Guest\AppData\Local\Temp\DivXSetup.exe
 

==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 

LastRegBack: 2014-04-09 08:10
 
==================== End Of Log ============================
 
 
Addition log --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014
Ran by DM at 2014-04-13 12:34:10
Running from C:\Users\DM\Downloads\Utilities
Boot Mode: Normal
==========================================================
 

==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Audition 2.0 (HKLM\...\Adobe Audition 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Audition 2.0 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (HKLM\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Creative Suite 5 Web Premium (HKLM\...\{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Advanced PSD Repair v1.4 (HKLM\...\Advanced PSD Repair v1.4) (Version:  - )
AGEIA PhysX v7.09.13 (HKLM\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D4BEDE0D-BE09-F5C9-C10B-09EF2B7A8525}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0915.2144.37147 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0915.2144.37147 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0915.2144.37147 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0915.2144.37147 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0915.2144.37147 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0915.2144.37147 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Czech (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Danish (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Dutch (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help English (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Finnish (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help French (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help German (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Greek (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Italian (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Japanese (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Korean (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Polish (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Russian (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Spanish (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Swedish (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Thai (Version: 2009.0915.2143.37147 - ATI) Hidden
CCC Help Turkish (Version: 2009.0915.2143.37147 - ATI) Hidden
ccc-core-static (Version: 2009.0915.2144.37147 - ATI) Hidden
ccc-utility (Version: 2009.0915.2144.37147 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
DriveRack PA+ Updater (HKLM\...\DriveRack PA+ Updater) (Version: 1.0.1.0 - dbx Professional Products)
DriveRack PA+ Updater (Version: 1.0.1.0 - dbx Professional Products) Hidden
eLicenser Control (HKLM\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{ECD2AA58-5F23-4222-B2ED-143BB23021A3}) (Version: 6.0.316.0 - ESET, spol s r. o.)
FileSearchEX (HKLM\...\FileSearchEX) (Version: 1.0.8.8 - GOFF Concepts LLC)
FLV Player (HKLM\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM\...\{8088E6E2-AFDA-4337-AA29-BA19ABF7D04A}) (Version: 1.1.5.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{3448CD30-FA95-4F9D-8FC3-BF24B92AB212}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.18.1 - Hewlett-Packard Company)
HP Webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.39017.0 - Sonix)
HP Webcam Application (HKLM\...\{154E4F71-DFC0-4B31-8D99-F97615031B02}) (Version: 1.0.065.0612 - Chicony Electronics Co.,Ltd.)
i1Profiler (HKLM\...\i1Profiler_is1) (Version: 1.5.0 - X-Rite)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
i-Sound Recorder Pro 7.0.3.0 (HKLM\...\i-Sound Recorder for Windows 7_is1) (Version: 7.0.3.0 - AbyssMedia.com)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.2.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Pro Photo Tools (HKLM\...\{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}) (Version: 2.2 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MixPad Audio Mixer (HKLM\...\MixPad) (Version:  - NCH Software)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
MopUPS (HKLM\...\MopUPS) (Version:  - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Tag Tool (HKLM\...\{72ECCCC7-0E84-43B4-8923-2BAD8C881394}) (Version: 3.03 - Wide Angle Software)
Nero 7 Essentials (HKLM\...\{3A30E6C4-8872-4BDA-8A0D-7502422F1033}) (Version: 7.02.7638 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpticFilm 7600i (HKLM\...\{A6B5921C-E1C5-4592-B363-F7E616EA14D4}) (Version: 4.1.0 - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoME (HKLM\...\PhotoME_is1) (Version: 0.79R17 - Jens Duttke)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Quicken 2005 (HKLM\...\InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}) (Version: 14.00.0000 - Intuit)
Quicken 2005 (Version: 14.00.0000 - Intuit) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Samsung ML-2150 Series PS (HKLM\...\Samsung ML-2150 Series PS) (Version:  - )
Samsung RAW Converter 4 (HKLM\...\InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}) (Version: 4 - Samsung)
Samsung RAW Converter 4 (Version: 4 - Samsung) Hidden
SilverFast UScan 6.6.2r5 (HKLM\...\SilverFast UScan) (Version:  - LaserSoft Imaging AG)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Technical Support Web Controls (HKLM\...\{20C53FA2-4307-4671-A93F-9463B29DFCF1}) (Version: 3.5.3 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}) (Version: 4.4.16.0 - Husdawg, LLC)
TouchCopy 12 (HKLM\...\{6EA3693F-4C2D-4F2D-A79F-ADEFEAA077FD}) (Version: 12.11 - Wide Angle Software)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 waliper (Version: 012.000.1233 - Intuit Inc.) Hidden
TurboTax 2012 wfliper (Version: 012.000.1230 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
Typograf 5.1d (HKLM\...\Typograf) (Version: 5.1d - Neuber Software)
U232 P9/P25 10.2.98 (HKLM\...\{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}) (Version: 10.2.98 - MCT)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.4-3 - Wacom Technology Corp.)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WinAce Archiver (HKLM\...\WinAce Archiver) (Version: 2.6 - e-merge GmbH)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
X-Rite Device Services Manager (HKLM\...\{425E7005-9EC8-4CFC-818A-D3511CE343B7}) (Version: 2.3.75 - X-Rite)
 
==================== Restore Points  =========================
 
13-03-2014 09:21:05 Windows Update
13-03-2014 14:07:25 Installed Disconnect
13-03-2014 14:18:14 Removed Disconnect
13-03-2014 14:26:20 Installed Disconnect
20-03-2014 20:48:31 Scheduled Checkpoint
25-03-2014 17:28:46 Installed HHD Software Hex Editor Neo 5.14
01-04-2014 23:58:47 Scheduled Checkpoint
09-04-2014 02:08:57 Scheduled Checkpoint
09-04-2014 13:39:21 Windows Update
11-04-2014 13:32:09 Removed Disconnect
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04CC71B0-2C38-4B0A-9F4E-49F42944BEEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000UA => C:\Users\DM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {09167E27-F424-4588-9F19-860B71F3B2FC} - System32\Tasks\{C4364927-D415-4670-9587-FA996411B0F5} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;userlevelpresent
Task: {0E471633-0A50-4B8D-B74D-7016512F6550} - System32\Tasks\{829CFD48-F6B6-4CA6-B370-44B510138C82} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {1A52FBA7-8FD3-4A4B-B7F5-AC44DA8EFC57} - System32\Tasks\AdobeAAMUpdater-1.0-DM-EliteBook-DM => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {22F524C4-376C-4849-9AAE-37B93705C155} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000Core => C:\Users\DM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {2718C90C-18B1-4527-94A2-1BF321687EE4} - System32\Tasks\{2B834053-BF63-432F-AB67-CABA90C6BB1D} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {545B66B2-1F77-49D6-A5C6-475DBE7D1D5F} - System32\Tasks\{3E2399E1-351A-4E56-BFD0-C37FDD5C85A4} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {62056400-3DC5-475A-8D8E-A13BFFF335DA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {629A4357-19EF-45BE-9794-6572C8437882} - System32\Tasks\{37F7B0F7-2644-46CB-9118-04553B7E0A0E} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {64F83416-353A-4851-B136-8C26EFFDE681} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {65139152-0A8B-4016-A12D-12AAB38185F2} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files\X-Rite\Devices\Services\XRD Software Update.exe [2013-07-02] (X-Rite Inc.)
Task: {7DB3C59A-A415-4A8F-AFC4-C94207A9A9A1} - System32\Tasks\{8026C47F-096F-4445-A24E-F1DD650ECE49} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {88E16BBF-C0AB-45CA-969C-9C5D002745CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {8D23AB83-7761-4BE8-9075-C1A976860387} - System32\Tasks\{7CDA5BB8-2A30-49FF-BE3A-63BF833C5346} => C:\Program Files\Adobe\Distillr\acrodist.exe
Task: {A862F830-BC43-444F-9A42-04739F9BC370} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AA23FF8E-CCF0-43D8-ABB8-F0312E918CC3} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {AB66AA56-DE2B-4BCE-806F-9B5D71591416} - System32\Tasks\{6A9C1C5F-1EDF-4006-97CA-5842229679DD} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {B241AA08-4494-4870-9794-9D77866D823E} - System32\Tasks\GoogleUpdateTaskMachineUA1cec8706be705fd => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {DE3E2C1C-5160-4E7C-98D2-0D77A964580C} - System32\Tasks\{7362064D-0603-49A3-8B06-E899C8CB35A2} => C:\Program Files\Adobe\Acrobat\acrobat_sl.exe
Task: {DEDEE6CB-80D7-4F06-9360-5E0B228E9F64} - System32\Tasks\{BCC3D3AB-3612-4B5D-BF6B-5646A849E5E3} => C:\Program Files\Adobe\Acrobat\Acrobat.exe
Task: {E6E50B87-8E77-4F74-9323-38E57CF850B0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {F09FCDB5-AC37-40D2-B990-D6A4E08413FF} - System32\Tasks\{4BF0E72E-73E6-4DA0-B577-F2DB18BD8436} => C:\Program Files\Adobe\Designer 7.0\FormDesigner.exe
Task: {F67C8988-99E2-4F0B-BF07-21B20DD43C64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {F71E22A3-6117-4D00-A2CB-E9B5B6BEB5A2} - System32\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7} => C:\Users\DM\AppData\Local\Temp\is-020L3.tmp\XRD Manager.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cec8706be705fd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000Core.job => C:\Users\DM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4043223989-4112046305-459434020-1000UA.job => C:\Users\DM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files\X-Rite\Devices\Services\XRD Software Update.exe
Task: C:\Windows\Tasks\{425E7005-9EC8-4CFC-818A-D3511CE343B7}.job => C:\Users\DM\AppData\Local\Temp\is-020L3.tmp\XRD Manager.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-21 13:29 - 2013-06-21 13:29 - 01588224 _____ () C:\Program Files\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 13:29 - 2013-06-21 13:29 - 02633728 _____ () C:\Program Files\X-Rite\Devices\colormunki\colormunki.dll
2012-12-25 20:16 - 2012-10-29 09:14 - 00963456 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 12:40 - 2009-06-17 12:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-03-24 20:20 - 2009-03-27 16:22 - 00339968 _____ () C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
2012-03-24 20:20 - 2008-05-28 13:55 - 00086016 _____ () C:\Program Files\Plustek\OpticFilm 7600i\plkcom32.dll
2012-03-24 20:20 - 2010-08-26 18:36 - 00884736 _____ () C:\Program Files\Plustek\OpticFilm 7600i\ScndrvU.drv
2012-03-24 20:20 - 2004-04-06 18:45 - 00040960 _____ () C:\Program Files\Plustek\OpticFilm 7600i\DetectSession.dll
2009-06-10 17:30 - 2009-06-10 17:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-25 20:52 - 2010-11-25 20:52 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:6724CB45
AlternateDataStreams: C:\Users\Public\DRM:احتضان
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: MopUPS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DriveRack PA+ Updater.lnk => C:\Windows\pss\DriveRack PA+ Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: TypografFontSets => c:\program files\typograf\fontsets.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.0 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2014 11:00:11 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3058
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3058
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 

System errors:
=============
Error: (04/13/2014 09:59:50 AM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%2
 
Error: (04/13/2014 09:58:46 AM) (Source: DCOM) (User: DM-EliteBook)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}DM-EliteBookDMS-1-5-21-4043223989-4112046305-459434020-1000LocalHost (Using LRPC)
 
Error: (04/13/2014 09:57:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PxHelp20
 
Error: (04/13/2014 09:57:41 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (04/13/2014 09:57:41 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (04/13/2014 00:02:55 AM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%2
 
Error: (04/13/2014 00:00:52 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PxHelp20
 
Error: (04/13/2014 00:00:45 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (04/13/2014 00:00:45 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (04/12/2014 09:45:08 PM) (Source: atikmdag) (User: )
Description: Display is not active
 

Microsoft Office Sessions:
=========================
Error: (04/13/2014 11:00:11 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056
 
Error: (04/12/2014 11:23:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3058
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3058
 
Error: (04/12/2014 11:23:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2044
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2044
 
Error: (04/12/2014 11:23:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 

==================== Memory info ===========================
 
Percentage of memory in use: 29%
Total physical RAM: 3036.27 MB
Available physical RAM: 2125.7 MB
Total Pagefile: 6070.82 MB
Available Pagefile: 4817.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.08 GB) (Free:157.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.1 GB) FAT32
Drive f: () (Removable) (Total:15.01 GB) (Free:12.84 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=297 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
And System Summary Information is attached.
 
Who the hell remarked the ADS: DRM: احتضان    
 
I need to fix the Outlook (Source: Bonjour Service) Error, that happened from iTunes Update issue.
 
Thanks

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 13 April 2014 - 10:42 PM

Hi Dave,

Sorry about the delay in responding. Even though I am subscribed to the post I never received a notification you responded. Oh well, we are together and it is time to go to work!

Can you confirm you are aware this is on your system.

X-Rite Device Services Manager

Can you explain what svchost activity was alarming to you? Do you have specifics?

Please do this.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [AdobeBridge] => [X]
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} -  No File
U4 eabfiltr;
AlternateDataStreams: C:\ProgramData\TEMP:6724CB45
AlternateDataStreams: C:\Users\Public\DRM:احتضان
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • What symptoms are you currently experiencing?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 14 April 2014 - 12:41 AM

Gary, No problem I understand.

 

ok; I did the following.

 

'X-Rite' is a Color Match (probe) USB device for monitor calibration.

 

FYI: the Copy & Paste of 'fixlist' script would not save because of ANSI default, change to Unicode and saved.

[fixlistLog is copied below]

 

In FixlistLog: For notation "C:\ProgramData\TEMP:6724CB45" => File could not move.

I checked and TEMP folder is empty.

 

I finished by running AdwClean and deleted listed adware components (as in my 1st post).

 

Lastly

For maybe five months sometimes I’d click to launch a program or do a file save and the computer would hesitate. When I would check services running in Resource Monitor, I’d see unidentified svchost activity and that was alarming to me, CPU would kickup also. First thought I was X-Rite as I’ve complained to support it uses needless net-activity and updated the drive. I’ve been also testing web-browsers security and going to some sites for exposure but I normally have Scripting, ActiveX, Java and Flash disabled. Was thinking I had gotten a bug. I see from the logs that attempts had been made but incomplete. Next time will do that in VM / sandbox.

 

If you don't see anything else, I think that's it. This was my first time here and all of you are great.

 

Thanks so much Gray.

 

------------------------------------------------------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2014
Ran by DM at 2014-04-13 23:11:54 Run:1
Running from C:\Users\DM\Downloads\Utilities
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4043223989-4112046305-459434020-1000\...\Run: [AdobeBridge] => [X]
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} -  No File
U4 eabfiltr;
AlternateDataStreams:
C:\ProgramData\TEMP:6724CB45
AlternateDataStreams: C:\Users\Public\DRM:احتضان

*****************

HKU\S-1-5-21-4043223989-4112046305-459434020-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10CECF4F-A96E-4803-8AC2-F565FB29FF47} => Value deleted successfully.
HKCR\CLSID\{10CECF4F-A96E-4803-8AC2-F565FB29FF47} => Key not found.
eabfiltr => Service deleted successfully.
Could not move "C:\ProgramData\TEMP:6724CB45" => Scheduled to move on reboot.
C:\Users\Public\DRM => ":احتضان" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-13 23:14:12)<=

"C:\ProgramData\TEMP:6724CB45" => File could not move.

==== End of Fixlog ====


Edited by bikeamtn, 14 April 2014 - 12:42 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 14 April 2014 - 09:23 AM

That sounds good but I would like to take one last look for that one file. Please do this.


===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*6724CB45*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 14 April 2014 - 11:28 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 11:13 on 14/04/2014 by DM
Administrator - Elevation successful

========== filefind ==========

Searching for "*6724CB45*"
No files found.

-= EOF =-

 

What exactly is DRM:احتضان  objective? Primitive or sophisticated (the fact it remarked for a ADS tells me sophisticated.

Have you known such actions of this file to seek external places to hide, should I attach any ext. drives (USB, NAS) and rescan?

 

Thanks



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 14 April 2014 - 02:52 PM

Glad that was not found. I don't think you have to worry about external devices. ADS entries are common and once removed I typically find no lasting effect. I can not tell you specifically what purpose that Arabic word served, if anything at all.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 16 April 2014 - 12:09 PM

Greetings,

Is there anything else I might be able to assist you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 bikeamtn

bikeamtn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 16 April 2014 - 11:17 PM

Sorry about that; No all is good.

 

Thanks much for the help,

best to you



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 17 April 2014 - 08:49 AM

Very good,

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,692 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:17 PM

Posted 19 April 2014 - 07:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users