Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant pop-ups in Chrome for Java update - possible trojan infection?


  • This topic is locked This topic is locked
12 replies to this topic

#1 bayan100eyes

bayan100eyes

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 01 May 2014 - 10:27 PM

First of all, please let me say thank you for any help that can be provided. I am very appreciative of the self-sacrifice of volunteers who give their time to assist people like this. Over the last three days or so I've noticed numerous popups in Chrome for spurious Java updates as well as messages like "this content may require video downloader", "this content requires media Player 12.2" or "Together we can fight cancer" etc. I have the windows firewall enabled and I regularly run the free virus scan off the Trend Micro site. After noticing these popups, I ran the virus scan from Trend Micro. It did not detect the virus. I also ran the Microsoft Malicious Software Removal tool to no avail. My system is much much slower since this infection. I notice when I open Windows Task Manager that the CPU Usage is usually pinned at over 90% but the Processes menu doesn't show which specific processes are accessing the CPU that much. I also notice that my browser is continually accessing various sites in the background when I am browsing the web (see numerous websites scrolling in the 'waiting for' status area in the lower left-hand corner of Chrome) I am also worried that security permissions for files on my computer have been compromised and altered. There is only one user account on this computer (Shane) and it is an Administrator account. However when I try to access certain folders now, an 'Access Denied' message is given (e.g. C:\Documents and Settings). I am unable to modify the security permissions. I have backed up my files to a usb key (perhaps it is infected now too?) I tried attaching the zipped version of the attach.zip file but the dialog just keeps spinning with a 'pending' message. Here are the contents of my dds.txt file: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2 Run by Shane at 20:41:07 on 2014-05-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3524 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\MSR\Privoxy\privoxy.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ca.search.yahoo.com/?type=994519&fr=spigot-yhp-ie uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118 uProxyOverride = uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - mWinlogon: Userinit = userinit.exe BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll uRun: [Google Update] "C:\Users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 TCP: NameServer = 192.168.1.254 75.153.176.1 TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043} : DHCPNameServer = 192.168.1.254 75.153.176.1 TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043}\733354644344 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043}\A657C69616D27657563747 : DHCPNameServer = 64.59.135.133 64.59.128.120 192.168.33.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-16 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984] R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2211000] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-24 2424424] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 System Update kb70007;System Update kb70007;C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [2014-4-30 16384] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-24 46136] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2011-9-20 133672] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-24 339048] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-24 539240] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-24 53376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-2-24 89640] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-1 111616] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-12 19456] S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-12 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-12 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-4 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-05-02 01:28:10 0 ----a-w- C:\Windows\System32\atiumdva.dll 2014-05-02 01:28:10 0 ----a-w- C:\Windows\System32\atiumdag.dll 2014-05-02 01:28:10 0 ----a-w- C:\Windows\System32\atiu9pag.dll 2014-05-02 01:28:10 0 ----a-w- C:\Windows\System32\aticfx32.dll 2014-05-02 01:07:45 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys 2014-05-01 17:38:58 48128 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll 2014-05-01 17:37:36 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE047EA3-60CC-4650-8409-FD427E1FA177}\mpengine.dll 2014-05-01 00:01:14 -------- d-----w- C:\Windows\Microsoft 2014-05-01 00:00:58 -------- d-----w- C:\Program Files (x86)\MSR 2014-05-01 00:00:54 -------- d-----w- C:\ProgramData\91275cc59c755a63 2014-05-01 00:00:53 -------- d-----w- C:\Users\Shane\AppData\Local\Packages 2014-05-01 00:00:53 -------- d-----w- C:\ProgramData\CostMin 2014-05-01 00:00:50 -------- d-----w- C:\Users\Shane\AppData\Local\Torch 2014-05-01 00:00:50 -------- d-----w- C:\Users\Shane\AppData\Local\Chromatic Browser 2014-05-01 00:00:49 -------- d-----w- C:\Users\Shane\AppData\Local\Comodo 2014-05-01 00:00:22 -------- d-----w- C:\Users\Shane\AppData\Roaming\Wise 2014-04-20 16:23:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-11 17:17:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iTunes 2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iPod 2014-04-11 17:17:04 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2014-04-18 21:57:20 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2014-03-31 15:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll 2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll 2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll 2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-02-05 00:36:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 00:36:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll 2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll . ============= FINISH: 20:41:40.28 =============== Thank in advance for any help you can provide. Please let me know if any more information is required. Shane

BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 06 May 2014 - 03:27 PM

Hello bayan100eyes

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
I am unable to read the log you have posted. We are going to need to do it again.

We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Click Format and then click Word Wrap. After completing this Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    DDS.jpg
  • Instead of attaching, please copy/paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 bayan100eyes

bayan100eyes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 06 May 2014 - 05:32 PM

Good day seedy21,

 
Please allow me to express my appreciation for your help in advance.  There have been some changes made to my system since I posted to your forum and the erratic behavior I was experiencing (seems to) have discontinued.  However, I am obviously still worried about infection of a trojan or other types of malware and would appreciate you looking at the files I've pasted below.  
 
I did a system restore to a point previous to when the malware seems to have been loaded.  I think it was loaded as an update to Vuze (torrent client).  I have uninstalled Vuze in the meantime.  I uninstalled and reinstalled Chrome.  Since taking these actions, I am not seeing any popups in my browser.  I will not make any further changes unless you say so.
 
Here are the DDS.txt and Attatch.txt files:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Shane at 15:01:47 on 2014-05-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5611.3250 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/?gws_rd=cr&ei=guljU-a3GOO0yAG_zIGoDA
uProxyOverride = <local>;*.local
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Akamai NetSession Interface] "C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043} : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043}\733354644344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DB50201F-20EA-41E3-A574-4BAB844DA043}\A657C69616D27657563747 : DHCPNameServer = 64.59.135.133 64.59.128.120 192.168.33.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-16 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-19 2169016]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-24 2424424]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-24 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2011-9-20 133672]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-24 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-24 539240]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-24 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-2-24 89640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-2 111616]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-12 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-06 20:52:02 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F9E3394-049B-4ADC-B430-F37743D5081F}\mpengine.dll
2014-05-06 14:20:39 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB5BBE56-3F47-4A8C-9F4B-2BE8C0A3F5F4}\gapaengine.dll
2014-05-06 14:20:12 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-02 22:04:59 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-05-02 22:00:12 -------- d-----w- C:\Windows\Temp8C4949B6-F16D-97BB-4649-B3EC71A98633-Signatures
2014-05-02 18:58:18 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-02 18:58:18 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24ADD227-A223-4972-9DB2-81565D0D4274}\gapaengine.dll
2014-05-02 18:54:53 10651704 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{550AA68D-A4FC-4C1E-9C31-4BF9D7975389}\mpengine.dll
2014-05-02 18:53:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-05-02 18:53:33 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-05-02 18:40:56 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-02 18:39:36 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-02 18:37:10 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-05-02 18:37:10 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-05-02 18:37:10 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-05-02 18:37:10 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-05-02 18:37:10 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-05-02 18:36:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-05-02 18:36:45 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-05-02 18:36:44 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-05-02 18:36:44 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-05-02 18:36:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-05-02 18:36:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-05-02 18:36:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-05-02 18:36:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-05-02 18:36:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-05-02 18:36:33 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-02 18:34:40 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-05-02 18:34:39 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-05-02 18:34:18 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-02 18:34:18 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-02 03:28:24 -------- d-sh--w- C:\Users\Shane\AppData\Local\EmieUserList
2014-05-02 03:28:24 -------- d-sh--w- C:\Users\Shane\AppData\Local\EmieSiteList
2014-05-01 17:38:42 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-05-01 00:00:58 -------- d-----w- C:\Program Files (x86)\MSR
2014-05-01 00:00:54 -------- d-----w- C:\ProgramData\91275cc59c755a63
2014-05-01 00:00:53 -------- d-----w- C:\Users\Shane\AppData\Local\Packages
2014-05-01 00:00:53 -------- d-----w- C:\ProgramData\CostMin
2014-05-01 00:00:50 -------- d-----w- C:\Users\Shane\AppData\Local\Torch
2014-05-01 00:00:50 -------- d-----w- C:\Users\Shane\AppData\Local\Chromatic Browser
2014-05-01 00:00:49 -------- d-----w- C:\Users\Shane\AppData\Local\Comodo
2014-04-11 17:17:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iTunes
2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iPod
2014-04-11 17:17:04 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2014-05-02 18:26:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-03-11 15:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2003-03-21 18:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx
.
============= FINISH: 15:02:30.28 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 01/06/2012 7:37:26 PM
System Uptime: 04/05/2014 2:40:33 PM (49 hours ago)
.
Motherboard: Hewlett-Packard |  | 169B
Processor: AMD A4-3305M APU with Radeon™ HD Graphics | Socket FS1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 570 GiB total, 232.906 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 2.332 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 3.949 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP182: 12/04/2014 3:56:04 PM - Windows Update
RP183: 20/04/2014 12:04:57 AM - Windows Update
RP184: 20/04/2014 10:21:21 AM - Installed Java 7 Update 55
RP185: 01/05/2014 11:36:17 AM - Windows Update
RP186: 01/05/2014 11:43:24 AM - Removed Vuze Remote Toolbar v9.1.
RP187: 01/05/2014 11:47:12 AM - Removed SubCreator
RP188: 01/05/2014 6:44:37 PM - Removed Broadcom InConcert Maestro
RP189: 01/05/2014 6:45:36 PM - Removed MorphVOX Pro
RP190: 01/05/2014 6:59:26 PM - Removed Male Voice Pack
RP191: 02/05/2014 12:12:55 PM - Restore Operation
RP192: 02/05/2014 12:30:43 PM - Removed Vuze Remote Toolbar v9.1.
RP193: 02/05/2014 12:31:54 PM - Removed Vuze Remote Toolbar v9.1.
RP194: 02/05/2014 12:34:56 PM - Windows Update
RP195: 02/05/2014 12:52:01 PM - Windows Update
RP196: 06/05/2014 8:19:16 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Captivate 7 (64 Bit)
Adobe Captivate Quiz Results Analyzer
Adobe Creative Cloud
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9) MUI
Adobe Shockwave Player 11.6
Akamai NetSession Interface
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In 
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Articulate Storyline
Audible Download Manager
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom InConcert Maestro
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CyberLink YouCam
D3DX10
Dropbox
eReg
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Galerie de photos Windows Live
Google Chrome
Google Update Helper
GoToMeeting 5.4.0.1082
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP On Screen Display
HP Power Manager
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Support Solutions Framework
IDT Audio
iTunes
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
LINE
Logitech SetPoint 6.61
Male Voice Pack
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 365 - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MorphVOX Pro
MSVCRT
MSVCRT_amd64
NOOK Study
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
opensource
Picture Cutout Guide Lite 2.10.1
PlayReady PC Runtime x86
Quandary v 2.4.2.1
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype™ 6.14
Staples Easy Print
SubCreator
swMSM
Synaptics TouchPad Driver
Twine 1.3.5 (remove only)
VitalSource Bookshelf
VLC media player 2.0.4
Vuze
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/09/2014 9:38:31 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by -18658825 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
02/05/2014 4:20:55 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 4:20:55 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 4:20:55 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 4:17:55 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:15:55 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:11:30 PM, Error: Service Control Manager [7031]  - The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:57 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:10:53 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 4:08:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.173.1100.0).
02/05/2014 12:58:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 111.6.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 2.1.10502.0   Error code: 0x80070714   Error description: The specified image file did not contain a resource section. 
02/05/2014 12:58:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.173.1156.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 1.1.10502.0   Error code: 0x80070714   Error description: The specified image file did not contain a resource section. 
02/05/2014 12:58:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: Spruce\Shane   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80070652   Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
02/05/2014 12:58:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: Spruce\Shane   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80070652   Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
02/05/2014 12:57:57 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:   Update Source: User   Update Stage: Install   Source Path:    Signature Type:   Update Type:    User: Spruce\Shane   Current Engine Version:    Previous Engine Version:    Error code: 0x80070652   Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
02/05/2014 12:55:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:55:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:55:39 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:55:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:55:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:55:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
02/05/2014 12:41:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Windows 7 for x64-based Systems (KB2952664).
02/05/2014 12:41:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2830477).
02/05/2014 12:40:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - (KB2949786).
02/05/2014 12:40:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - (KB2902907).
02/05/2014 12:07:17 PM, Error: Service Control Manager [7034]  - The Superfetch service terminated unexpectedly.  It has done this 3 time(s).
02/05/2014 12:02:46 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 12:02:12 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:01:42 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:  An instance of the service is already running.
02/05/2014 12:01:11 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
02/05/2014 12:01:06 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:00:46 PM, Error: Service Control Manager [7034]  - The Function Discovery Provider Host service terminated unexpectedly.  It has done this 1 time(s).
02/05/2014 12:00:46 PM, Error: Service Control Manager [7034]  - The Diagnostic Service Host service terminated unexpectedly.  It has done this 1 time(s).
02/05/2014 12:00:46 PM, Error: Service Control Manager [7031]  - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
02/05/2014 12:00:46 PM, Error: Service Control Manager [7031]  - The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:00:46 PM, Error: Service Control Manager [7031]  - The Network Store Interface Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:46 PM, Error: Service Control Manager [7031]  - The Network List Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
02/05/2014 12:00:46 PM, Error: Service Control Manager [7031]  - The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/05/2014 12:00:42 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/05/2014 8:57:21 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
01/05/2014 8:56:20 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
01/05/2014 8:55:50 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
01/05/2014 8:55:19 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
01/05/2014 11:30:00 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
01/05/2014 11:29:00 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
01/05/2014 11:29:00 AM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
01/05/2014 11:28:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
01/05/2014 11:28:00 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
01/05/2014 11:27:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
01/05/2014 11:27:30 AM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
01/05/2014 11:26:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
01/05/2014 11:24:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
01/05/2014 11:23:30 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
.
==== End Of File ===========================
 
Thanks again and let me know what I can do to assist.
 
Bayan100Eyes


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 07 May 2014 - 11:18 AM

Hello bayan100eyes

Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Vuze). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.


Step 2

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 3

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    autoclean;
    emptyclsid;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 bayan100eyes

bayan100eyes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 07 May 2014 - 11:48 PM

Here are the two log files:

 

# AdwCleaner v3.207 - Report created 07/05/2014 at 21:57:23
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shane - SPRUCE
# Running from : C:\Users\Shane\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\CostMin
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Tencent
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Shane\AppData\Local\Conduit
Folder Deleted : C:\Users\Shane\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Shane\AppData\Local\torch
Folder Deleted : C:\Users\Shane\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shane\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Shane\AppData\Roaming\Tencent
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\TENCENT
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=PV&apn_dtid=&apn_uid=DDF18D31-D484-4693-B077-0FA2F960F056&apn_sauid=2A6537B8-35F0-499A-9DF6-48519C7CBAE1
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : ojpijjmpahflnipadmlpgbjmagmjchkk
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
 
*************************
 
AdwCleaner[R0].txt - [5020 octets] - [07/05/2014 21:55:35]
AdwCleaner[S0].txt - [4608 octets] - [07/05/2014 21:57:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4668 octets] ##########
 
 
 
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Shane on 07/05/2014 at 22:05:47.59.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Shane\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
07/05/2014 10:09:04 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3675884721-815013409-2213709291-1001\Software\Microsoft\Internet Explorer\SearchScopes\{41099183-7F9F-4E60-B7DE-9338222125C1} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-3675884721-815013409-2213709291-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_USERS\S-1-5-21-3675884721-815013409-2213709291-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-3675884721-815013409-2213709291-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\Users\Shane\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Shane\AppData\Local\CRE deleted
C:\Users\Shane\Downloads\iLividSetup-r362-n-bc (1).exe deleted
C:\Users\Shane\Downloads\iLividSetup-r362-n-bc.exe deleted
C:\Users\Shane\Downloads\du.mkv_subtitles_downloader_98926.exe deleted
C:\Users\Shane\Downloads\La_vita_e_bella_downloader_98828.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
"C:\PROGRA~3\91275cc59c755a63\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}" deleted
"C:\PROGRA~3\91275cc59c755a63" deleted
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 5611 MB
CPU Info: AMD A4-3305M APU with Radeon™ HD Graphics
CPU Speed: 1949.2 MHz
Sound Card: Speakers and Headphones (IDT Hi | 
Communications Headphones (IDT  | 
Display Adapters: AMD Radeon™ HD 6480G | AMD Radeon™ HD 6480G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) #2 | Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe FE Family Controller | Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
CD / DVD Drives: 1x (F: | ) F: hp      DVD-RAM UJ8B1
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  570.1GB | D:  21.9GB | E:  4.0GB | Q:  0.0MB
Hard Disks - Free: C:  232.7GB | D:  2.3GB | E:  3.9GB | Q:  0.0MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/23/12 | HPQOEM - 1
Time Zone: Mountain Standard Time
Motherboard *: Hewlett-Packard 169B
Country: Canada 
Language: ENC 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 34.0.1847.131
Internet Explorer Version: 11.0.9600.17041 
Google Chrome version: 34.0.1847.131
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_55 (32-bit) 
Shockwave Player version: 11.6.8r638
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Shane\AppData\Local\Temp ====
2014-05-02 18:59:18 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\npGoogleUpdate3.dll
2014-05-02 18:59:18 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\psmachine.dll
2014-05-02 18:59:18 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\psuser.dll
2014-05-02 18:59:15 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateSetup.exe
2014-05-02 18:59:15 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\goopdate.dll
2014-05-02 18:59:14 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateOnDemand.exe
2014-05-02 18:59:14 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleCrashHandler64.exe
2014-05-02 18:59:14 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleCrashHandler.exe
2014-05-02 18:59:14 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateBroker.exe
2014-05-02 18:59:14 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateHelper.msi
2014-05-02 18:59:14 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdate.exe
====== Java Cache =====
2014-04-21 22:48:31 26DFA24AC3A1D460FD72B1F1337B155B 100 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\383a9b8a-9043c400c6df48d6f254c33c0a891b9795fd3c5327e8f4f0ebcd3212488eae23-6.0.lap
2014-04-15 16:53:54 18410C0445586A050B7ABF93499EB859 449 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1f40f45b-7d0804a4
2014-04-20 16:24:50 59DB03C612294A958A695B756E12258A 287222 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-18032ae1
2014-04-20 16:24:49 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-7a5fc9cf
2014-04-20 16:24:50 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-1abd0018
2014-04-20 16:24:50 E54FEB156DA68F3CD4FA38B6C909639C 106 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-05-08 03:56:03 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 22:06:03 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-05-02 22:06:03 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-05-02 22:06:03 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-02 22:06:02 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-05-02 22:06:01 A5FE03D57097A45B8E7A4A09C9B78695 5698048 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-05-02 22:06:01 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-02 22:04:58 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-05-02 22:04:52 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-05-02 22:04:43 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 22:04:40 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-05-02 22:04:39 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-05-02 22:04:39 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-05-02 22:04:39 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-05-02 22:04:39 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-05-02 22:04:38 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-05-02 22:04:38 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-05-02 22:04:37 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-02 22:04:37 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-05-02 22:04:34 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-02 22:04:34 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-05-02 22:04:33 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-05-02 22:04:31 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-05-02 22:04:31 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-05-02 22:04:30 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-05-02 22:04:30 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-05-02 22:04:28 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-05-02 22:04:27 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-05-02 22:04:26 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-05-02 18:39:43 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-05-02 18:39:36 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe
2014-05-02 18:39:36 3B10B54F50CD362537B9F2186267EDF8 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-02 18:39:36 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-05-02 18:36:45 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2014-05-02 18:36:44 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2014-05-02 18:36:44 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2014-05-02 18:36:42 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2014-05-02 18:36:41 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2014-05-02 18:36:41 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2014-05-02 18:34:39 AAB5D8C5ABE71873DC19ED004EF25009 792576 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-02 22:06:11 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-05-02 22:06:05 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-02 22:06:05 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-05-02 22:06:03 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-05-02 22:06:03 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-05-02 22:06:03 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-05-02 22:06:03 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-05-02 22:06:02 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-05-02 22:06:02 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-05-02 22:06:01 DB40DA256AD836C0D84716796247662E 6578176 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-05-02 22:06:00 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-05-02 22:04:58 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-05-02 22:04:52 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-05-02 22:04:44 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-05-02 22:04:42 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-05-02 22:04:42 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-05-02 22:04:42 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-05-02 22:04:42 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-05-02 22:04:40 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-05-02 22:04:40 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-05-02 22:04:40 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-05-02 22:04:39 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-05-02 22:04:39 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-05-02 22:04:39 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-05-02 22:04:38 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-05-02 22:04:37 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-05-02 22:04:36 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-05-02 22:04:33 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-05-02 22:04:33 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-05-02 22:04:33 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-05-02 22:04:32 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-05-02 22:04:31 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-05-02 22:04:30 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-05-02 22:04:30 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-05-02 22:04:30 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-05-02 22:04:29 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-05-02 22:04:26 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-05-02 18:36:47 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2014-05-02 18:36:45 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2014-05-02 18:36:45 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2014-05-02 18:36:44 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2014-05-02 18:36:44 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2014-05-02 18:34:40 9E2EDE952A3EC44754A829F048CE93A0 1030144 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll
2014-05-02 18:34:18 84ED099009EF0DF82A37D4FEAE012655 465408 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-05-02 18:34:18 5513F4766C9987D6B0D49D51BB2E5EE4 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-05-02 22:06:05 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-05-02 18:37:10 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys
2014-05-02 18:37:10 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys
2014-05-02 18:37:10 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys
2014-05-02 18:36:33 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iTunes
2014-04-11 17:17:04 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-05-01 00:00:58 -------- d-----w- C:\PROGRA~2\MSR
2014-04-11 17:17:04 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Shane\AppData\Roaming ======
2014-05-02 03:28:28 -------- d-sh--w- C:\Users\Shane\AppData\Locallow\EmieUserList
2014-05-02 03:28:24 -------- d-sh--w- C:\Users\Shane\AppData\Local\EmieUserList
2014-05-02 03:28:24 -------- d-sh--w- C:\Users\Shane\AppData\Local\EmieSiteList
2014-05-02 03:28:22 -------- d-sh--w- C:\Users\Shane\AppData\Locallow\EmieSiteList
2014-05-02 01:56:05 FC7C874D38B932BE8B6FA9BD7168FE55 976882 ----a-w- C:\Users\Shane\AppData\Local\census.cache
2014-05-02 01:55:15 C1650C536B1AA8BA21829477DBAA2A01 171789 ----a-w- C:\Users\Shane\AppData\Local\ars.cache
2014-05-02 01:25:59 90398BC0050A57031F4C86A4F552BEE0 10 ----a-w- C:\Users\Shane\AppData\Local\sponge.last.runtime.cache
2014-05-02 01:07:33 8B98E1B8FAAB74BBC108DA7CC4D9CA99 36 ----a-w- C:\Users\Shane\AppData\Local\housecall.guid.cache
2014-05-02 00:43:54 6D3E65A55DB2D53FC431EB7FEA223067 7602 ----a-w- C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
2014-05-01 00:00:53 -------- d-----w- C:\Users\Shane\AppData\Local\Packages
2014-05-01 00:00:52 -------- d-----w- C:\Users\Shane\AppData\Locallow\{F1E5CC98-01B1-B2E7-6CDA-9AD3E5527E7C}
2014-05-01 00:00:50 -------- d-----w- C:\Users\Shane\AppData\Local\Chromatic Browser
2014-05-01 00:00:50 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-01 00:00:50 -------- d-----w- C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-01 00:00:50 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-01 00:00:49 -------- d-----w- C:\Users\Shane\AppData\Local\Comodo
2014-05-01 00:00:49 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-01 00:00:49 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-05-01 00:00:49 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-05-01 00:00:48 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-01 00:00:48 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-05-01 00:00:48 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-04-20 16:24:57 -------- d-----w- C:\Users\Shane\AppData\Roaming\Oracle
====== C:\Users\Shane ======
2014-05-08 03:53:27 A53555B250CBEDCA6544D13648F83FFE 1316991 ----a-w- C:\Users\Shane\Desktop\AdwCleaner.exe
2014-05-02 18:39:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 00:00:48 -------- d-----w- C:\Users\HomeGroupUser$\AppData
2014-05-01 00:00:48 -------- d-----w- C:\Users\Guest\AppData
2014-05-01 00:00:48 -------- d-----w- C:\Users\Administrator\AppData
2014-04-11 17:18:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-11 17:17:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
====== C: exe-files ==
2014-05-08 03:53:27 A53555B250CBEDCA6544D13648F83FFE 1316991 ----a-w- C:\Users\Shane\Desktop\AdwCleaner.exe
2014-05-04 17:16:55 E2E0FCCA231DA8BE39B90540D4A11CC3 58072 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SysInfo.exe
2014-05-02 22:06:05 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-02 22:06:03 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-05-02 22:06:02 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2014-05-02 22:06:02 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\System32\wksprt.exe
2014-05-02 22:06:02 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-05-02 22:04:48 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-05-02 22:04:48 E0155A11B26C7D5347069AB7ACB62D02 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-05-02 22:04:48 C5C7E33308BAE18BD9F59F9A93E85D33 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-05-02 22:04:48 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-05-02 22:04:42 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-05-02 22:04:38 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-05-02 22:04:38 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-02 22:04:33 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-02 22:04:32 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-02 22:04:30 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-05-02 21:49:53 B2F463EA8A99A33A6BCE698EF4646CCF 37101272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\34.0.1847.131\34.0.1847.131_chrome_installer.exe
2014-05-02 18:59:15 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateSetup.exe
2014-05-02 18:59:14 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateOnDemand.exe
2014-05-02 18:59:14 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleCrashHandler64.exe
2014-05-02 18:59:14 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleCrashHandler.exe
2014-05-02 18:59:14 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdateBroker.exe
2014-05-02 18:59:14 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Shane\AppData\Local\Temp\{368A8E67-0F9B-4F27-B6EF-87B7EA4229C3}\GoogleUpdate.exe
2014-05-02 18:55:51 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Shane\AppData\Local\Apps\2.0\D4Z4VJJW.T41\699LNZKB.BNB\goog...app_4fe91ede9f9bdca3_0001.0003_71f9d460b1ca391b\GoogleUpdateSetup.exe
2014-05-02 18:55:51 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Shane\AppData\Local\Apps\2.0\D4Z4VJJW.T41\699LNZKB.BNB\clic...exe_4fe91ede9f9bdca3_0001.0003_none_e0b66a91f1dbb389\GoogleUpdateSetup.exe
2014-05-02 18:55:51 53C969C20AE1935DD980F687D22D0453 10120 ------w- C:\Users\Shane\AppData\Local\Apps\2.0\D4Z4VJJW.T41\699LNZKB.BNB\goog...app_4fe91ede9f9bdca3_0001.0003_71f9d460b1ca391b\clickonce_bootstrap.exe
2014-05-02 18:39:43 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-05-02 18:39:36 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe
2014-05-02 18:39:36 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-05-02 18:38:41 D4474A8F1545F5EA8910DF0A0BA3B2AA 840400 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2014-05-02 18:38:41 B97A94D50F797EF00614BE4F25A7A631 548536 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-05-02 18:38:37 847C42B6D3628881E8DF4B093631519D 78576 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2014-05-02 18:38:36 49D6E55582897A2D7BE65248603F083E 7129304 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe
2014-05-02 18:38:35 1368F38793FD367B450B47FEAEBF2DA2 39584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe
2014-05-02 18:38:32 C8F675B4F7AC2D31A44501F9939CF80A 5297368 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe
2014-05-02 18:38:31 55237AB507C8351C2DE903FB42BE82A7 9597104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE
2014-05-02 18:38:29 FEAEB800E5632437644E9D131B9D6098 871088 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2014-05-02 18:38:26 98C21A1E196BBC7DA76B35A8D1DC7B05 471784 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2014-05-02 18:38:11 06F21309A380BC51D5991D3E951DB70A 1054424 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
2014-05-02 18:38:08 D6628D559F16663F62D2AAA95AC730ED 496320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE
2014-05-02 18:38:08 BC0035342F87B6E2B6E2EDEC540B35BF 478936 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE
2014-05-02 18:38:08 B250D11FFAFDF23DA54C717A05BC6C92 449216 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
2014-05-02 18:38:07 D7571FB88C91A05300B1EC1835200C1C 515312 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe
2014-05-02 18:38:07 7D36DBF0B4355C4204C94F30C3821ED0 21922464 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2014-05-02 18:38:07 589AEB7287893196D585A336570F028F 569592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2014-05-02 18:38:07 527428444DDE1288A502182F6B374B17 4522688 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE
2014-05-02 18:38:05 23B85A0F237D3E439F98FA0B73EC490C 526024 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE
2014-05-02 18:37:26 F0ECAEDB879431874D2315630BD05502 578256 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2014-05-02 18:36:58 D31FE31FD11E05A0503B59D694FB65FD 18926248 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
2014-05-02 18:36:50 E7910B535B3F52A0C795DA90626E28E5 1757352 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
2014-05-02 18:36:47 579ABA2979970978365E7615B593EBEF 15516840 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE
2014-05-02 18:36:44 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2014-05-02 18:36:41 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2014-05-02 18:36:41 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2014-05-02 18:36:27 35F84DF8A5B0941D7DE5A8CE1E1D5413 1923232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
2014-05-02 18:36:21 DD76F47DFAB2AFE63B763B32636B9C60 25701024 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
2014-05-02 18:36:15 DF5AB1C45F8062054E2A9602A274A648 934056 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE
2014-05-02 18:34:38 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Shane\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe
2014-05-02 18:34:19 D39F522D9B0033E50C7F54138CFBC0D8 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-05-02 18:34:19 21EDB6E45163A5635D6D6307EB42BC77 104960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-05-02 18:27:11 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe
2014-05-02 02:40:27 060CB746106058280471FB426B257421 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3675884721-815013409-2213709291-1001\$IK76Q0U.exe
2014-05-01 17:38:42 EA8386CA87165460D39A1D29FF11080B 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2014-05-06 22:05:57 B23C3210137940F501E81F6893EB2D87 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3675884721-815013409-2213709291-1001\$ING59TQ.com
2014-05-06 21:00:08 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\$Recycle.Bin\S-1-5-21-3675884721-815013409-2213709291-1001\$RNG59TQ.com
2014-05-02 22:06:05 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-05-02 18:37:10 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-05-02 18:37:10 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-05-02 18:37:10 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-05-02 18:36:33 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-02 03:20:24 2B1112CF301B347FBBC1BC7B2294BFC6 2971 ----a-w- C:\Users\Shane\Desktop\attach.zip
2014-05-02 01:08:49 C6FAEC9A3827DCB696B5E8DF261763AC 1736577 ----a-w- C:\Users\Shane\AppData\Local\Temp\HouseCall\tmase.zip
2014-05-02 01:07:52 1B6FFFAE7E809A05694CBE7B26D6E986 2575 ----a-w- C:\Users\Shane\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3675884721-815013409-2213709291-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2014 06:36 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/09/2013 09:06 PM]
C:\Windows\tasks\HPCeeScheduleForShane.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForSPRUCE$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 05:43 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Spruce-Shane" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForShane" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSPRUCE$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9FA97008-F75D-46C5-9E50-EA9158454D9E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{AC9A34CC-AA1B-4614-98E3-D38DEEE295BC}" [C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [19/12/2013 10:40 AM]
 
==== Chrome Look ======================
 
CostMin - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Shane\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
CostMin - Shane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
Google Docs - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Logitech Smooth Scrolling - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Google Wallet - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
CostMin - Shane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk
 
==== Chrome Fix ======================
 
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Shane\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Shane\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
C:\Users\Shane\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jdfihmlafkbohcpebdofldnninpfefmk deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Shane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Shane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Shane\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=39 folders=35 13737975 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Shane\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Shane\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 07/05/2014 at 22:28:36.55 ======================
 


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 08 May 2014 - 10:50 AM

Hello bayan100eyes

Step 1

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

 

  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When the scan is complete,

If no threats were found:

  • Check in "Uninstall application on close"
  • Close program

If  threats were found:
 

  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 bayan100eyes

bayan100eyes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 08 May 2014 - 11:58 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
C:\Program Files (x86)\Vuze\.install4j\user\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application
C:\Program Files (x86)\Vuze\.install4j\user\VuzeToolbar-stub-1.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Shane\Desktop\Chinese Music\Tan_Dun-Hero-_Overture_mp3_downloader_ca_98975.exe a variant of Win32/ExpressDownloader.H potentially unwanted application


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 08 May 2014 - 02:08 PM

Hello bayan100eyes



How is your machine running now? Do you have any further issues?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 bayan100eyes

bayan100eyes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 08 May 2014 - 03:42 PM

Everything seems to be working fine now.  I super appreciate you walking me through all of that.  

 

I will be extremely cautious going forward.  



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 08 May 2014 - 04:19 PM

Hi bayan100eyes

As your problem have been resolved we can now remove the tools as instructed below.
 

Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.
    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 bayan100eyes

bayan100eyes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 09 May 2014 - 07:43 PM

Done.  Thanks again.



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:46 AM

Posted 10 May 2014 - 02:40 AM

My pleasure :)

 

Safe Surfing.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:46 AM

Posted 10 May 2014 - 12:23 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users