Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rpcss.dll issue


  • This topic is locked This topic is locked
37 replies to this topic

#1 Hebird

Hebird

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 11 June 2014 - 07:24 AM

Hi there. My computer has had a variety of symptoms lately, especially in the last couple of days: high CPU (despite terminating programs that I'm not currently using), fan coming on frequently, difficulty closing Internet Explorer (even through the Task Manager), difficulty connecting to the internet (rebooting works for now), occasional spontaneous reboots. I also can't update Windows, receiving the error code 80070216.

 

I've run a number of anti-malware programs, including Malware Bytes, RKill, TDSS Killer, RogueKiller, and Hitman Pro. The scans are coming back clean or with what seem to be minor issues (e.g., tracking cookies), except for Hitman Pro, which flagged an issue with rpcss.dll, although it can't remove it. 

 

Thanks in advance.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by H Dyer at 8:01:29 on 2014-06-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3998.2015 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Freedom Session] "C:\Program Files (x86)\Freedom\session\FreedomSession.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\HDYER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{38D5463E-7A7A-40AE-9A5D-1566A5CFE737} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C10EC3DA-9189-4F0A-858B-77E528A86507} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-7 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-15 169624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-14 193816]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-8 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-8-8 192856]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-8 162648]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-8 362840]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-6-11 32512]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-7-8 87040]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-8-8 26504]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-8 685160]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-3-26 27408]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-8-8 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2013-7-8 655712]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-14 240408]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-7-8 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-7-8 417280]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-8 261224]
S3 SmbDrvAMDASF;SmbDrvAMDASF;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-3-26 26384]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-11 11:53:01 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-06-11 02:01:33 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-11 01:38:16 512000 ----a-w- C:\Windows\System32\drivers\tsk55B0.tmp
2014-06-11 01:38:15 512000 ----a-w- C:\Windows\System32\drivers\tsk50EF.tmp
2014-06-11 01:38:09 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-11 01:27:04 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-11 01:19:51 98816 ----a-w- C:\Windows\sed.exe
2014-06-11 01:19:51 256000 ----a-w- C:\Windows\PEV.exe
2014-06-11 01:19:51 208896 ----a-w- C:\Windows\MBR.exe
2014-06-11 00:52:55 -------- d-----w- C:\FRST
2014-06-11 00:45:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-07 14:15:08 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-04 01:16:58 -------- d-----w- C:\ProgramData\Eighty Percent Solutions Corporation
2014-06-04 01:07:45 -------- d-----w- C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
2014-05-30 14:00:10 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-30 13:59:53 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-30 13:59:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-30 13:59:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 13:55:57 -------- d-----w- C:\ProgramData\Licenses
2014-05-30 13:55:54 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-05-30 13:55:54 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-05-29 21:49:53 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8C3DCEA-0C58-429D-BCC8-78D5EA6EFB6C}\mpengine.dll
2014-05-28 14:49:06 -------- d-----w- C:\Users\H Dyer\AppData\Local\Opics
2014-05-20 11:40:47 -------- d-----w- C:\Users\H Dyer\AppData\Local\Windows Live
2014-05-20 11:39:44 -------- d-----w- C:\Users\H Dyer\AppData\Local\{F9AC7F59-8541-44FD-899B-5C3E2A96AB92}
.
==================== Find3M  ====================
.
2014-06-11 11:53:03 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-06-11 11:53:03 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  8:01:41.43 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 11 June 2014 - 11:02 AM

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
 
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

 


If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#3 Hebird

Hebird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 11 June 2014 - 11:36 AM

Thanks for the quick reply. Below is the text FRST.txt just created, and attached is the Addition.txt file, which was created when I downloaded and tried running Farbar last night.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by H Dyer (administrator) on APOL1234 on 11-06-2014 12:30:37
Running from C:\Users\H Dyer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-06] (IDT, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Freedom Session] => C:\Program Files (x86)\Freedom\session\FreedomSession.exe [111416 2014-02-11] (Eighty Percent Solutions Corporation)
Startup: C:\Users\H Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {382AFA60-96DE-4D61-8804-79FA716C12C8} URL = http://searchou.com/?q={searchTerms}&id=82e50bd700000000000000ff026a8759&affilt=5&r=230
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKCU - {382AFA60-96DE-4D61-8804-79FA716C12C8} URL = http://searchou.com/?q={searchTerms}&id=82e50bd700000000000000ff026a8759&affilt=5&r=230
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyRJqP1fG&i=26
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Settings) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-13]
CHR Extension: (Google Search) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-13]
CHR Extension: (uTorrentControl_v2) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2012-11-15]
CHR Extension: (Hangouts) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-02-14]
CHR Extension: (Google Wallet) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-13]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\H Dyer\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\H Dyer\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [2012-08-26]
 
==================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-02-25] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2013-07-08] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-11] ()
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-23] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [261224 2012-03-14] (Realtek Semiconductor Corp.)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26384 2012-03-26] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-11] ()
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
2014-06-11 08:01 - 2014-06-11 08:02 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
2014-06-11 08:01 - 2014-06-11 08:02 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-10 22:18 - 2014-06-10 22:25 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 21:52 - 2014-06-11 12:30 - 00022094 _____ () C:\Users\H Dyer\Desktop\FRST.txt
2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
2014-06-10 21:48 - 2014-06-10 21:50 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
2014-06-10 21:38 - 2014-06-10 21:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 21:19 - 2014-06-10 21:27 - 00000000 ____D () C:\Qoobox
2014-06-10 21:19 - 2014-06-10 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
2014-06-10 21:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 21:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 21:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 21:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 21:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 21:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 21:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 21:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 21:07 - 2014-06-11 07:20 - 00000482 _____ () C:\Windows\system32\.crusader
2014-06-10 21:00 - 2014-06-10 21:01 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
2014-06-10 20:53 - 2014-06-10 20:53 - 00000597 _____ () C:\Users\H Dyer\Desktop\Search.txt
2014-06-10 20:52 - 2014-06-11 12:30 - 00000000 ____D () C:\FRST
2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
2014-06-07 10:15 - 2014-06-10 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
2014-06-03 21:07 - 2014-06-03 21:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
2014-05-30 10:00 - 2014-06-10 22:05 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:59 - 2014-06-10 22:03 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:59 - 2014-05-30 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 09:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:55 - 2014-06-09 08:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-30 09:55 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
2014-05-29 15:03 - 2014-06-11 12:19 - 00000069 _____ () C:\Windows\system32\ujaf.nad
2014-05-29 14:53 - 2014-05-29 14:53 - 00000064 _____ () C:\Windows\system32\foqil.jff
2014-05-29 14:53 - 2014-05-29 14:53 - 00000000 _____ () C:\Windows\system32\nwngfl.zzv
2014-05-29 14:29 - 2014-05-29 14:29 - 00245006 ____S () C:\Windows\system32\lnzgjth.vww
2014-05-28 10:49 - 2014-06-10 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
2014-05-20 07:40 - 2014-05-22 09:28 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
2014-05-20 07:39 - 2014-05-20 07:40 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\{F9AC7F59-8541-44FD-899B-5C3E2A96AB92}
2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
 
==================== One Month Modified Files and Folders =======
 
2014-06-11 12:30 - 2014-06-10 21:52 - 00022094 _____ () C:\Users\H Dyer\Desktop\FRST.txt
2014-06-11 12:30 - 2014-06-10 20:52 - 00000000 ____D () C:\FRST
2014-06-11 12:30 - 2012-10-08 23:21 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Temp
2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
2014-06-11 12:26 - 2012-10-08 23:21 - 01374735 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 12:25 - 2013-02-01 07:49 - 00000000 ____D () C:\Users\H Dyer\Documents\Sunday Smile
2014-06-11 12:25 - 2012-10-30 21:25 - 00000000 ____D () C:\Users\H Dyer\Documents\Outlook Files
2014-06-11 12:19 - 2014-05-29 15:03 - 00000069 _____ () C:\Windows\system32\ujaf.nad
2014-06-11 12:01 - 2012-10-13 08:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 11:39 - 2014-02-16 21:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000UA.job
2014-06-11 10:14 - 2012-10-13 08:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 09:11 - 2009-07-14 01:13 - 00809216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 09:11 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 09:11 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 09:04 - 2013-08-05 13:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-11 09:04 - 2012-08-08 09:11 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-06-11 09:04 - 2010-11-20 23:47 - 00636508 _____ () C:\Windows\PFRO.log
2014-06-11 09:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 09:04 - 2009-07-14 00:51 - 00061941 _____ () C:\Windows\setupact.log
2014-06-11 08:02 - 2014-06-11 08:01 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
2014-06-11 08:02 - 2014-06-11 08:01 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-11 07:20 - 2014-06-10 21:07 - 00000482 _____ () C:\Windows\system32\.crusader
2014-06-11 07:06 - 2014-02-16 21:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000Core.job
2014-06-10 22:25 - 2014-06-10 22:18 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
2014-06-10 22:25 - 2012-10-20 13:47 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\CrashDumps
2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-10 22:05 - 2014-05-30 10:00 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 22:03 - 2014-05-30 09:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
2014-06-10 21:50 - 2014-06-10 21:48 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
2014-06-10 21:38 - 2014-06-10 21:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 21:27 - 2014-06-10 21:19 - 00000000 ____D () C:\Qoobox
2014-06-10 21:27 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-10 21:25 - 2014-06-10 21:19 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 21:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 21:24 - 2012-12-26 11:59 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\WinLive
2014-06-10 21:22 - 2012-08-08 09:13 - 00000000 ____D () C:\ProgramData\Temp
2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
2014-06-10 21:07 - 2014-06-07 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 21:07 - 2014-05-28 10:49 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
2014-06-10 21:01 - 2014-06-10 21:00 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
2014-06-10 20:53 - 2014-06-10 20:53 - 00000597 _____ () C:\Users\H Dyer\Desktop\Search.txt
2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
2014-06-09 08:30 - 2014-05-30 09:55 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-07 16:40 - 2012-10-20 21:00 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Mozilla
2014-06-07 08:56 - 2013-02-17 05:54 - 00000000 ____D () C:\Program Files (x86)\Freedom
2014-06-06 17:16 - 2012-11-11 20:23 - 00000000 ____D () C:\Users\H Dyer\Documents\Writing
2014-06-05 16:03 - 2013-10-12 12:10 - 00000000 ____D () C:\Users\H Dyer\Documents\Reading
2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
2014-06-05 14:03 - 2012-10-20 14:53 - 00000000 ____D () C:\Users\H Dyer\Desktop\HCC
2014-06-04 17:48 - 2012-10-17 19:33 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
2014-06-03 21:16 - 2013-02-17 05:54 - 00001833 _____ () C:\Users\Public\Desktop\Freedom.lnk
2014-06-03 21:16 - 2013-02-17 05:54 - 00001823 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Freedom.lnk
2014-06-03 21:14 - 2014-06-03 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
2014-06-03 21:12 - 2012-10-11 20:07 - 00768996 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
2014-05-30 10:00 - 2014-05-30 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 10:00 - 2013-04-15 07:14 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Malwarebytes
2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
2014-05-29 14:53 - 2014-05-29 14:53 - 00000064 _____ () C:\Windows\system32\foqil.jff
2014-05-29 14:53 - 2014-05-29 14:53 - 00000000 _____ () C:\Windows\system32\nwngfl.zzv
2014-05-29 14:46 - 2013-06-24 04:44 - 00000000 ____D () C:\Program Files (x86)\Industriya
2014-05-29 14:29 - 2014-05-29 14:29 - 00245006 ____S () C:\Windows\system32\lnzgjth.vww
2014-05-23 07:22 - 2013-09-25 17:33 - 00000000 ____D () C:\Users\H Dyer\Desktop\Submissions
2014-05-22 09:28 - 2014-05-20 07:40 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
2014-05-20 07:40 - 2014-05-20 07:39 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\{F9AC7F59-8541-44FD-899B-5C3E2A96AB92}
2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-05-20 07:39 - 2012-10-13 08:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
2014-05-12 07:26 - 2014-05-30 09:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-04-15 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\H Dyer\AppData\Local\Temp\{38D878EF-091B-415C-BAFE-2E20A67FB44A}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 1888E33C25702B1BF64B409617EB079A
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-08 10:36
 
==================== End Of Log ============================

Attached Files



#4 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 11 June 2014 - 12:26 PM

You have the following Peer-to-Peer program(s) installed:
 
uTorrent
BitTorrent
 
Bleeping Computer does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.
 
Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.
 
If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.
We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.
 
Moving on,
 
Could you please run FRST again, and type rpcss.* into the search box. Press "Search" and post the resulting search.txt log.
 
Also, please post the RogueKiller, Combofix, and TDSSKiller logs from previous scans. You don't need to run the tools again if you don't have the logs. Please note that Combofix is a very powerful tool and should only be run if instructed to by a trained malware removal advisor. It has the potential to really mess up a computer if used improperly.

Edited by Bud_91, 11 June 2014 - 12:28 PM.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#5 Hebird

Hebird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 11 June 2014 - 05:36 PM

I removed the torrent programs as you suggested. I've hardly ever used them and find them a bit scary, so happy to get rid of them.

 

Attached is the RogueKiller scan from last night. I couldn't see the Combofix or TDSSKiller logs, so I ran TDSSKiller again for good measure. I won't do Combofix again on my own. 

 

And here is the search.txt log from FRST.

 

Farbar Recovery Scan Tool (x64) Version: 11-06-2014
Ran by H Dyer at 2014-06-11 18:32:28
Running from C:\Users\H Dyer\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.*" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24][2014-06-11 18:30] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]
 
====== End Of Search ======

Attached Files



#6 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 11 June 2014 - 05:48 PM

Okay, so the run of TDSSKiller took care of the patched file for us. How is the computer running now?

 

Let's continue with this:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
    Then, please run FRST again and post a fresh scan.

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #7 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 05:57 PM

    The computer is running more quietly and the CPU seems to be staying down. Phew! Thank you. I'm running the new scan now.



    #8 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 06:10 PM

    Here's the Junkware Removal scan.

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by H Dyer on 11/06/2014 at 18:57:21.07
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3101810
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{382AFA60-96DE-4D61-8804-79FA716C12C8}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "\searchprotect"
    Successfully deleted: [Folder] "C:\Users\H Dyer\appdata\locallow\industriya"
    Successfully deleted: [Folder] "C:\Users\H Dyer\appdata\locallow\utorrentcontrol_v2"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
    Successfully deleted: [Folder] "C:\Program Files (x86)\industriya"
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{08D52624-35A4-4216-93E7-7039B30AAE46}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{11A948DF-02EC-4960-B9EC-77B91461A0D5}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{1470B02C-C263-46F5-9255-62C9A0ED4AAC}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{17080E6B-FD55-4CC1-B0EF-32D9AD2C5BB0}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{186193D3-548C-47D4-994F-83B1EE172505}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{23F936E0-175B-4308-9D58-2300E03250D7}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{39C262E2-2671-4BC8-A991-A10FE6DBB0FF}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{49DABE1D-0F66-429F-824A-1E674C1D362D}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{56A93E19-21C7-4A76-9268-DE42A8D84AAE}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{5DD88DE2-172C-4735-9122-F18B137293B4}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{635358C1-76BF-42BD-9765-02A5AA7C7DCB}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{651EE343-BAB3-497A-B912-D1B5E1190DCE}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{66445E05-4073-42E7-9800-A11EC39BE8A2}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{71C04294-219B-418A-8D7F-4BE64CD5A71B}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{8E29A7AF-8305-4C7A-8EE1-7D8240033096}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{9ED63701-9AD5-46AC-BD63-B0D3623A3CBF}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{A5FB45DC-47E6-43E9-A73D-1E092AF77097}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{A8F44A24-C28D-4ACB-8F4C-A1A007E11322}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{AA03EA96-F41A-46B2-803F-AA734CCB5673}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{BC008E21-4E91-48E3-8157-C39B4C23C243}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{C3AF3616-AC7D-4BAF-A91C-886E6F057CE8}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{CD58322B-BE4A-406B-99F2-84C1620B09B4}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{D19E05DE-F4F6-4DD3-86F1-DDBB5A31BF18}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{D221EBC8-4664-4191-9AF2-0290266F9FC6}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{EFB62C4B-3F9F-4A77-BE88-55058148C156}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{F086DD24-B444-4688-8FCD-1199AD31DE49}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{F78975B8-9B94-4627-ADEE-2E4C66FD7664}
    Successfully deleted: [Empty Folder] C:\Users\H Dyer\appdata\local\{F9AC7F59-8541-44FD-899B-5C3E2A96AB92}
     
     
     
    ~~~ Chrome
     
    Failed to delete: [Folder] C:\Users\H Dyer\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/06/2014 at 19:03:31.90
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    #9 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 06:13 PM

    And here is the FRST scan.

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
    Ran by H Dyer (administrator) on APOL1234 on 11-06-2014 19:10:47
    Running from C:\Users\H Dyer\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
    () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-06] (IDT, Inc.)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
    HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Freedom Session] => C:\Program Files (x86)\Freedom\session\FreedomSession.exe [111416 2014-02-11] (Eighty Percent Solutions Corporation)
    Startup: C:\Users\H Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - DefaultScope {382AFA60-96DE-4D61-8804-79FA716C12C8} URL = 
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
    FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
     
    Chrome: 
    =======
    CHR StartupUrls: "hxxp://www.google.ca/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (Settings) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (YouTube) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-13]
    CHR Extension: (Google Search) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-13]
    CHR Extension: (Hangouts) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-02-14]
    CHR Extension: (Google Wallet) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-13]
    CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2012-10-13]
    CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [2012-10-13]
     
    ==================== Services (Whitelisted) =================
     
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
    R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-02-25] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
    S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2013-07-08] ()
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-11] ()
    R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
    R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
    R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
    R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-23] (Intel Corporation)
    R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [261224 2012-03-14] (Realtek Semiconductor Corp.)
    S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26384 2012-03-26] (Synaptics Incorporated)
    R3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-11] ()
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-06-11 19:03 - 2014-06-11 19:03 - 00007080 _____ () C:\Users\H Dyer\Desktop\JRT.txt
    2014-06-11 18:57 - 2014-06-11 18:57 - 00000000 ____D () C:\Windows\ERUNT
    2014-06-11 18:54 - 2014-06-11 18:55 - 01016261 _____ (Thisisu) C:\Users\H Dyer\Desktop\JRT.exe
    2014-06-11 18:29 - 2014-06-11 18:29 - 00116343 _____ () C:\Users\H Dyer\Desktop\TDSSKiller.txt
    2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
    2014-06-11 08:01 - 2014-06-11 08:02 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
    2014-06-11 08:01 - 2014-06-11 08:02 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
    2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
    2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-06-10 22:18 - 2014-06-10 22:25 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
    2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 21:52 - 2014-06-11 19:10 - 00020822 _____ () C:\Users\H Dyer\Desktop\FRST.txt
    2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
    2014-06-10 21:48 - 2014-06-10 21:50 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
    2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
    2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
    2014-06-10 21:38 - 2014-06-11 18:27 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
    2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
    2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
    2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-10 21:19 - 2014-06-10 21:27 - 00000000 ____D () C:\Qoobox
    2014-06-10 21:19 - 2014-06-10 21:25 - 00000000 ____D () C:\Windows\erdnt
    2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
    2014-06-10 21:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-06-10 21:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-06-10 21:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-06-10 21:07 - 2014-06-11 07:20 - 00000482 _____ () C:\Windows\system32\.crusader
    2014-06-10 21:00 - 2014-06-10 21:01 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
    2014-06-10 20:53 - 2014-06-11 18:32 - 00000612 _____ () C:\Users\H Dyer\Desktop\Search.txt
    2014-06-10 20:52 - 2014-06-11 19:10 - 00000000 ____D () C:\FRST
    2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
    2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
    2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
    2014-06-07 10:15 - 2014-06-10 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
    2014-06-03 21:07 - 2014-06-03 21:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
    2014-05-30 10:00 - 2014-06-10 22:05 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-30 09:59 - 2014-06-10 22:03 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-30 09:59 - 2014-05-30 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
    2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-30 09:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-30 09:55 - 2014-06-09 08:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
    2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
    2014-05-30 09:55 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
    2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
    2014-05-29 15:03 - 2014-06-11 12:19 - 00000069 _____ () C:\Windows\system32\ujaf.nad
    2014-05-29 14:53 - 2014-05-29 14:53 - 00000064 _____ () C:\Windows\system32\foqil.jff
    2014-05-29 14:53 - 2014-05-29 14:53 - 00000000 _____ () C:\Windows\system32\nwngfl.zzv
    2014-05-29 14:29 - 2014-05-29 14:29 - 00245006 ____S () C:\Windows\system32\lnzgjth.vww
    2014-05-28 10:49 - 2014-06-10 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
    2014-05-20 07:40 - 2014-05-22 09:28 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
    2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
     
    ==================== One Month Modified Files and Folders =======
     
    2014-06-11 19:11 - 2014-06-10 21:52 - 00020822 _____ () C:\Users\H Dyer\Desktop\FRST.txt
    2014-06-11 19:11 - 2012-10-08 23:21 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Temp
    2014-06-11 19:10 - 2014-06-10 20:52 - 00000000 ____D () C:\FRST
    2014-06-11 19:03 - 2014-06-11 19:03 - 00007080 _____ () C:\Users\H Dyer\Desktop\JRT.txt
    2014-06-11 19:01 - 2012-10-13 08:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-11 18:58 - 2012-10-30 21:25 - 00000000 ____D () C:\Users\H Dyer\Documents\Outlook Files
    2014-06-11 18:57 - 2014-06-11 18:57 - 00000000 ____D () C:\Windows\ERUNT
    2014-06-11 18:55 - 2014-06-11 18:54 - 01016261 _____ (Thisisu) C:\Users\H Dyer\Desktop\JRT.exe
    2014-06-11 18:39 - 2014-02-16 21:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000UA.job
    2014-06-11 18:37 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-11 18:37 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-11 18:34 - 2009-07-14 01:13 - 00809216 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-11 18:32 - 2014-06-10 20:53 - 00000612 _____ () C:\Users\H Dyer\Desktop\Search.txt
    2014-06-11 18:30 - 2013-08-05 13:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
    2014-06-11 18:30 - 2012-10-13 08:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-11 18:30 - 2012-10-08 23:21 - 01379083 _____ () C:\Windows\WindowsUpdate.log
    2014-06-11 18:30 - 2012-08-08 09:11 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
    2014-06-11 18:30 - 2010-11-20 23:47 - 00636842 _____ () C:\Windows\PFRO.log
    2014-06-11 18:30 - 2010-11-20 23:24 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2014-06-11 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-11 18:30 - 2009-07-14 00:51 - 00061997 _____ () C:\Windows\setupact.log
    2014-06-11 18:29 - 2014-06-11 18:29 - 00116343 _____ () C:\Users\H Dyer\Desktop\TDSSKiller.txt
    2014-06-11 18:27 - 2014-06-10 21:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-06-11 18:13 - 2012-10-20 21:00 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\uTorrent
    2014-06-11 18:12 - 2013-06-23 21:19 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\BitTorrent
    2014-06-11 18:11 - 2012-10-17 19:33 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
    2014-06-11 12:25 - 2013-02-01 07:49 - 00000000 ____D () C:\Users\H Dyer\Documents\Sunday Smile
    2014-06-11 12:19 - 2014-05-29 15:03 - 00000069 _____ () C:\Windows\system32\ujaf.nad
    2014-06-11 08:02 - 2014-06-11 08:01 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
    2014-06-11 08:02 - 2014-06-11 08:01 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
    2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
    2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-06-11 07:20 - 2014-06-10 21:07 - 00000482 _____ () C:\Windows\system32\.crusader
    2014-06-11 07:06 - 2014-02-16 21:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000Core.job
    2014-06-10 22:25 - 2014-06-10 22:18 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
    2014-06-10 22:25 - 2012-10-20 13:47 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\CrashDumps
    2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
    2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
    2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 22:05 - 2014-05-30 10:00 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-10 22:03 - 2014-05-30 09:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
    2014-06-10 21:50 - 2014-06-10 21:48 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
    2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
    2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
    2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
    2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
    2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:19 - 00000000 ____D () C:\Qoobox
    2014-06-10 21:27 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
    2014-06-10 21:25 - 2014-06-10 21:19 - 00000000 ____D () C:\Windows\erdnt
    2014-06-10 21:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
    2014-06-10 21:24 - 2012-12-26 11:59 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\WinLive
    2014-06-10 21:22 - 2012-08-08 09:13 - 00000000 ____D () C:\ProgramData\Temp
    2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
    2014-06-10 21:07 - 2014-06-07 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-06-10 21:07 - 2014-05-28 10:49 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
    2014-06-10 21:01 - 2014-06-10 21:00 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
    2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
    2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
    2014-06-09 08:30 - 2014-05-30 09:55 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-06-07 16:40 - 2012-10-20 21:00 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Mozilla
    2014-06-07 08:56 - 2013-02-17 05:54 - 00000000 ____D () C:\Program Files (x86)\Freedom
    2014-06-06 17:16 - 2012-11-11 20:23 - 00000000 ____D () C:\Users\H Dyer\Documents\Writing
    2014-06-05 16:03 - 2013-10-12 12:10 - 00000000 ____D () C:\Users\H Dyer\Documents\Reading
    2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
    2014-06-05 14:03 - 2012-10-20 14:53 - 00000000 ____D () C:\Users\H Dyer\Desktop\HCC
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
    2014-06-03 21:16 - 2013-02-17 05:54 - 00001833 _____ () C:\Users\Public\Desktop\Freedom.lnk
    2014-06-03 21:16 - 2013-02-17 05:54 - 00001823 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Freedom.lnk
    2014-06-03 21:14 - 2014-06-03 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
    2014-06-03 21:12 - 2012-10-11 20:07 - 00768996 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
    2014-05-30 10:00 - 2014-05-30 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-30 10:00 - 2013-04-15 07:14 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Malwarebytes
    2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
    2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
    2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
    2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
    2014-05-29 14:53 - 2014-05-29 14:53 - 00000064 _____ () C:\Windows\system32\foqil.jff
    2014-05-29 14:53 - 2014-05-29 14:53 - 00000000 _____ () C:\Windows\system32\nwngfl.zzv
    2014-05-29 14:29 - 2014-05-29 14:29 - 00245006 ____S () C:\Windows\system32\lnzgjth.vww
    2014-05-23 07:22 - 2013-09-25 17:33 - 00000000 ____D () C:\Users\H Dyer\Desktop\Submissions
    2014-05-22 09:28 - 2014-05-20 07:40 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
    2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-05-20 07:39 - 2012-10-13 08:32 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
    2014-05-12 07:26 - 2014-05-30 09:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-12 07:25 - 2013-04-15 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
     
    Some content of TEMP:
    ====================
    C:\Users\H Dyer\AppData\Local\Temp\{2A88CDF3-1560-4030-A3FE-5F40637D3391}.exe
    C:\Users\H Dyer\AppData\Local\Temp\{38D878EF-091B-415C-BAFE-2E20A67FB44A}.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-06-08 10:36
     
    ==================== End Of Log ============================


    #10 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:57 PM

    Posted 11 June 2014 - 06:53 PM

    The log is showing the Combofix log at C:\ComboFix.txt. Could you check if it is there?

     

    Next,

     

    Please download the attached fixlist.txt and save it to your desktop. Then run FRST again and select "Fix." Please post the resulting fixlog.txt. Also, please run a fresh scan with the "Additions" checkbox checked, and attach the new addition.txt to your next reply.

     

    We need to get an antivirus installed on your system. Windows Defender in Windows 7 is not enough protection. I recommend installing either the free AVAST or Microsoft Security Essentials. However, the choice is up to you (make sure to uncheck any "extras" that come in the installers). Please let me know what you decide to install.

     

    Also, does windows update work now? If so, make sure to install all of the important updates (make sure you get the latest IE 11).

    Attached Files


    Edited by Bud_91, 11 June 2014 - 06:54 PM.

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #11 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 07:18 PM

    Ah, there is is. Combofix log is attached.

     

    And here is the fixlist.txt

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
    Ran by H Dyer at 2014-06-11 20:16:12 Run:1
    Running from C:\Users\H Dyer\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    SearchScopes: HKCU - DefaultScope {382AFA60-96DE-4D61-8804-79FA716C12C8} URL = 
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2012-10-13]
    C:\Program Files (x86)\OnlineHD.TV
    CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [2012-10-13]
    C:\Windows\SysWOW64\jmdp
    C:\Windows\system32\ujaf.nad
    C:\Windows\system32\foqil.jff
    C:\Windows\system32\nwngfl.zzv
    C:\Windows\system32\lnzgjth.vww
    File: C:\Windows\SysWOW64\u
     
    *****************
     
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
    'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
    'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
    'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}' => Key deleted successfully.
    'HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}' => Key deleted successfully.
    'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih' => Key deleted successfully.
    "C:\Program Files (x86)\OnlineHD.TV\onhd11.crx" => File/Directory not found.
    "C:\Program Files (x86)\OnlineHD.TV" => File/Directory not found.
    'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg' => Key deleted successfully.
    "C:\Windows\SysWOW64\jmdp\pnte.crx" => File/Directory not found.
    "C:\Windows\SysWOW64\jmdp" => File/Directory not found.
    C:\Windows\system32\ujaf.nad => Moved successfully.
    C:\Windows\system32\foqil.jff => Moved successfully.
    C:\Windows\system32\nwngfl.zzv => Moved successfully.
    C:\Windows\system32\lnzgjth.vww => Moved successfully.
     
    ========================= File: C:\Windows\SysWOW64\u ========================
     
    MD5: 9AF26744D9480D8F167140644CF7C367
    Creation and modification date: 2014-06-10 21:35 - 2014-06-10 21:35
    Size: 0000028
    Attributes: ----A
    Company Name: 
    Internal Name: 
    Original Name: 
    Product Name: 
    Description: 
    File Version: 
    Product Version: 
    Copyright: 
     
    ====== End Of File: ======
     
     
    ==== End of Fixlog ====

    Attached Files



    #12 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 07:22 PM

    Here are the results of the FRST scan with the Addition box checked. The Addition.txt file is attached.

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
    Ran by H Dyer (administrator) on APOL1234 on 11-06-2014 20:19:29
    Running from C:\Users\H Dyer\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
    () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-06] (IDT, Inc.)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
    HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3037542581-3951336211-3202862332-1000\...\Run: [Freedom Session] => C:\Program Files (x86)\Freedom\session\FreedomSession.exe [111416 2014-02-11] (Eighty Percent Solutions Corporation)
    Startup: C:\Users\H Dyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKCU - {1944AD42-E248-4CB4-9553-FDF0F5827ABB} URL = https://www.google.com/search?q={searchTerms}
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H Dyer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H Dyer\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\H Dyer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
    FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
    FF Extension: Mozilla hotfix - C:\Users\H Dyer\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-26]
     
    Chrome: 
    =======
    CHR StartupUrls: "hxxp://www.google.ca/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Extension: (Settings) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-28]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (YouTube) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-13]
    CHR Extension: (Google Search) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-13]
    CHR Extension: (Hangouts) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-02-14]
    CHR Extension: (Google Wallet) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Users\H Dyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-13]
     
    ==================== Services (Whitelisted) =================
     
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
    R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-02-25] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation)
    S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2013-07-08] ()
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-11] ()
    R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
    R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
    R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
    R3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-23] (Intel Corporation)
    R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [261224 2012-03-14] (Realtek Semiconductor Corp.)
    S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26384 2012-03-26] (Synaptics Incorporated)
    R3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-11] ()
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-06-11 20:13 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-06-11 20:13 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-06-11 20:13 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-06-11 20:13 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-06-11 20:13 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-06-11 20:13 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-06-11 19:03 - 2014-06-11 19:03 - 00007080 _____ () C:\Users\H Dyer\Desktop\JRT.txt
    2014-06-11 18:57 - 2014-06-11 18:57 - 00000000 ____D () C:\Windows\ERUNT
    2014-06-11 18:54 - 2014-06-11 18:55 - 01016261 _____ (Thisisu) C:\Users\H Dyer\Desktop\JRT.exe
    2014-06-11 18:29 - 2014-06-11 18:29 - 00116343 _____ () C:\Users\H Dyer\Desktop\TDSSKiller.txt
    2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
    2014-06-11 08:01 - 2014-06-11 08:02 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
    2014-06-11 08:01 - 2014-06-11 08:02 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
    2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
    2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-06-10 22:18 - 2014-06-10 22:25 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
    2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 21:52 - 2014-06-11 20:19 - 00020216 _____ () C:\Users\H Dyer\Desktop\FRST.txt
    2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
    2014-06-10 21:48 - 2014-06-10 21:50 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
    2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
    2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
    2014-06-10 21:38 - 2014-06-11 18:27 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
    2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
    2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
    2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-10 21:19 - 2014-06-10 21:27 - 00000000 ____D () C:\Qoobox
    2014-06-10 21:19 - 2014-06-10 21:25 - 00000000 ____D () C:\Windows\erdnt
    2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
    2014-06-10 21:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-06-10 21:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-06-10 21:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-06-10 21:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-06-10 21:07 - 2014-06-11 07:20 - 00000482 _____ () C:\Windows\system32\.crusader
    2014-06-10 21:00 - 2014-06-10 21:01 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
    2014-06-10 20:53 - 2014-06-11 18:32 - 00000612 _____ () C:\Users\H Dyer\Desktop\Search.txt
    2014-06-10 20:52 - 2014-06-11 20:19 - 00000000 ____D () C:\FRST
    2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
    2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
    2014-06-10 20:45 - 2014-06-10 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
    2014-06-07 10:15 - 2014-06-10 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
    2014-06-03 21:07 - 2014-06-03 21:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
    2014-05-30 10:00 - 2014-06-10 22:05 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-30 09:59 - 2014-06-10 22:03 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-30 09:59 - 2014-05-30 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
    2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-30 09:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-30 09:55 - 2014-06-09 08:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
    2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
    2014-05-30 09:55 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
    2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
    2014-05-28 10:49 - 2014-06-10 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
    2014-05-20 07:40 - 2014-05-22 09:28 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
    2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
     
    ==================== One Month Modified Files and Folders =======
     
    2014-06-11 20:19 - 2014-06-10 21:52 - 00020216 _____ () C:\Users\H Dyer\Desktop\FRST.txt
    2014-06-11 20:19 - 2014-06-10 20:52 - 00000000 ____D () C:\FRST
    2014-06-11 20:19 - 2012-10-08 23:21 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Temp
    2014-06-11 20:19 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-11 20:19 - 2009-07-14 00:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-11 20:15 - 2012-10-08 23:21 - 01609721 _____ () C:\Windows\WindowsUpdate.log
    2014-06-11 20:12 - 2014-02-16 21:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000UA.job
    2014-06-11 20:12 - 2012-10-13 08:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-11 19:21 - 2012-10-30 21:25 - 00000000 ____D () C:\Users\H Dyer\Documents\Outlook Files
    2014-06-11 19:03 - 2014-06-11 19:03 - 00007080 _____ () C:\Users\H Dyer\Desktop\JRT.txt
    2014-06-11 18:57 - 2014-06-11 18:57 - 00000000 ____D () C:\Windows\ERUNT
    2014-06-11 18:55 - 2014-06-11 18:54 - 01016261 _____ (Thisisu) C:\Users\H Dyer\Desktop\JRT.exe
    2014-06-11 18:34 - 2009-07-14 01:13 - 00809216 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-11 18:32 - 2014-06-10 20:53 - 00000612 _____ () C:\Users\H Dyer\Desktop\Search.txt
    2014-06-11 18:30 - 2013-08-05 13:50 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
    2014-06-11 18:30 - 2012-10-13 08:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-11 18:30 - 2012-08-08 09:11 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
    2014-06-11 18:30 - 2010-11-20 23:47 - 00636842 _____ () C:\Windows\PFRO.log
    2014-06-11 18:30 - 2010-11-20 23:24 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2014-06-11 18:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-11 18:30 - 2009-07-14 00:51 - 00061997 _____ () C:\Windows\setupact.log
    2014-06-11 18:29 - 2014-06-11 18:29 - 00116343 _____ () C:\Users\H Dyer\Desktop\TDSSKiller.txt
    2014-06-11 18:27 - 2014-06-10 21:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-06-11 18:13 - 2012-10-20 21:00 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\uTorrent
    2014-06-11 18:12 - 2013-06-23 21:19 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\BitTorrent
    2014-06-11 18:11 - 2012-10-17 19:33 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-06-11 12:28 - 2014-06-11 12:28 - 01073152 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST.exe
    2014-06-11 12:25 - 2013-02-01 07:49 - 00000000 ____D () C:\Users\H Dyer\Documents\Sunday Smile
    2014-06-11 08:02 - 2014-06-11 08:01 - 00022317 _____ () C:\Users\H Dyer\Desktop\dds.txt
    2014-06-11 08:02 - 2014-06-11 08:01 - 00010699 _____ () C:\Users\H Dyer\Desktop\attach.txt
    2014-06-11 08:01 - 2014-06-11 08:01 - 00688992 ____R (Swearware) C:\Users\H Dyer\Desktop\dds.com
    2014-06-11 07:53 - 2014-06-11 07:53 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-06-11 07:20 - 2014-06-10 21:07 - 00000482 _____ () C:\Windows\system32\.crusader
    2014-06-11 07:06 - 2014-02-16 21:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037542581-3951336211-3202862332-1000Core.job
    2014-06-10 22:25 - 2014-06-10 22:18 - 00002204 _____ () C:\Users\H Dyer\Desktop\Rkill.txt
    2014-06-10 22:25 - 2012-10-20 13:47 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\CrashDumps
    2014-06-10 22:18 - 2014-06-10 22:18 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\H Dyer\Desktop\rkill.exe
    2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\Users\H Dyer\Desktop\mbar
    2014-06-10 22:11 - 2014-06-10 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 22:05 - 2014-05-30 10:00 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-10 22:03 - 2014-05-30 09:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-06-10 22:01 - 2014-06-10 22:01 - 04686336 _____ () C:\Users\H Dyer\Desktop\RogueKiller (1).exe
    2014-06-10 22:01 - 2014-06-10 22:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 21:52 - 2014-06-10 21:52 - 00031999 _____ () C:\Users\H Dyer\Desktop\Addition.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001992 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_D_06102014_215044.txt
    2014-06-10 21:50 - 2014-06-10 21:50 - 00001897 _____ () C:\Users\H Dyer\Desktop\RKreport[0]_S_06102014_215031.txt
    2014-06-10 21:50 - 2014-06-10 21:48 - 00000000 ____D () C:\Users\H Dyer\Desktop\RK_Quarantine
    2014-06-10 21:48 - 2014-06-10 21:48 - 00915968 _____ () C:\Users\H Dyer\Desktop\RogueKiller.exe
    2014-06-10 21:40 - 2014-06-10 21:40 - 00854378 _____ () C:\Users\H Dyer\Desktop\SecurityCheck.exe
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk55B0.tmp
    2014-06-10 21:38 - 2014-06-10 21:38 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsk50EF.tmp
    2014-06-10 21:35 - 2014-06-10 21:35 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\H Dyer\Desktop\tdsskiller.exe
    2014-06-10 21:35 - 2014-06-10 21:35 - 00000028 _____ () C:\Windows\SysWOW64\u
    2014-06-10 21:27 - 2014-06-10 21:27 - 00026714 _____ () C:\ComboFix.txt
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
    2014-06-10 21:27 - 2014-06-10 21:19 - 00000000 ____D () C:\Qoobox
    2014-06-10 21:27 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
    2014-06-10 21:25 - 2014-06-10 21:19 - 00000000 ____D () C:\Windows\erdnt
    2014-06-10 21:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
    2014-06-10 21:24 - 2012-12-26 11:59 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\WinLive
    2014-06-10 21:22 - 2012-08-08 09:13 - 00000000 ____D () C:\ProgramData\Temp
    2014-06-10 21:19 - 2014-06-10 21:19 - 05205915 ____R (Swearware) C:\Users\H Dyer\Desktop\ComboFix.exe
    2014-06-10 21:07 - 2014-06-07 10:15 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-06-10 21:07 - 2014-05-28 10:49 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Opics
    2014-06-10 21:01 - 2014-06-10 21:00 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64 (1).exe
    2014-06-10 20:52 - 2014-06-10 20:52 - 02081792 _____ (Farbar) C:\Users\H Dyer\Desktop\FRST64.exe
    2014-06-10 20:44 - 2014-06-10 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\H Dyer\Desktop\mbar-1.07.0.1012.exe
    2014-06-09 08:30 - 2014-05-30 09:55 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-06-07 16:40 - 2012-10-20 21:00 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Mozilla
    2014-06-07 08:56 - 2013-02-17 05:54 - 00000000 ____D () C:\Program Files (x86)\Freedom
    2014-06-06 17:16 - 2012-11-11 20:23 - 00000000 ____D () C:\Users\H Dyer\Documents\Writing
    2014-06-05 16:03 - 2013-10-12 12:10 - 00000000 ____D () C:\Users\H Dyer\Documents\Reading
    2014-06-05 15:57 - 2014-06-05 15:57 - 01067450 _____ () C:\Users\H Dyer\Desktop\q10-1.2-spell.exe
    2014-06-05 14:03 - 2012-10-20 14:53 - 00000000 ____D () C:\Users\H Dyer\Desktop\HCC
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedom
    2014-06-03 21:16 - 2014-06-03 21:16 - 00000000 ____D () C:\ProgramData\Eighty Percent Solutions Corporation
    2014-06-03 21:16 - 2013-02-17 05:54 - 00001833 _____ () C:\Users\Public\Desktop\Freedom.lnk
    2014-06-03 21:16 - 2013-02-17 05:54 - 00001823 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Freedom.lnk
    2014-06-03 21:14 - 2014-06-03 21:07 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Eighty Percent Solutions Corporation
    2014-06-03 21:12 - 2012-10-11 20:07 - 00768996 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-31 20:42 - 2014-05-31 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-05-31 20:41 - 2014-05-31 20:41 - 13084896 _____ (Microsoft Corporation) C:\Users\H Dyer\Desktop\Silverlight_x64.exe
    2014-05-30 10:00 - 2014-05-30 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-30 10:00 - 2013-04-15 07:14 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\Users\H Dyer\AppData\Roaming\Malwarebytes
    2014-05-30 10:00 - 2013-04-15 07:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-30 09:59 - 2014-05-30 09:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\H Dyer\Desktop\mbam-setup-2.0.2.1012.exe
    2014-05-30 09:59 - 2014-05-30 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-30 09:55 - 2014-05-30 09:55 - 04095448 _____ (BrightFort LLC ) C:\Users\H Dyer\Desktop\spywareblastersetup50.exe
    2014-05-30 09:55 - 2014-05-30 09:55 - 00000000 ____D () C:\ProgramData\Licenses
    2014-05-30 09:50 - 2014-05-30 09:50 - 10971424 _____ (SurfRight B.V.) C:\Users\H Dyer\Desktop\HitmanPro_x64.exe
    2014-05-23 07:22 - 2013-09-25 17:33 - 00000000 ____D () C:\Users\H Dyer\Desktop\Submissions
    2014-05-22 09:28 - 2014-05-20 07:40 - 00000000 ____D () C:\Users\H Dyer\AppData\Local\Windows Live
    2014-05-20 07:39 - 2014-05-20 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-05-20 07:39 - 2012-10-13 08:32 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-19 07:18 - 2014-05-19 07:18 - 00000000 ____D () C:\Users\H Dyer\Desktop\AP
    2014-05-12 07:26 - 2014-05-30 09:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-12 07:25 - 2013-04-15 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
     
    Some content of TEMP:
    ====================
    C:\Users\H Dyer\AppData\Local\Temp\{2A88CDF3-1560-4030-A3FE-5F40637D3391}.exe
    C:\Users\H Dyer\AppData\Local\Temp\{38D878EF-091B-415C-BAFE-2E20A67FB44A}.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-06-08 10:36
     
    ==================== End Of Log ============================

    Attached Files



    #13 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 11 June 2014 - 07:25 PM

    I've downloaded Microsoft Security Essentials and am pleased to report that I can now access Windows updates. Thank you!



    #14 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:03:57 PM

    Posted 12 June 2014 - 08:19 AM

    Good. Let's run a few last scans to check for any remnants.

     

    Could you please upload C:\Windows\SysWOW64\u to VirusTotal and send me a link to the results page.

     
    Step 1: Run SecurityCheck
     
    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
    Step 2: Run MBAM.
     
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
    Step 3: Run online scan.
     
    Run ESET Online Scanner:
     
    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
     
    • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
     
    Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #15 Hebird

    Hebird
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:03:57 PM

    Posted 12 June 2014 - 02:11 PM

    Everything seems to be back to normal.

     

    Here's the link to the results page from VirusTotal:

     

    https://www.virustotal.com/en/file/aa0f74ade78de0e7e20d7c985a46f4a6257f33581d58bbe515d99fcff457d8c0/analysis/1402598821/

     

    I tried downloading Security Check from both links, but received the same error message when I tried running them:

     

    UNSUPPORTED OPERATING SYSTEM! ABORTED!

     

    A clean scan from MBAM:

     

    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Scan Date: 12/06/2014

    Scan Time: 2:52:19 PM

    Logfile:

    Administrator: Yes

     

    Version: 2.00.2.1012

    Malware Database: v2014.06.12.10

    Rootkit Database: v2014.06.02.01

    License: Free

    Malware Protection: Disabled

    Malicious Website Protection: Disabled

    Self-protection: Disabled

     

    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: H Dyer

     

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 292877

    Time Elapsed: 5 min, 54 sec

     

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Warn

    PUM: Enabled

     

    Processes: 0

    (No malicious items detected)

     

    Modules: 0

    (No malicious items detected)

     

    Registry Keys: 0

    (No malicious items detected)

     

    Registry Values: 0

    (No malicious items detected)

     

    Registry Data: 0

    (No malicious items detected)

     

    Folders: 0

    (No malicious items detected)

     

    Files: 0

    (No malicious items detected)

     

    Physical Sectors: 0

    (No malicious items detected)

     

    (end)

     

    I may have to delay the ESET scan if it's going to take a few hours and I can't touch the computer while it's running, but will follow up about that.

     

    Thanks!






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users