Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox freezes computer, Explorer Task Manager constantly crashes/hangs


  • This topic is locked This topic is locked
13 replies to this topic

#1 Andrew456

Andrew456

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 10 July 2014 - 04:44 PM

Hello, I have been having trouble for a couple weeks with Firefox. Every so often Firefox will hang, and cause a total system freeze for a short period of time. Sometimes this can cause explorer to crash too, other times if for example I was watching a YouTube video or a Twitch stream, I get a message saying the shockwave plugin is not responding. This would then again cause an entire system lock up. I would then begin to attempt to open up task manager with the Ctrl+Shift+Esc combination. On my computer it would always instantaneously open up. During these experiences it does not show up at all. So I would then attempt to right click the taskbar to open Task Manager from the options there. The taskbar (as I'm assuming explorer was still hung) would not respond for a couple minutes until finally the menu pops up. I would then select Task Manager. After a short while (maybe 30 seconds) Task Manager would finally show up. It is here that I would see that there are two Task Manager processes. So I would attempt to kill one. I would select the one that was ~100 kb (which I'm assuming is the one that hasn't shown up yet as the other one had ~4000kb). This would be in vain as attempting to kill most processes was also in vain. So I started a round of anti virus and malware checks. I originally started with an Avast! boot time scan. I received an error of 42111. I looked into this and it seems as though Avast! was failing to scan an archived file. After this completed scanning, I started a whole system scan in Avast! during full boot. It gave me a minor "PUP" discovery. After quarantining the file, Avast! was done. Being a thorough person I from there used Malwarebytes. This whole system scan gave me another 2 minor threats which it as well quarantined. I still have had issues since. The latest occurrences have been with Firefox still, Malwarebytes, and a specific video game I like to play, Killing Floor. Firstly Firefox now does not load up websites correctly (basically it seems like only the text shows up). It still has the shockwave plugin issue. Now the Malwarebytes issue. Last night I decided to run another scan. When it started Malwarebytes completely froze up, and was unresponsive for a couple minutes. It then came back and said it could not load the DDA driver. I researched this as well, and it says it could be possible due to conflicting Antivirus scanners. As I had nothing else running I was a little concerned. So I restarted my computer (as instructed by Malwarebytes), and it never automatically came back up (as stated as well). Finally the most minor issue is with Killing Floor. No matter what servers I connect too whether the ping is 23 or 500, my connection ping is unbearable. Roughly 200-300 ping. While not being able to play this is a nuisance, I'm more afraid my computer might be spreading malware to these servers, so I have thusly not opened it since. I'm really sorry about how lengthy the post was, like I said above I am just very thorough and attempt to give as much detail so as to help. I appreciate all the help I receive! Andrew DDS Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2 Run by Andrew at 16:22:11 on 2014-07-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.2625 [GMT -5:00] . AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Prey\platform\windows\cronsvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe C:\Program Files (x86)\PS3 Media Server\jre\bin\java.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\explorer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} - hxxps://www.cebbank.com/per/js/PowerEnter.CAB DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} - hxxps://www.cebbank.com/per/js/cebiesign.ocx TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0F27C1F2-F42D-4BD4-91D3-D2CB44BEBBF8} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{9DA9D67D-023A-4BD3-B79A-E4BE10C21AB7} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\14022416C627F67602E416D656460202D4E202249637F6E6 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\3757C6F6775303D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\4505C496E6B6D26456C6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\4505D2C494E4B4F5530344538383 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe" x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-27 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-27 208416] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-4-27 1039096] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-27 423240] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-13 283064] R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-6-28 63928] R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800] R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-5-2 162336] R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-5-2 112160] R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-5-2 115232] R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-5-2 95776] R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-5-2 125984] R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-5-2 306720] R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-5-2 169504] R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744] R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-5-2 261152] R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-5-2 109088] R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-5-4 195616] R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-27 29208] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-27 79184] R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-27 85328] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-27 50344] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-6-10 9216] R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-9-2 87368] R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-6-28 347448] R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-5-4 141560] R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424] R2 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2012-11-27 384280] R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-5-4 160800] R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-5-4 119840] R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-5-5 121888] R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-5-6 132128] R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-5-5 106016] R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-5-6 38136] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-12-4 199272] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-6-11 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-26 342528] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600] RUnknown PSKMAD;PSKMAD; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-6-29 127752] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-2-17 75264] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-26 174680] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-11 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-6-8 17160] S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176] . =============== Created Last 30 ================ . 2014-07-10 09:33:56 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C9E00E0-431F-48B3-8211-BCB7DDE1A28B}\offreg.dll 2014-07-10 09:01:33 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2014-07-02 10:33:22 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C9E00E0-431F-48B3-8211-BCB7DDE1A28B}\mpengine.dll 2014-07-02 08:24:31 -------- d-----w- C:\Users\Andrew\AppData\Local\Blizzard 2014-06-30 00:42:03 -------- d-----w- C:\Program Files (x86)\Sony 2014-06-30 00:40:33 -------- d-----w- C:\ProgramData\Sony Corporation 2014-06-29 19:41:36 -------- d-----w- C:\Program Files\HitmanPro 2014-06-29 01:59:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-06-28 05:43:01 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Panda Security 2014-06-28 05:42:23 -------- d-----w- C:\Program Files (x86)\Panda Security 2014-06-28 05:40:45 -------- d-----w- C:\ProgramData\Panda Security 2014-06-28 04:59:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-28 04:59:00 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-28 04:58:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-23 00:09:27 -------- d-----w- C:\Users\Andrew\AppData\Local\4A Games 2014-06-20 22:43:34 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Mount&Blade With Fire and Sword 2014-06-15 00:34:36 -------- d-----w- C:\Windows\Downloaded Program Files 2014-06-14 02:34:16 -------- d--h--w- C:\Windows\msdownld.tmp 2014-06-14 02:34:15 -------- d-----w- C:\Windows\SysWow64\directx 2014-06-12 00:01:29 20992 ----a-w- C:\Windows\System32\OpenCL.dll 2014-06-12 00:01:29 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll 2014-06-12 00:01:27 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2014-06-12 00:01:27 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll . ==================== Find3M ==================== . 2014-07-10 21:18:08 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2014-07-09 04:22:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-09 04:22:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll 2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll 2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-05-26 19:54:56 53248 ----a-w- C:\Windows\SysWow64\unrar.dll 2014-05-26 19:54:40 4358144 ----a-w- C:\Windows\uncsetup.exe 2014-05-20 07:08:40 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-05-16 07:53:18 341848 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl 2014-05-15 14:55:44 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys 2014-05-15 14:55:44 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys 2014-05-12 12:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-05-06 07:21:33 132128 ----a-w- C:\Windows\System32\drivers\PSINProt.sys 2014-05-05 12:37:08 106016 ----a-w- C:\Windows\System32\drivers\PSINReg.sys 2014-05-05 12:36:32 121888 ----a-w- C:\Windows\System32\drivers\PSINProc.sys 2014-05-05 00:21:19 195616 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys 2014-05-05 00:21:19 119840 ----a-w- C:\Windows\System32\drivers\PSINFile.sys 2014-05-05 00:21:18 160800 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys 2014-05-02 14:42:44 109088 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys 2014-05-02 14:42:43 261152 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys 2014-05-02 14:42:43 169504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys 2014-05-02 14:42:43 115744 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys 2014-05-02 14:42:42 306720 ----a-w- C:\Windows\System32\drivers\NNSProt.sys 2014-05-02 14:42:42 125984 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys 2014-05-02 14:42:41 95776 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys 2014-05-02 14:42:41 70176 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys 2014-05-02 14:42:40 115232 ----a-w- C:\Windows\System32\drivers\NNSIds.sys 2014-05-02 14:42:40 112160 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys 2014-05-02 14:42:39 96800 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys 2014-05-02 14:42:39 162336 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys 2014-04-27 06:05:24 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-04-27 06:05:24 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-04-27 06:05:24 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2014-04-27 06:05:24 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-04-27 06:05:23 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-04-27 06:05:23 43152 ----a-w- C:\Windows\avastSS.scr 2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll 2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll 2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll 2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 16:23:38.62 =============== HijackThis! Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:41:21 PM, on 7/10/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Hijack This!\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} - https://www.cebbank.com/per/js/PowerEnter.CAB O16 - DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} - https://www.cebbank.com/per/js/cebiesign.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13901 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 14 July 2014 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are unreadable in the current format.
Each line in the logs must end with a Carriage Return, line feed.
Use Notepad to save your logs. On the Menu bar you will find the Format option. Check it out.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 15 July 2014 - 11:45 PM

Yes I am sorry when I originally posted it in the reply box it was correctly formatted.  I shall repost them all.  When I redid the HijackThis scan (as the original one from the first post was missing) I was given an error about my system refusing to allow it to read the hosts files.  As well I was not entirely sure if I was to hit the clean button for AdwCleaner so I just took the log and posted it here.  While I do have some issues with the Taskbar/explorer hanging, the biggest issue is now my computer cannot successfully update.  After it does the installation to reboot cycle, while it says it is preparing the files (during restart load up) I get an error message saying the update failed, the computer needs to revert the changes, and then gets stuck in a reboot cycle over and over again.  It seems to randomly boot back up into windows after a while of rebooting over and over again. 

 

I do appreciate your help and I am sorry again for the messed up original post, I could not find the edit button!

Andrew

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Andrew at 16:22:11 on 2014-07-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.2625 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\PS3 Media Server\jre\bin\java.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} - hxxps://www.cebbank.com/per/js/PowerEnter.CAB
DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} - hxxps://www.cebbank.com/per/js/cebiesign.ocx
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0F27C1F2-F42D-4BD4-91D3-D2CB44BEBBF8} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9DA9D67D-023A-4BD3-B79A-E4BE10C21AB7} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\14022416C627F67602E416D656460202D4E202249637F6E6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\3757C6F6775303D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\4505C496E6B6D26456C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\4505D2C494E4B4F5530344538383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAC84546-97B8-4A3E-BCEB-41BEA044A14C}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --

verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-27 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-27 208416]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-4-27 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-27 423240]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-13 283064]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-6-28 63928]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-5-2 162336]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-5-2 112160]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-5-2 115232]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-5-2 95776]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-5-2 125984]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-5-2 306720]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-5-2 169504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-5-2 261152]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-5-2 109088]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-5-4 195616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-27 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-27 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-4-27 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-27 50344]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-6-10 9216]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-9-2 87368]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-6-28 347448]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-5-4 141560]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2012-11-27 384280]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-5-4 160800]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-5-4 119840]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-5-5 121888]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-5-6 132128]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-5-5 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-5-6 38136]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-12-4 199272]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-6-11

169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-26 342528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
RUnknown PSKMAD;PSKMAD; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-6-29 127752]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-2-17 75264]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-26 174680]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-11 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-6-8 17160]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176]
.
=============== Created Last 30 ================
.
2014-07-10 09:33:56    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C9E00E0-431F-48B3-8211-BCB7DDE1A28B}\offreg.dll
2014-07-10 09:01:33    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-07-02 10:33:22    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C9E00E0-431F-48B3-8211-BCB7DDE1A28B}\mpengine.dll
2014-07-02 08:24:31    --------    d-----w-    C:\Users\Andrew\AppData\Local\Blizzard
2014-06-30 00:42:03    --------    d-----w-    C:\Program Files (x86)\Sony
2014-06-30 00:40:33    --------    d-----w-    C:\ProgramData\Sony Corporation
2014-06-29 19:41:36    --------    d-----w-    C:\Program Files\HitmanPro
2014-06-29 01:59:52    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-28 05:43:01    --------    d-----w-    C:\Users\Andrew\AppData\Roaming\Panda Security
2014-06-28 05:42:23    --------    d-----w-    C:\Program Files (x86)\Panda Security
2014-06-28 05:40:45    --------    d-----w-    C:\ProgramData\Panda Security
2014-06-28 04:59:25    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-28 04:59:00    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-28 04:58:59    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-23 00:09:27    --------    d-----w-    C:\Users\Andrew\AppData\Local\4A Games
2014-06-20 22:43:34    --------    d-----w-    C:\Users\Andrew\AppData\Roaming\Mount&Blade With Fire and Sword
2014-06-15 00:34:36    --------    d-----w-    C:\Windows\Downloaded Program Files
2014-06-14 02:34:16    --------    d--h--w-    C:\Windows\msdownld.tmp
2014-06-14 02:34:15    --------    d-----w-    C:\Windows\SysWow64\directx
2014-06-12 00:01:29    20992    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-06-12 00:01:29    144896    ----a-w-    C:\Windows\System32\IntelOpenCL64.dll
2014-06-12 00:01:27    17920    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-06-12 00:01:27    104448    ----a-w-    C:\Windows\SysWow64\IntelOpenCL32.dll
.
==================== Find3M  ====================
.
2014-07-10 21:18:08    29    ----a-w-    C:\Windows\SysWow64\TempWmicBatchFile.bat
2014-07-09 04:22:14    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 04:22:14    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-26 19:54:56    53248    ----a-w-    C:\Windows\SysWow64\unrar.dll
2014-05-26 19:54:40    4358144    ----a-w-    C:\Windows\uncsetup.exe
2014-05-20 07:08:40    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-16 07:53:18    341848    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-05-15 14:55:44    85328    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-05-15 14:55:44    1039096    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-05-12 12:26:00    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 12:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-06 07:21:33    132128    ----a-w-    C:\Windows\System32\drivers\PSINProt.sys
2014-05-05 12:37:08    106016    ----a-w-    C:\Windows\System32\drivers\PSINReg.sys
2014-05-05 12:36:32    121888    ----a-w-    C:\Windows\System32\drivers\PSINProc.sys
2014-05-05 00:21:19    195616    ----a-w-    C:\Windows\System32\drivers\PSINKNC.sys
2014-05-05 00:21:19    119840    ----a-w-    C:\Windows\System32\drivers\PSINFile.sys
2014-05-05 00:21:18    160800    ----a-w-    C:\Windows\System32\drivers\PSINAflt.sys
2014-05-02 14:42:44    109088    ----a-w-    C:\Windows\System32\drivers\NNStlsc.sys
2014-05-02 14:42:43    261152    ----a-w-    C:\Windows\System32\drivers\NNSStrm.sys
2014-05-02 14:42:43    169504    ----a-w-    C:\Windows\System32\drivers\NNSPrv.sys
2014-05-02 14:42:43    115744    ----a-w-    C:\Windows\System32\drivers\NNSSmtp.sys
2014-05-02 14:42:42    306720    ----a-w-    C:\Windows\System32\drivers\NNSProt.sys
2014-05-02 14:42:42    125984    ----a-w-    C:\Windows\System32\drivers\NNSPop3.sys
2014-05-02 14:42:41    95776    ----a-w-    C:\Windows\System32\drivers\NNSpicc.sys
2014-05-02 14:42:41    70176    ----a-w-    C:\Windows\System32\drivers\NNSPihsw.sys
2014-05-02 14:42:40    115232    ----a-w-    C:\Windows\System32\drivers\NNSIds.sys
2014-05-02 14:42:40    112160    ----a-w-    C:\Windows\System32\drivers\NNSHttps.sys
2014-05-02 14:42:39    96800    ----a-w-    C:\Windows\System32\drivers\NNSAlpc.sys
2014-05-02 14:42:39    162336    ----a-w-    C:\Windows\System32\drivers\NNSHttp.sys
2014-04-27 06:05:24    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-27 06:05:24    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-04-27 06:05:24    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-04-27 06:05:24    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-04-27 06:05:23    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-04-27 06:05:23    43152    ----a-w-    C:\Windows\avastSS.scr
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:23:38.62 ===============

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:49 PM, on 7/15/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files (x86)\Hijack This!\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

(User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} - https://www.cebbank.com/per/js/PowerEnter.CAB
O16 - DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} - https://www.cebbank.com/per/js/cebiesign.ocx
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock

Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--
End of file - 12899 bytes

RogueKiller Log:

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Remove -- Date : 07/15/2014  23:29:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |

Start_ShowSetProgramAccessAndDefaults : 0  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  

-> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |

Start_ShowSetProgramAccessAndDefaults : 0  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  

-> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D}

: 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee}

: 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D}

: 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee}

: 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 ATA Device +++++
--- User ---
[MBR] 592f3e6ab77d6021468a4f48e6d985cc
[BSP] da41bf5559a59c42d1aeeee24ac29614 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 424138 MB
2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 868841472 | Size: 52699 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07152014_232458.log


AdwCleaner Log:
# AdwCleaner v3.215 - Report created 15/07/2014 at 23:32:36
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Downloads\adwcleaner_3.215.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\AVG Security Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [1513 octets] - [15/07/2014 23:32:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1573 octets] ##########


FRST64 Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Andrew (administrator) on ANDREW-PC on 15-07-2014 23:38:18
Running from C:\Users\Andrew\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Oracle Corporation) C:\Program Files (x86)\PS3 Media Server\jre\bin\java.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Farbar) C:\Users\Andrew\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-11] (Microsoft Corporation)
HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-11] (Valve Corporation)
HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft

Ltd)
HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2014-04-22] (BitTorrent, Inc.)
HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\MountPoints2: {11457aa7-0dda-11e3-a0a0-b888e3136754} - E:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0CF47DDD8464CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {1A1B7F8F-95AA-4863-9592-80030AD4BA2D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p=

{searchTerms}
SearchScopes: HKCU - {1A1B7F8F-95AA-4863-9592-80030AD4BA2D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM-x32 {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} https://www.cebbank.com/per/js/PowerEnter.CAB
DPF: HKLM-x32 {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} https://www.cebbank.com/per/js/cebiesign.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix

Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems,

Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Default Manager - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\Extensions\DefaultManager@Microsoft [2013-08-09]
FF Extension: Flashblock - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-06-10]
FF Extension: Gfire WebGame Detection Plugin - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\Extensions\{e1f9ea30-0906-11df-8a39-

0800200c9a66}.xpi [2013-06-08]
FF Extension: Adblock Edge - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-06-

08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-27]

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=512435&fr=spigot-yhp-ch
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-

05-22]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-18]
CHR Extension: (Adblock Plus) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-19]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-27]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-01] (SurfRight B.V.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-05-04] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]
R2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [384280 2012-11-27] (Tanuki Software, Ltd.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-11-03] (Realtek Semiconductor)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [75264 2011-02-17] (Intel Corporation) [File not signed]
S3 dnezanzo; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-13] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-05-02] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-05-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119840 2014-05-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-05-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121888 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 23:38 - 2014-07-15 23:38 - 00025191 _____ () C:\Users\Andrew\Desktop\FRST.txt
2014-07-15 23:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-15 23:32 - 2014-07-15 23:33 - 00000000 ____D () C:\AdwCleaner
2014-07-15 23:31 - 2014-07-15 23:31 - 02086912 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64(1).exe
2014-07-15 23:18 - 2014-07-15 23:18 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 23:18 - 2014-07-15 23:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 23:16 - 2014-07-15 23:36 - 00046243 _____ () C:\Users\Andrew\Desktop\bc virus post.txt
2014-07-15 23:09 - 2014-07-15 23:09 - 02086912 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-07-15 23:09 - 2014-07-15 23:09 - 01348263 _____ () C:\Users\Andrew\Downloads\adwcleaner_3.215.exe
2014-07-15 23:08 - 2014-07-15 23:08 - 05336664 _____ () C:\Users\Andrew\Downloads\RogueKillerX64.exe
2014-07-14 08:40 - 2014-07-14 08:40 - 00280432 _____ () C:\Windows\Minidump\071414-61089-01.dmp
2014-07-14 07:46 - 2013-08-22 07:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-07-14 07:43 - 2014-07-14 07:44 - 07876896 _____ () C:\Users\Andrew\Downloads\tca0117100c.exe
2014-07-14 07:42 - 2014-07-14 07:43 - 40669056 _____ () C:\Users\Andrew\Downloads\tc40149500e.exe
2014-07-14 07:37 - 2014-07-14 07:37 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-07-14 07:35 - 2014-07-14 07:35 - 10968032 _____ () C:\Users\Andrew\Downloads\tc40141200j.exe
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-07-14 07:28 - 2014-07-14 07:28 - 00002107 _____ () C:\Users\Andrew\Desktop\Tweaking.com - Hardware Identify.lnk
2014-07-14 07:28 - 2014-07-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 07:28 - 2014-07-14 07:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 07:27 - 2014-07-14 07:28 - 05705416 _____ () C:\Users\Andrew\Downloads\tweaking.com_hardware_identify_setup.exe
2014-07-13 21:58 - 2014-07-13 21:58 - 00021892 _____ () C:\Users\Andrew\Documents\cc_20140713_215803.reg
2014-07-13 21:58 - 2014-07-13 21:58 - 00000696 _____ () C:\Users\Andrew\Documents\cc_20140713_2158221.reg
2014-07-13 21:56 - 2014-07-13 21:56 - 00000056 _____ () C:\Users\Andrew\Desktop\reddit rule.txt
2014-07-13 21:50 - 2014-07-13 21:51 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-13 21:50 - 2014-07-13 21:50 - 04812672 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup415.exe
2014-07-12 21:43 - 2014-07-12 21:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FFA30199-FF01-4512-BED6-86E7A97675E9}
2014-07-12 00:41 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-07-11 22:09 - 2014-07-11 22:09 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{AEB6F599-07FB-4F41-A772-2F2297E21FBC}
2014-07-10 17:27 - 2014-07-10 17:27 - 00000000 ____D () C:\Users\Andrew\Desktop\New folder
2014-07-10 16:44 - 2014-07-10 16:44 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2014-07-10 16:40 - 2014-07-10 16:40 - 01402880 _____ () C:\Users\Andrew\Downloads\HijackThis.msi
2014-07-10 16:23 - 2014-07-10 16:23 - 00027328 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-07-10 05:07 - 2014-07-10 05:07 - 00013275 _____ () C:\Users\Andrew\Desktop\JRT.txt
2014-07-10 04:47 - 2014-04-06 01:36 - 01016261 _____ (Thisisu) C:\Users\Andrew\Desktop\JRT_NEW.exe
2014-07-10 04:46 - 2014-07-10 04:46 - 04853491 _____ () C:\Users\Andrew\Downloads\tweaking.com_hardware_identify_portable.zip
2014-07-10 04:21 - 2014-07-10 04:21 - 00000000 ____D () C:\Users\Andrew\Downloads\TMRBLog
2014-07-10 04:21 - 2014-07-10 04:21 - 00000000 ____D () C:\Users\Andrew\Downloads\log
2014-07-10 04:20 - 2014-07-10 04:20 - 14839344 _____ (Trend Micro Inc.) C:\Users\Andrew\Downloads\RootkitBusterV5.0-1171x64.exe
2014-07-10 04:01 - 2014-07-10 04:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-09 01:12 - 2014-07-09 01:14 - 95973905 _____ (Warzone 2100 Project) C:\Users\Andrew\Downloads\warzone2100-3.1.1.exe
2014-07-05 00:24 - 2014-07-05 00:24 - 00001374 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-07-02 19:55 - 2014-07-02 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-02 19:50 - 2014-07-02 19:51 - 32229024 _____ (Riot Games) C:\Users\Andrew\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-07-02 03:24 - 2014-07-02 03:24 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard
2014-06-30 19:11 - 2014-06-30 19:13 - 89317499 _____ () C:\Users\Andrew\Downloads\Doom KF.rar
2014-06-30 02:54 - 2014-06-30 02:54 - 00026370 _____ () C:\Users\Andrew\Documents\cc_20140630_025423.reg
2014-06-29 19:42 - 2014-06-29 19:42 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-06-29 19:40 - 2014-07-10 04:46 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-29 19:40 - 2014-07-10 04:01 - 00000000 ____D () C:\Users\Andrew\Downloads\ps3remoteplay
2014-06-29 19:38 - 2014-06-29 19:38 - 00001364 _____ () C:\Users\Andrew\Downloads\remoteplay 1.1 patch.rar
2014-06-29 19:36 - 2014-06-29 19:40 - 35260680 _____ (Sony Corporation) C:\Users\Andrew\Downloads\EP0000248680.exe
2014-06-29 16:21 - 2014-06-29 16:22 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Andrew\Downloads\tdsskiller(1).exe
2014-06-29 16:11 - 2014-06-29 16:12 - 01258032 _____ () C:\Users\Andrew\Downloads\avg_remover_bootkit.exe
2014-06-29 14:41 - 2014-06-29 14:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-29 14:41 - 2014-06-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-29 14:41 - 2014-06-29 14:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-28 21:04 - 2014-06-28 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-28 20:59 - 2014-06-28 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-28 20:07 - 2014-06-28 20:07 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-06-28 19:45 - 2014-06-28 19:45 - 04721240 _____ () C:\Users\Andrew\Downloads\RogueKiller.exe
2014-06-28 19:45 - 2014-06-28 19:45 - 01342659 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-06-28 19:44 - 2014-06-29 14:40 - 11181544 _____ (SurfRight B.V.) C:\Users\Andrew\Downloads\HitmanPro_x64.exe
2014-06-28 19:44 - 2014-06-28 19:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Andrew\Downloads\mbar-1.07.0.1012.exe
2014-06-28 19:40 - 2014-06-28 19:41 - 05212118 _____ (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-06-28 19:40 - 2014-06-28 19:40 - 02463848 _____ (Malwarebytes ) C:\Users\Andrew\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-28 05:30 - 2014-06-28 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-28 00:43 - 2014-06-28 00:43 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Panda Security
2014-06-28 00:42 - 2014-06-28 05:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-06-28 00:42 - 2014-06-28 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2014-06-28 00:40 - 2014-06-28 00:43 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-28 00:40 - 2014-06-28 00:40 - 01369720 _____ () C:\Users\Andrew\Downloads\PandaCloudAntivirus.exe
2014-06-28 00:21 - 2014-06-28 00:25 - 00000000 ____D () C:\Users\Andrew\Downloads\AVIAddXSub
2014-06-28 00:20 - 2014-06-28 00:20 - 00894622 _____ () C:\Users\Andrew\Downloads\AVIAddXSub.zip
2014-06-28 00:03 - 2014-06-28 00:03 - 02650408 _____ (Malwarebytes ) C:\Users\Andrew\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-27 23:59 - 2014-07-10 04:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 23:59 - 2014-06-27 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 23:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 23:58 - 2014-06-27 23:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 21:29 - 2014-06-26 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2014-06-26 18:54 - 2014-06-26 18:55 - 53679694 _____ () C:\Users\Andrew\Downloads\pms-1.90.1-setup-full.exe
2014-06-26 18:46 - 2014-06-26 18:46 - 00999232 _____ (DivX, LLC) C:\Users\Andrew\Downloads\DivXInstaller(1).exe
2014-06-26 18:33 - 2014-06-26 18:33 - 00999232 _____ (DivX, LLC) C:\Users\Andrew\Downloads\DivXInstaller.exe
2014-06-23 22:44 - 2014-06-23 22:44 - 04362512 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\dfsetup218.exe
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Users\Andrew\Documents\4A Games
2014-06-22 19:09 - 2014-06-22 19:09 - 00000000 ____D () C:\Users\Andrew\AppData\Local\4A Games
2014-06-20 17:43 - 2014-06-20 17:59 - 00000000 ____D () C:\Users\Andrew\Documents\Mount&Blade With Fire and Sword
2014-06-20 17:43 - 2014-06-20 17:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Mount&Blade With Fire and Sword
2014-06-18 14:31 - 2014-06-18 14:31 - 00303212 _____ () C:\Users\Andrew\Documents\comcastbilljune2014.xps
2014-06-17 22:58 - 2014-06-17 22:58 - 00183016 _____ () C:\Users\Andrew\Documents\comedbilljune2014.xps
2014-06-17 17:44 - 2014-06-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-15 23:38 - 2014-07-15 23:38 - 00025191 _____ () C:\Users\Andrew\Desktop\FRST.txt
2014-07-15 23:38 - 2014-01-08 15:01 - 00000000 ____D () C:\FRST
2014-07-15 23:36 - 2014-07-15 23:16 - 00046243 _____ () C:\Users\Andrew\Desktop\bc virus post.txt
2014-07-15 23:36 - 2013-06-18 03:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 23:33 - 2014-07-15 23:32 - 00000000 ____D () C:\AdwCleaner
2014-07-15 23:31 - 2014-07-15 23:31 - 02086912 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64(1).exe
2014-07-15 23:29 - 2013-08-13 19:06 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-07-15 23:18 - 2014-07-15 23:18 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 23:18 - 2014-07-15 23:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-15 23:17 - 2013-06-08 16:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-15 23:16 - 2014-03-11 12:16 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {796C85EB-BB3C-4ACF-B797-864412EB0D9D}.job
2014-07-15 23:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-15 23:15 - 2014-03-11 12:15 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {796C85EB-BB3C-4ACF-B797-864412EB0D9D}.job
2014-07-15 23:13 - 2013-06-07 23:31 - 00000000 ____D () C:\Users\Andrew\AppData\Local\VirtualStore
2014-07-15 23:09 - 2014-07-15 23:09 - 02086912 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-07-15 23:09 - 2014-07-15 23:09 - 01348263 _____ () C:\Users\Andrew\Downloads\adwcleaner_3.215.exe
2014-07-15 23:08 - 2014-07-15 23:08 - 05336664 _____ () C:\Users\Andrew\Downloads\RogueKillerX64.exe
2014-07-15 23:06 - 2014-05-28 20:06 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {3275C43D-995D-400E-A4F8-D730E4F46432}.job
2014-07-15 23:06 - 2014-05-28 20:06 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {3275C43D-995D-400E-A4F8-D730E4F46432}.job
2014-07-15 23:06 - 2013-06-07 23:30 - 01388193 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 22:36 - 2013-06-18 03:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 20:36 - 2009-07-14 00:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 20:32 - 2013-10-09 20:42 - 00000000 ____D () C:\ProgramData\PMS
2014-07-15 20:30 - 2013-07-17 09:34 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2014-07-15 20:29 - 2014-01-01 04:08 - 00054091 _____ () C:\Windows\setupact.log
2014-07-15 20:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 20:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-15 03:20 - 2013-06-14 22:26 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-07-15 03:20 - 2013-06-14 22:26 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-15 02:12 - 2013-10-06 20:51 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\vlc
2014-07-14 13:21 - 2013-09-03 13:36 - 00000000 ____D () C:\Users\Andrew\AppData\Local\HTC MediaHub
2014-07-14 13:20 - 2014-04-27 01:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-14 08:40 - 2014-07-14 08:40 - 00280432 _____ () C:\Windows\Minidump\071414-61089-01.dmp
2014-07-14 08:40 - 2014-01-04 13:38 - 636489720 _____ () C:\Windows\MEMORY.DMP
2014-07-14 08:40 - 2013-07-22 23:11 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 07:46 - 2014-06-11 19:01 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-14 07:44 - 2014-07-14 07:43 - 07876896 _____ () C:\Users\Andrew\Downloads\tca0117100c.exe
2014-07-14 07:43 - 2014-07-14 07:42 - 40669056 _____ () C:\Users\Andrew\Downloads\tc40149500e.exe
2014-07-14 07:37 - 2014-07-14 07:37 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-07-14 07:37 - 2013-06-07 23:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-14 07:35 - 2014-07-14 07:35 - 10968032 _____ () C:\Users\Andrew\Downloads\tc40141200j.exe
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-07-14 07:28 - 2014-07-14 07:28 - 00002107 _____ () C:\Users\Andrew\Desktop\Tweaking.com - Hardware Identify.lnk
2014-07-14 07:28 - 2014-07-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-14 07:28 - 2014-07-14 07:28 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-14 07:28 - 2014-07-14 07:27 - 05705416 _____ () C:\Users\Andrew\Downloads\tweaking.com_hardware_identify_setup.exe
2014-07-13 21:58 - 2014-07-13 21:58 - 00021892 _____ () C:\Users\Andrew\Documents\cc_20140713_215803.reg
2014-07-13 21:58 - 2014-07-13 21:58 - 00000696 _____ () C:\Users\Andrew\Documents\cc_20140713_2158221.reg
2014-07-13 21:56 - 2014-07-13 21:56 - 00000056 _____ () C:\Users\Andrew\Desktop\reddit rule.txt
2014-07-13 21:51 - 2014-07-13 21:50 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-13 21:51 - 2013-06-09 22:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-13 21:50 - 2014-07-13 21:50 - 04812672 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup415.exe
2014-07-13 21:50 - 2013-06-09 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 21:43 - 2014-07-12 21:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FFA30199-FF01-4512-BED6-86E7A97675E9}
2014-07-12 21:00 - 2013-06-08 12:04 - 00067008 _____ () C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 20:58 - 2009-07-13 23:45 - 00344640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 20:52 - 2013-07-07 21:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-07-12 20:48 - 2013-12-03 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-07-12 09:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 00:52 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 00:37 - 2014-01-08 13:05 - 00056688 _____ () C:\Windows\PFRO.log
2014-07-11 22:09 - 2014-07-11 22:09 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{AEB6F599-07FB-4F41-A772-2F2297E21FBC}
2014-07-11 02:43 - 2014-01-02 10:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Battle.net
2014-07-11 01:56 - 2014-01-02 11:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-10 17:27 - 2014-07-10 17:27 - 00000000 ____D () C:\Users\Andrew\Desktop\New folder
2014-07-10 16:44 - 2014-07-10 16:44 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Adobe
2014-07-10 16:40 - 2014-07-10 16:40 - 01402880 _____ () C:\Users\Andrew\Downloads\HijackThis.msi
2014-07-10 16:23 - 2014-07-10 16:23 - 00027328 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-07-10 05:07 - 2014-07-10 05:07 - 00013275 _____ () C:\Users\Andrew\Desktop\JRT.txt
2014-07-10 04:52 - 2014-05-18 13:26 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-07-10 04:50 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-10 04:46 - 2014-07-10 04:46 - 04853491 _____ () C:\Users\Andrew\Downloads\tweaking.com_hardware_identify_portable.zip
2014-07-10 04:46 - 2014-06-29 19:40 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-07-10 04:21 - 2014-07-10 04:21 - 00000000 ____D () C:\Users\Andrew\Downloads\TMRBLog
2014-07-10 04:21 - 2014-07-10 04:21 - 00000000 ____D () C:\Users\Andrew\Downloads\log
2014-07-10 04:20 - 2014-07-10 04:20 - 14839344 _____ (Trend Micro Inc.) C:\Users\Andrew\Downloads\RootkitBusterV5.0-1171x64.exe
2014-07-10 04:10 - 2014-06-27 23:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 04:01 - 2014-07-10 04:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-10 04:01 - 2014-06-29 19:40 - 00000000 ____D () C:\Users\Andrew\Downloads\ps3remoteplay
2014-07-10 04:01 - 2014-02-13 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-09 01:14 - 2014-07-09 01:12 - 95973905 _____ (Warzone 2100 Project) C:\Users\Andrew\Downloads\warzone2100-3.1.1.exe
2014-07-08 23:29 - 2013-08-11 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 23:22 - 2013-06-09 22:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:22 - 2013-06-09 22:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:22 - 2013-06-08 15:57 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 23:18 - 2013-09-01 00:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-05 00:24 - 2014-07-05 00:24 - 00001374 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-07-02 19:55 - 2014-07-02 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-02 19:55 - 2014-05-22 21:53 - 00000000 __SHD () C:\AI_RecycleBin
2014-07-02 19:51 - 2014-07-02 19:50 - 32229024 _____ (Riot Games) C:\Users\Andrew\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-07-02 03:24 - 2014-07-02 03:24 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard
2014-07-02 03:24 - 2014-01-16 14:14 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-30 22:58 - 2014-03-10 13:07 - 00000000 ____D () C:\Users\Andrew\Downloads\gzdoom-bin-1-8-02
2014-06-30 19:13 - 2014-06-30 19:11 - 89317499 _____ () C:\Users\Andrew\Downloads\Doom KF.rar
2014-06-30 17:41 - 2013-07-09 19:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-06-30 02:54 - 2014-06-30 02:54 - 00026370 _____ () C:\Users\Andrew\Documents\cc_20140630_025423.reg
2014-06-29 19:42 - 2014-06-29 19:42 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-06-29 19:40 - 2014-06-29 19:36 - 35260680 _____ (Sony Corporation) C:\Users\Andrew\Downloads\EP0000248680.exe
2014-06-29 19:38 - 2014-06-29 19:38 - 00001364 _____ () C:\Users\Andrew\Downloads\remoteplay 1.1 patch.rar
2014-06-29 16:22 - 2014-06-29 16:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Andrew\Downloads\tdsskiller(1).exe
2014-06-29 16:12 - 2014-06-29 16:11 - 01258032 _____ () C:\Users\Andrew\Downloads\avg_remover_bootkit.exe
2014-06-29 14:41 - 2014-06-29 14:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-29 14:41 - 2014-06-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-29 14:41 - 2014-06-29 14:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-29 14:40 - 2014-06-28 19:44 - 11181544 _____ (SurfRight B.V.) C:\Users\Andrew\Downloads\HitmanPro_x64.exe
2014-06-29 03:11 - 2009-07-13 23:45 - 00014320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 03:11 - 2009-07-13 23:45 - 00014320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 21:39 - 2014-02-12 02:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-28 21:39 - 2014-02-12 02:31 - 00000000 ____D () C:\Users\Andrew\Desktop\mbar
2014-06-28 21:04 - 2014-06-28 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-28 21:01 - 2014-06-28 20:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-28 20:07 - 2014-06-28 20:07 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-06-28 19:45 - 2014-06-28 19:45 - 04721240 _____ () C:\Users\Andrew\Downloads\RogueKiller.exe
2014-06-28 19:45 - 2014-06-28 19:45 - 01342659 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-06-28 19:45 - 2014-06-28 19:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Andrew\Downloads\mbar-1.07.0.1012.exe
2014-06-28 19:41 - 2014-06-28 19:40 - 05212118 _____ (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-06-28 19:40 - 2014-06-28 19:40 - 02463848 _____ (Malwarebytes ) C:\Users\Andrew\Downloads\mbae-setup-0.10.3.0100.exe
2014-06-28 05:30 - 2014-06-28 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-06-28 05:30 - 2014-06-28 00:42 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-06-28 00:43 - 2014-06-28 00:43 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Panda Security
2014-06-28 00:43 - 2014-06-28 00:40 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-28 00:42 - 2014-06-28 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
2014-06-28 00:40 - 2014-06-28 00:40 - 01369720 _____ () C:\Users\Andrew\Downloads\PandaCloudAntivirus.exe
2014-06-28 00:40 - 2014-03-09 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram
2014-06-28 00:25 - 2014-06-28 00:21 - 00000000 ____D () C:\Users\Andrew\Downloads\AVIAddXSub
2014-06-28 00:20 - 2014-06-28 00:20 - 00894622 _____ () C:\Users\Andrew\Downloads\AVIAddXSub.zip
2014-06-28 00:03 - 2014-06-28 00:03 - 02650408 _____ (Malwarebytes ) C:\Users\Andrew\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-27 23:59 - 2014-06-27 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 23:59 - 2014-06-27 23:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 23:59 - 2013-06-09 22:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Malwarebytes
2014-06-27 23:58 - 2013-06-09 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 23:58 - 2013-06-09 22:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-27 13:51 - 2013-01-16 21:30 - 00000000 ____D () C:\Users\Andrew\Desktop\Andrew
2014-06-26 23:13 - 2013-06-15 02:17 - 00000000 ____D () C:\Users\Andrew\Documents\Mount&Blade Warband Savegames
2014-06-26 21:29 - 2014-06-26 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2014-06-26 21:29 - 2013-10-09 20:42 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-06-26 18:55 - 2014-06-26 18:54 - 53679694 _____ () C:\Users\Andrew\Downloads\pms-1.90.1-setup-full.exe
2014-06-26 18:49 - 2013-10-23 04:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-26 18:49 - 2013-10-23 04:22 - 00000000 ____D () C:\Program Files\DivX
2014-06-26 18:49 - 2013-10-23 04:21 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-06-26 18:49 - 2013-10-23 04:19 - 00000000 ____D () C:\ProgramData\DivX
2014-06-26 18:46 - 2014-06-26 18:46 - 00999232 _____ (DivX, LLC) C:\Users\Andrew\Downloads\DivXInstaller(1).exe
2014-06-26 18:33 - 2014-06-26 18:33 - 00999232 _____ (DivX, LLC) C:\Users\Andrew\Downloads\DivXInstaller.exe
2014-06-26 18:31 - 2013-08-03 11:18 - 00008192 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-23 22:45 - 2013-12-31 23:40 - 00000000 ____D () C:\Program Files\Defraggler
2014-06-23 22:44 - 2014-06-23 22:44 - 04362512 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\dfsetup218.exe
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Users\Andrew\Documents\4A Games
2014-06-22 19:09 - 2014-06-22 19:09 - 00000000 ____D () C:\Users\Andrew\AppData\Local\4A Games
2014-06-22 19:08 - 2014-01-01 00:48 - 00475580 _____ () C:\Windows\DirectX.log
2014-06-21 17:31 - 2013-06-08 15:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 19:47 - 2013-08-11 23:46 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 17:59 - 2014-06-20 17:43 - 00000000 ____D () C:\Users\Andrew\Documents\Mount&Blade With Fire and Sword
2014-06-20 17:53 - 2014-06-20 17:43 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Mount&Blade With Fire and Sword
2014-06-18 14:31 - 2014-06-18 14:31 - 00303212 _____ () C:\Users\Andrew\Documents\comcastbilljune2014.xps
2014-06-17 22:58 - 2014-06-17 22:58 - 00183016 _____ () C:\Users\Andrew\Documents\comedbilljune2014.xps
2014-06-17 21:10 - 2014-05-10 23:52 - 00000000 ____D () C:\Users\Andrew\Documents\Dawngate
2014-06-17 17:44 - 2014-06-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 22:31 - 2013-06-18 03:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 22:31 - 2013-06-18 03:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\cres.dll
C:\Users\Andrew\AppData\Local\Temp\cshell.dll
C:\Users\Andrew\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Andrew\AppData\Local\Temp\HitmanPro.exe
C:\Users\Andrew\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Andrew\AppData\Local\Temp\sres.dll
C:\Users\Andrew\AppData\Local\Temp\_is927B.exe
C:\Users\Andrew\AppData\Local\Temp\_isB98B.exe
C:\Users\Andrew\AppData\Local\Temp\{CA9F1F8D-18ED-496E-B7D7-EE0CED1EFE32}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 04:16

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 16 July 2014 - 08:19 AM

If not already done, please run the AdwCleaner tool and clean everything that is identified.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2014-04-22] (BitTorrent, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HomePage: hxxp://search.yahoo.com?type=512435&fr=spigot-yhp-ch
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
C:\Users\Andrew\AppData\Local\Temp\cres.dll
C:\Users\Andrew\AppData\Local\Temp\cshell.dll
C:\Users\Andrew\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Andrew\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Andrew\AppData\Local\Temp\sres.dll
C:\Users\Andrew\AppData\Local\Temp\_is927B.exe
C:\Users\Andrew\AppData\Local\Temp\_isB98B.exe
C:\Users\Andrew\AppData\Local\Temp\{CA9F1F8D-18ED-496E-B7D7-EE0CED1EFE32}.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

p.s.
HijackThis is not compatible with your 64 bit operating system.
You should remove it using the Add/Remove Programs.
Use the FRST tool from now on when you have a need to check a system.
===

How is the computer running now?

#5 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 16 July 2014 - 07:32 PM

My computer seems to be running pretty smooth.  I still get some random hangs (especially after boot up, but not directly after boot up as I let the system sit for like 10 minutes or so).  This usually is the taskbar which freezes, and my computer consistently finagles with trying to connect to my router, then drops the connection, then gains it back again in a cycle.  I still have some issues with watching any type of video media where the entire computer seems to hang.  But other then those (which seem to be just minor annoyances) I haven't had any like real computer hangs as I did before.

 

Andrew

 

FR64 FixList Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Andrew at 2014-07-16 19:12:58 Run:1
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2014-04-22] (BitTorrent, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HomePage: hxxp://search.yahoo.com?type=512435&fr=spigot-yhp-ch
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
C:\Users\Andrew\AppData\Local\Temp\cres.dll
C:\Users\Andrew\AppData\Local\Temp\cshell.dll
C:\Users\Andrew\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Andrew\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Andrew\AppData\Local\Temp\sres.dll
C:\Users\Andrew\AppData\Local\Temp\_is927B.exe
C:\Users\Andrew\AppData\Local\Temp\_isB98B.exe
C:\Users\Andrew\AppData\Local\Temp\{CA9F1F8D-18ED-496E-B7D7-EE0CED1EFE32}.exe

End
*****************

HKU\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
'HKCR\PROTOCOLS\Filter\application/x-ica' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\ica' => Key deleted successfully.
'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.
'HKCR\PROTOCOLS\Filter\text/xml' => Key deleted successfully.
'HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
CHR HomePage: hxxp://search.yahoo.com?type=512435&fr=spigot-yhp-ch ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Users\Andrew\AppData\Local\Temp\cres.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\cshell.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\drm_dyndata_7330017.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\RSPUpgradeInstaller.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\sres.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\_is927B.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\_isB98B.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\{CA9F1F8D-18ED-496E-B7D7-EE0CED1EFE32}.exe => Moved successfully.

==== End of Fixlog ====

 

 

Security Check Log:

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Cloud Antivirus   
avast! Antivirus        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Panda Cloud Cleaner   
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 17 July 2014 - 08:26 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 55
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Keep me posted.

#7 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 17 July 2014 - 10:29 PM

I updated Java and ran ComboFix.

 

Thank you for helping me!

 

 

Andrew

 

 

Here is the Log:

 

ComboFix 14-07-17.03 - Andrew 07/17/2014  22:02:12.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3937 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrew\Documents\~WRL1738.tmp
c:\windows\TEMP\jna5812607962433091291.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-18 to 2014-07-18  )))))))))))))))))))))))))))))))
.
.
2014-07-18 03:14 . 2014-07-18 03:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-17 19:40 . 2014-07-17 19:40    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-07-17 19:40 . 2014-07-11 08:02    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-17 19:36 . 2014-07-17 19:36    --------    d-----w-    c:\users\Andrew\AppData\Roaming\Oracle
2014-07-17 10:52 . 2014-07-17 10:52    --------    d-----w-    c:\users\Andrew\AppData\Local\CrashDumps
2014-07-16 12:04 . 2014-07-02 03:09    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8DD4F43-13CB-4D0C-A07A-FCAD2DF061B8}\mpengine.dll
2014-07-16 04:33 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-07-16 04:32 . 2014-07-17 00:07    --------    d-----w-    C:\AdwCleaner
2014-07-16 04:18 . 2014-07-16 04:18    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-07-16 04:18 . 2014-07-16 04:18    --------    d-----w-    c:\programdata\RogueKiller
2014-07-14 12:46 . 2013-08-22 12:16    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
2014-07-14 12:37 . 2014-07-14 12:37    --------    d-----w-    c:\program files (x86)\Renesas Electronics
2014-07-14 12:35 . 2014-07-14 12:35    --------    d-----w-    c:\programdata\Downloaded Installations
2014-07-14 12:28 . 2014-07-14 12:28    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-07-12 05:41 . 2014-03-25 13:15    60400    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2014-07-10 21:44 . 2014-07-10 21:44    --------    d-----w-    c:\users\Andrew\AppData\Local\Adobe
2014-07-10 09:01 . 2014-07-10 09:01    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-07-02 08:24 . 2014-07-02 08:24    --------    d-----w-    c:\users\Andrew\AppData\Local\Blizzard
2014-06-30 00:42 . 2014-06-30 00:42    --------    d-----w-    c:\program files (x86)\Sony
2014-06-30 00:40 . 2014-07-10 09:46    --------    d-----w-    c:\programdata\Sony Corporation
2014-06-29 19:41 . 2014-06-29 19:41    --------    d-----w-    c:\program files\HitmanPro
2014-06-29 01:59 . 2014-06-29 02:01    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Exploit
2014-06-28 05:43 . 2014-06-28 05:43    --------    d-----w-    c:\users\Andrew\AppData\Roaming\Panda Security
2014-06-28 05:42 . 2014-06-28 10:30    --------    d-----w-    c:\program files (x86)\Panda Security
2014-06-28 05:40 . 2014-06-28 05:43    --------    d-----w-    c:\programdata\Panda Security
2014-06-28 04:59 . 2014-07-10 09:10    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-28 04:59 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-28 04:58 . 2014-06-28 04:59    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-23 00:09 . 2014-06-23 00:09    --------    d-----w-    c:\users\Andrew\AppData\Local\4A Games
2014-06-20 22:43 . 2014-06-20 22:53    --------    d-----w-    c:\users\Andrew\AppData\Roaming\Mount&Blade With Fire and Sword
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-18 03:16 . 2013-08-14 00:06    29    ----a-w-    c:\windows\SysWow64\TempWmicBatchFile.bat
2014-07-09 04:22 . 2013-06-08 20:57    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-09 04:22 . 2013-06-10 03:19    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 04:22 . 2013-06-10 03:19    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:21 . 2014-06-12 04:49    23414784    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-30 10:02 . 2014-06-12 04:49    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-30 10:02 . 2014-06-12 04:49    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-05-30 09:45 . 2014-06-12 04:49    2768384    ----a-w-    c:\windows\system32\iertutil.dll
2014-05-30 09:39 . 2014-06-12 04:49    548352    ----a-w-    c:\windows\system32\vbscript.dll
2014-05-30 09:39 . 2014-06-12 04:49    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-05-30 09:38 . 2014-06-12 04:49    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-05-30 09:28 . 2014-06-12 04:49    51200    ----a-w-    c:\windows\system32\jsproxy.dll
2014-05-30 09:27 . 2014-06-12 04:49    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-05-30 09:24 . 2014-06-12 04:49    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-05-30 09:21 . 2014-06-12 04:49    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-05-30 09:21 . 2014-06-12 04:49    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-05-30 09:20 . 2014-06-12 04:49    752640    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-05-30 09:11 . 2014-06-12 04:49    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 09:08 . 2014-06-12 04:49    5782528    ----a-w-    c:\windows\system32\jscript9.dll
2014-05-30 09:06 . 2014-06-12 04:49    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-05-30 09:02 . 2014-06-12 04:49    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55 . 2014-06-12 04:49    38400    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 08:49 . 2014-06-12 04:49    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-05-30 08:46 . 2014-06-12 04:49    85504    ----a-w-    c:\windows\system32\mshtmled.dll
2014-05-30 08:44 . 2014-06-12 04:49    455168    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-05-30 08:44 . 2014-06-12 04:49    295424    ----a-w-    c:\windows\system32\dxtrans.dll
2014-05-30 08:43 . 2014-06-12 04:49    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-05-30 08:42 . 2014-06-12 04:50    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:35 . 2014-06-12 04:49    608768    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-05-30 08:29 . 2014-06-12 04:49    631808    ----a-w-    c:\windows\system32\msfeeds.dll
2014-05-30 08:28 . 2014-06-12 04:49    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27 . 2014-06-12 04:50    592896    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24 . 2014-06-12 04:49    1249280    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-05-30 08:23 . 2014-06-12 04:49    2040832    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-05-30 08:10 . 2014-06-12 04:49    32256    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56 . 2014-06-12 04:49    2266112    ----a-w-    c:\windows\system32\wininet.dll
2014-05-30 07:56 . 2014-06-12 04:49    4244992    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-05-30 07:50 . 2014-06-12 04:49    1068032    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49 . 2014-06-12 04:49    1964544    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:43 . 2014-06-12 04:49    13522944    ----a-w-    c:\windows\system32\ieframe.dll
2014-05-30 07:30 . 2014-06-12 04:49    1398272    ----a-w-    c:\windows\system32\urlmon.dll
2014-05-30 07:21 . 2014-06-12 04:49    1790976    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-05-30 07:13 . 2014-06-12 04:49    846336    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-05-26 19:54 . 2014-05-26 19:54    53248    ----a-w-    c:\windows\SysWow64\unrar.dll
2014-05-26 19:54 . 2014-05-26 19:54    4358144    ----a-w-    c:\windows\uncsetup.exe
2014-05-16 07:53 . 2014-05-16 07:53    341848    ----a-w-    c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-05-15 14:55 . 2014-04-27 06:05    85328    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-15 14:55 . 2014-04-27 06:05    1039096    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-15 14:55 . 2014-04-27 06:05    423240    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-12 12:26 . 2014-02-12 07:31    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 12:25 . 2013-06-10 03:39    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-06 07:21 . 2014-05-06 07:21    132128    ----a-w-    c:\windows\system32\drivers\PSINProt.sys
2014-05-05 12:37 . 2014-05-05 12:37    106016    ----a-w-    c:\windows\system32\drivers\PSINReg.sys
2014-05-05 12:36 . 2014-05-05 12:36    121888    ----a-w-    c:\windows\system32\drivers\PSINProc.sys
2014-05-05 00:21 . 2014-05-05 00:21    195616    ----a-w-    c:\windows\system32\drivers\PSINKNC.sys
2014-05-05 00:21 . 2014-05-05 00:21    119840    ----a-w-    c:\windows\system32\drivers\PSINFile.sys
2014-05-05 00:21 . 2014-05-05 00:21    160800    ----a-w-    c:\windows\system32\drivers\PSINAflt.sys
2014-05-02 14:42 . 2014-05-02 14:42    109088    ----a-w-    c:\windows\system32\drivers\NNStlsc.sys
2014-05-02 14:42 . 2014-05-02 14:42    261152    ----a-w-    c:\windows\system32\drivers\NNSStrm.sys
2014-05-02 14:42 . 2014-05-02 14:42    169504    ----a-w-    c:\windows\system32\drivers\NNSPrv.sys
2014-05-02 14:42 . 2014-05-02 14:42    115744    ----a-w-    c:\windows\system32\drivers\NNSSmtp.sys
2014-05-02 14:42 . 2014-05-02 14:42    306720    ----a-w-    c:\windows\system32\drivers\NNSProt.sys
2014-05-02 14:42 . 2014-05-02 14:42    125984    ----a-w-    c:\windows\system32\drivers\NNSPop3.sys
2014-05-02 14:42 . 2014-05-02 14:42    95776    ----a-w-    c:\windows\system32\drivers\NNSpicc.sys
2014-05-02 14:42 . 2014-05-02 14:42    70176    ----a-w-    c:\windows\system32\drivers\NNSPihsw.sys
2014-05-02 14:42 . 2014-05-02 14:42    115232    ----a-w-    c:\windows\system32\drivers\NNSIds.sys
2014-05-02 14:42 . 2014-05-02 14:42    112160    ----a-w-    c:\windows\system32\drivers\NNSHttps.sys
2014-05-02 14:42 . 2014-05-02 14:42    96800    ----a-w-    c:\windows\system32\drivers\NNSAlpc.sys
2014-05-02 14:42 . 2014-05-02 14:42    162336    ----a-w-    c:\windows\system32\drivers\NNSHttp.sys
2014-04-27 06:05 . 2014-04-27 06:05    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-04-27 06:05 . 2014-04-27 06:05    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-04-27 06:05 . 2014-04-27 06:05    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-04-27 06:05 . 2014-04-27 06:05    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-04-27 06:05 . 2014-04-27 06:05    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-04-27 06:05 . 2014-04-27 06:05    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-04-27 06:05 . 2014-04-27 06:05    43152    ----a-w-    c:\windows\avastSS.scr
2014-04-25 02:34 . 2014-06-12 04:50    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 04:50    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2014-04-22 399224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-05-06 37624]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-04-10 1300792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 dnezanzo;dnezanzo; [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 18:33    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-18 c:\windows\Tasks\EPSON XP-310 Series Invitation {3275C43D-995D-400E-A4F8-D730E4F46432}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-11 14:12]
.
2014-07-18 c:\windows\Tasks\EPSON XP-310 Series Invitation {796C85EB-BB3C-4ACF-B797-864412EB0D9D}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-11 14:12]
.
2014-07-18 c:\windows\Tasks\EPSON XP-310 Series Update {3275C43D-995D-400E-A4F8-D730E4F46432}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-11 14:12]
.
2014-07-18 c:\windows\Tasks\EPSON XP-310 Series Update {796C85EB-BB3C-4ACF-B797-864412EB0D9D}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-03-11 14:12]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-18 08:44]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-18 08:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-27 06:05    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} - hxxps://www.cebbank.com/per/js/PowerEnter.CAB
DPF: {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} - hxxps://www.cebbank.com/per/js/cebiesign.ocx
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\if5wm5l6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Age of Chivalry: Hegemony - c:\users\Andrew\Desktop\Age Of Empires 2 & The Conquerors Expansion - Full Game\Uninstall Age of Chivalry.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4189884857-2222641693-3777458606-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\PS3 Media Server\jre\bin\java.exe
.
**************************************************************************
.
Completion time: 2014-07-17  22:25:17 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-18 03:25
.
Pre-Run: 43,309,703,168 bytes free
Post-Run: 44,484,878,336 bytes free
.
- - End Of File - - 38B5794E3E3508DC01E05E4F7CF56D61
A36C5E4F47E84449FF07ED3517B43A31
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 18 July 2014 - 08:24 AM

How is the computer running now?

#9 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 19 July 2014 - 01:17 AM

It is running pretty much normal the only issues I have is my laptop constantly will cycle between connecting to my router, then dropping it over and over.  Nothing short of resetting the router itself will fix the issue.

 

Andrew


Edited by Andrew456, 19 July 2014 - 04:39 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 19 July 2014 - 07:33 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is it now?

#11 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 23 July 2014 - 01:00 AM

I am sorry it has taken me a while to respond, I have had a couple medical adventures.  Anyways I have run the commands, and sometimes I still have issues with connecting to the router.  When it does work though, it takes a long while to connect.  Not really a complaint, more of an observation just in case it is a symptom of something.

 

Thanks,

 

 

Andrew



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 23 July 2014 - 09:05 AM

Power down the Router, modem and computer.
Wait one minute and restart them all.

If the disconnect problem continues check with Internet Provider it may just be that you have some wrong settings.

#13 Andrew456

Andrew456
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 25 July 2014 - 05:28 PM

Again I do apologize for my absence.  Yes I am still having issues.  I will check out the router, and see what Comcast says.  I do appreciate your help.  As well my computer is running smoothly. 

 

Andrew



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 PM

Posted 31 July 2014 - 10:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users